The Cross-site Scripting (XSS) Vulnerability: Definition and Prevention

The Cross-site Scripting (XSS) Vulnerability: Definition and Prevention

The Cross-Site Scripting vulnerability is one of the few vulnerabilities that has made it in every OWASP Top 10 list of most critical web application security risks released. To understand the Cross-site ...
Transforming Self-XSS Into Exploitable XSS

Transforming Self-XSS Into Exploitable XSS

Security researcher Brian Hyde was accepted into Synack Red Teams private bug bounty platform and discovered a Reflected XSS vulnerability in one of their programs. The difficulties he faced in exploiting this ...
Fortnite Attack Allowed Taking Over Player Accounts

Fortnite Attack Allowed Taking Over Player Accounts

Security researchers have found several vulnerabilities in the online game Fortnite that could have allowed hackers to break into player accounts, access their personal information, buy in-game currency with the linked credit ...
Security Boulevard
SSD Advisory – SME Server Unauthenticated XSS To Privileged Remote Code Execution

SSD Advisory – SME Server Unauthenticated XSS To Privileged Remote Code Execution

Vulnerabilities Summary The following advisory describes a vulnerability in SME Server 9.2, which lets an unauthenticated attackers perform XSS attack that leads to remote code execution as root. SME Server is a ...
Criminals Use Jackpotting Attack

WordPress 5.0 Gets Security Patch a Week After Release

Only a week has passed since the release of WordPress 5.0—a new major version codenamed “Bebo”—and the WordPress team has already pushed out a security update for it. WordPress 5.0.1, released Dec ...
Security Boulevard
third-party code

Magecart Injects Skimmer Code in Customer Rating Widget

The groups of attackers who specialize in injecting payment card skimmer code called Magecart into online shops managed to compromise a third-party customer rating plugin called Shopper Approved that’s used by thousands ...
Security Boulevard
Bug bounty payouts double in 2018; India reports the most bugs while U.S. wins highest payouts

Bug bounty payouts double in 2018; India reports the most bugs while U.S. wins highest payouts

Some of the biggest players in various industries have turned to the crowdsourced security model – white hat-driven bug bounty programs – in a race to identify emerging vulnerabilities before the black ...
fileless malware

Hackers Infect Magento Shops With Malware Through Extension Flaw

Attackers are breaking into online shops built with Magento by exploiting a known cross-site scripting vulnerability within a popular extension used by merchants for customer support. A successful compromise results in malware ...
Security Boulevard
MSSP

Oracle Patches Critical Vulnerabilities in PeopleSoft Applications

Oracle has released out-of-band security patches for a component used by multiple ERP applications from its PeopleSoft suite. The updates fix five vulnerabilities, including two critical ones that can be exploited to ...
open source

Not All Macs Get Firmware Security Fixes, Researchers Find

An investigation by researchers from Duo Security revealed that Apple does not consistently release security patches for known vulnerabilities in the low-level firmware code of its Mac computers. When it does, the patches ...