Cross-site scripting
Romania’s election systems targeted in over 85,000 cyberattacks
A declassified report from Romania’s Intelligence Service says that the country’s election infrastructure was targeted by more than 85,000 cyberattacks. Threat actors also obtained access credentials for election-related websites and leaked them on a Russian hacker forum less than a week before the first presidential election round. Attacks originating from 33 countries The Romanian Intelligence […]
Hackers exploit Roundcube webmail flaw to steal email, credentials
Threat actors have been exploiting a vulnerability in the Roundcube Webmail client to target government organizations in the Commonwealth of Independent States (CIS) region, the successor of the former Soviet Union. An attack was discovered by Russian cybersecurity company Positive Technologies in September, but the researchers determined that the threat actor activity had started in […]
Palo Alto Networks warns of firewall hijack bugs with public exploit
Palo Alto Networks warned customers today to patch security vulnerabilities (with public exploit code) that can be chained to let attackers hijack PAN-OS firewalls. The flaws were found in Palo Alto Networks’ Expedition solution, which helps migrate configurations from other Checkpoint, Cisco, or supported vendors. They can be exploited to access sensitive data, such as […]
CISA urges software devs to weed out XSS vulnerabilities
CISA and the FBI urged technology manufacturing companies to review their software and ensure that future releases are free of cross-site scripting vulnerabilities before shipping. The two federal agencies said that XSS vulnerabilities still plague software released today, creating further exploitation opportunities for threat actors even though they’re preventable and should not be present in […]
1 million HotJar users vulnerable to XSS attacks
By combining OAuth features with an age-old cross-site scripting (XSS) vulnerability, Salt Labs researchers were able to take over any account in HotJar and Business Insider online services. Because HotJar serves more than 1 million websites, including, Adobe, Microsoft, T-Mobile, and Nintendo, security pros considered the issue serious, even though many protections were layered into […]