Yahoo Sites Impacted by XSS Flaw in Comments Section

Cyber Security News, Information, Tips and Hacks

Yahoo has addressed a cross-site scripting (XSS) flaw that, prior to May 2, existed in the commenting platforms utilized by most of its services, including travel, food, tech, security, news, TV, music, shopping and weather.

An XSS flaw existing in the comments section of most Yahoo sites was fixed in early May. An XSS flaw existing in the comments section of most Yahoo sites was fixed in early May.

The vulnerability – which could enable information theft by simply posting a piece of code into the comments sections of the aforementioned Yahoo websites – was discovered by Behrouz Sadeghipour, an independent researcher known for hunting down bugs in popular services.

“An attacker could inject a malicious script, which could be used to obtain session tokens, cookies and other sensitive information stored in the users’ browser that is associated with Yahoo,” Satnam Narang, a Symantec researcher familiar with XSS flaws, told SCMagazine.com on Monday.

In a Friday post containing proof-of-concept videos, Sadeghipour is shown posting a…

View original post 192 mots de plus

Publicités

Historic Global Cybercrime Take Down – BlackShades

Cyber Security News, Information, Tips and Hacks

An FBI-led investigation involving law enforcement agencies in 17 countries has led to one of the biggest cyber crime busts in recent history.

On Monday, officials charged nearly 100 individuals around the world, who were arrested over the weekend for using or distributing the malicious remote administration tool (RAT) dubbed “BlackShades.”

Lauri Love, a 28-year-old UK man, was arrested at his home Friday. Lauri Love, a 28-year-old UK man, was arrested at his home Friday.

The malware could give an attacker nearly complete control over a compromised machine, including the ability to siphon sensitive data, take screenshots, record video, and meddle with messaging applications and social networks, according toresearchers at Symantec.

The FBI detailed its investigation in criminal complaints filed Monday in Manhattan federal court against five individuals. Cooperation between the European Union’s Judicial Cooperation Unit (EUROJUST) in The Hauge and the European Cybercrime Centre (EC3) at Europol led to a two-day operation involving 359 home raids carried…

View original post 626 mots de plus

The Ideal Partner for Business Continuity Consultancy

Intrusion Detection System | Real-Time Adaptive Security

Today, websites have come to play a greater role in the success of brands. They are no longer a tool to reach out to a larger audience or popularize the services; websites have become the face of the brands. In most cases, the websites are the first contact point with customers and thus it is important that you keep them secured. Lack of Web Security can hamper critical business relationships and thus most companies now take security very seriously.

                                                                   

Get comprehensive web security from the leader

With advancement in technology, the nature of security threats has changed form. Other than infecting sites with malware to spread them further, the hackers steal customer information like names and email addresses for malicious practices. Stealing credit card information is also very common. Hackers also try to hijack sites and crash them. When implementing web security, a company has to keep in mind…

View original post 123 mots de plus

Web Security: Beginning the Battle.

Security Perspective

Welcome to Web Security Series. In this section we would see different aspects of Web Security ranging from what are common web security loopholes, how they are exploited and and how they should be prevented.

This series standouts from the others of this kind cause it is being written by a Web Developer turned to be a Security Analyst. Based on my experiences of how developers code, how architecture prevents security threats from causing harm to what discouraged web implementations are still deployed on live sites and how they can be exploited to gain what we are looking at from the web application/website.

Along with the way how website/web applications are being exploited we will also talk about what preventive and/or corrective measures can be deployed to mitigate risks and tighten your web app’s security.

Stay Tuned. Viva la Security!!

PS: All articles on this site are for educational purpose…

View original post 22 mots de plus