Yahoo Sites Impacted by XSS Flaw in Comments Section

Cyber Security News, Information, Tips and Hacks

Yahoo has addressed a cross-site scripting (XSS) flaw that, prior to May 2, existed in the commenting platforms utilized by most of its services, including travel, food, tech, security, news, TV, music, shopping and weather.

An XSS flaw existing in the comments section of most Yahoo sites was fixed in early May. An XSS flaw existing in the comments section of most Yahoo sites was fixed in early May.

The vulnerability – which could enable information theft by simply posting a piece of code into the comments sections of the aforementioned Yahoo websites – was discovered by Behrouz Sadeghipour, an independent researcher known for hunting down bugs in popular services.

“An attacker could inject a malicious script, which could be used to obtain session tokens, cookies and other sensitive information stored in the users’ browser that is associated with Yahoo,” Satnam Narang, a Symantec researcher familiar with XSS flaws, told on Monday.

In a Friday post containing proof-of-concept videos, Sadeghipour is shown posting a…

Voir l’article original 192 mots de plus

Historic Global Cybercrime Take Down – BlackShades

Cyber Security News, Information, Tips and Hacks

An FBI-led investigation involving law enforcement agencies in 17 countries has led to one of the biggest cyber crime busts in recent history.

On Monday, officials charged nearly 100 individuals around the world, who were arrested over the weekend for using or distributing the malicious remote administration tool (RAT) dubbed “BlackShades.”

Lauri Love, a 28-year-old UK man, was arrested at his home Friday. Lauri Love, a 28-year-old UK man, was arrested at his home Friday.

The malware could give an attacker nearly complete control over a compromised machine, including the ability to siphon sensitive data, take screenshots, record video, and meddle with messaging applications and social networks, according toresearchers at Symantec.

The FBI detailed its investigation in criminal complaints filed Monday in Manhattan federal court against five individuals. Cooperation between the European Union’s Judicial Cooperation Unit (EUROJUST) in The Hauge and the European Cybercrime Centre (EC3) at Europol led to a two-day operation involving 359 home raids carried…

Voir l’article original 626 mots de plus

The Ideal Partner for Business Continuity Consultancy

Intrusion Detection System | Real-Time Adaptive Security

Today, websites have come to play a greater role in the success of brands. They are no longer a tool to reach out to a larger audience or popularize the services; websites have become the face of the brands. In most cases, the websites are the first contact point with customers and thus it is important that you keep them secured. Lack of Web Security can hamper critical business relationships and thus most companies now take security very seriously.


Get comprehensive web security from the leader

With advancement in technology, the nature of security threats has changed form. Other than infecting sites with malware to spread them further, the hackers steal customer information like names and email addresses for malicious practices. Stealing credit card information is also very common. Hackers also try to hijack sites and crash them. When implementing web security, a company has to keep in mind…

Voir l’article original 123 mots de plus