Malicious code could have been used to compromise an account, forward messages to an external account, or even spread a Yahoo Mail-infecting virus.
Read more in my article on the We Live Security blog.
Published December 9, 2016 12:35 pm in Guest blog, Malware, Vulnerability, Yahoo 0
Malicious code could have been used to compromise an account, forward messages to an external account, or even spread a Yahoo Mail-infecting virus.
Read more in my article on the We Live Security blog.
Published January 18, 2016 8:27 pm in Phishing, Vulnerability 0
Despite having ample opportunity to resolve the issues, ASDA has failed to do so.
Watch Paul Moore’s video to learn more.
Published January 13, 2016 3:29 pm in Guest blog, Phishing, Vulnerability 0
The recently discovered XSS flaw on eBay’s website could have put users’ accounts at risk. And sadly, it’s not an uncommon problem.
Read more in my article on the Bitdefender Business Insights blog.
Published November 23, 2015 3:24 pm in Guest blog, LinkedIn, Malware, Vulnerability 0
Within three hours of being reported, a serious cross-site scripting (XSS) vulnerability on LinkedIn’s website has been fixed by its security team.
Read more in my article on the Hot for Security blog.
Published September 22, 2015 7:45 pm in Phishing, Privacy, Vulnerability 4
Starbucks has patched three critical security vulnerabilities on its website, but it still hasn’t respond to the security researcher who first found the bugs.
David Bisson reports.
Published August 27, 2015 8:25 am in Guest blog, Phishing, Vulnerability 0
A cross-site scripting (XSS) flaw on PayPal’s website could have been used by hackers to phish for your login credentials, and even steal your unencrypted card details.
Read more in my article on the Lumension State of Security blog.
Published August 13, 2015 1:21 pm in Guest blog, Phishing, Vulnerability 0
Hackers could have phished usernames and passwords from customers, while they were on the Salesforce website.
Read more in my article on the Tripwire State of Security blog.
Published August 4, 2015 1:35 pm in Vulnerability 1
Yet more cross-site scripting security holes found in WordPress. Users advised to update their websites “immediately.”
Published July 23, 2015 12:47 pm in Vulnerability 4
Do you, or your business, run a self-hosted WordPress site?
If so, it’s time to ensure that you are updating to the latest version.
Published May 26, 2015 6:02 pm in Malware, Phishing, Vulnerability, Web Browsers 3
Security researcher Scott Helme describes how you can better secure your website from cross-site scripting attacks, ad injectors and malvertising.
Published May 7, 2015 12:05 pm in Guest blog, Vulnerability 0
Many WordPress sites are at risk of hijack, after cross-site scripting vulnerability uncovered.
Read more in my article on the Tripwire State of Security blog.
Published April 28, 2015 12:51 am in Vulnerability 8
Researcher complains that WordPress has been ignoring his vulnerability reports, as details of zero-day comments XSS flaw are made public and then patched.
Published April 21, 2015 5:03 pm in Guest blog, Vulnerability 0
Popular WordPress plugins such as JetPack and WordPress SEO by Yoast need to be updated after a cross-site scripting flaw was found in their code. And they’re not the only ones…
Read more on the Optimal Security blog.
Published March 31, 2015 2:31 pm in Guest blog, Malware, Phishing, Vulnerability 0
Cross-site scripting (XSS) flaws are amongst the most commonly encountered security flaws found on websites, opening up opportunities for malicious hackers to hijack customer accounts, change users’ settings and phish login credentials.
So how come websites keep falling foul of them?
Read more in my article on the Optimal Security blog.
Published December 10, 2014 6:51 pm in Guest blog, Vulnerability 0
XSS vulnerabilities are nothing new, but continue to be a big problem even for some websites that you would expect to be better protected.
Read more in my article on the Tripwire State of Security blog.
Published October 23, 2014 10:49 am in Guest blog, Vulnerability 0
Online WYSIWYG editors allowing rich content could be making it easier for attackers to launch cross-site scripting (XSS) attacks.
Read more in my article on the Tripwire State of Security blog.