XSS – Page 2 – Computer Security Articles

The scammers who scam scammers on cybercrime forums: Part 1

December 7, 2022 admin aaas, breachforums, exploit, Featured, marketplaces, RaidForums, scams, sophos x-ops, threat research, XSS

Credit to Author: Matt Wixey| Date: Wed, 07 Dec 2022 17:00:36 +0000

A shadowy sub-economy is more than just a curiosity – it’s booming business, and also an opportunity for defenders. In the first of a four-part series, we look at the forums involved, and how they deal with scammers scamming scammers

MalwareBytes Security

Serious vulnerabilities found in ITarian software, patches available for SaaS products

June 13, 2022 admin cve-2022-25151, cve-2022-25152, cve-2022-25153, divd, Exploits and vulnerabilities, itarian, MSP, SaaS, XSS

Credit to Author: Pieter Arntz| Date: Mon, 13 Jun 2022 12:25:19 +0000

Researchers at DIVD found vulnerabilities in ITarian products and worked with the vendor to develop patches. These patches are now available.

The post Serious vulnerabilities found in ITarian software, patches available for SaaS products appeared first on Malwarebytes Labs.

MalwareBytes Security

Gmail-linked Facebook accounts vulnerable to attack using a chain of bugs—now fixed

May 17, 2022 admin CAPTCHA, csrf, Exploits and vulnerabilities, Facebook, Gmail, iframe, linked accounts, myopenid, OAuth, sandbox, sop, unlink, XSS, youssef sammouda

Credit to Author: Pieter Arntz| Date: Tue, 17 May 2022 19:37:25 +0000

A researcher has combined a chain of bugs into an attack method that makes it possible to take over Facebook accounts linked to Gmail.

The post Gmail-linked Facebook accounts vulnerable to attack using a chain of bugs—now fixed appeared first on Malwarebytes Labs.

MalwareBytes Security

Threat actor steals email with Zimbra zero-day

February 4, 2022 admin emailthief, Exploits and vulnerabilities, temp_heretic, XSS, Zero-Day

Credit to Author: Pieter Arntz| Date: Fri, 04 Feb 2022 16:07:15 +0000

Researchers have uncovered a targeted phishing campaign exploiting a XSS zero-day vulnerability in the Zimbra email platform.

Categories: Exploits and vulnerabilities

Tags: EmailThief TEMP_Heretic xss zero-day

(Read more…)

The post Threat actor steals email with Zimbra zero-day appeared first on Malwarebytes Labs.

MalwareBytes Security

How to harden AdwCleaner’s web backend using PHP

December 6, 2017 admin AdwCleaner, cybersecurity, header, http, php, Security world, Technology, website, XSS

Credit to Author: Jérôme Boursier| Date: Wed, 06 Dec 2017 16:00:28 +0000

More and more applications are moving from desktop to the web, where they are particularly exposed to security risks. They are often tied to a database backend, and thus need to be properly secured, even though most of the time they are designed to restrict access to authenticated users only. PHP is used to develop…

Categories:

Tags: AdwCleaner cybersecurity header http php website xss

(Read more…)

The post How to harden AdwCleaner’s web backend using PHP appeared first on Malwarebytes Labs.

Independent Securiteam

SSD Advisory – Webmin Multiple Vulnerabilities

October 15, 2017 admin Remote Command Execution, SecuriTeam Secure Disclosure, XSS

Credit to Author: SSD / Maor Schwartz| Date: Sun, 15 Oct 2017 06:54:31 +0000

Vulnerability summary The following advisory describes three (3) vulnerabilities found in Webmin version 1.850 Webmin “is a web-based interface for system administration for Unix. Using any modern web browser, you can setup user accounts, Apache, DNS, file sharing and much more. Webmin removes the need to manually edit Unix configuration files like /etc/passwd, and lets … Continue reading SSD Advisory – Webmin Multiple Vulnerabilities