July 29, 2024 at 10:50AM Recent security research by Salt Security’s Salt Labs revealed critical API security flaws in both Hotjar and Business Insider, exposing millions of users to potential account takeover. The flaws involve manipulating the OAuth standard with cross-site scripting, potentially enabling attackers to access sensitive data. The researchers warn that similar vulnerabilities … Read more
July 29, 2024 at 08:18AM Salt Labs, the research arm of API security firm Salt Security, has uncovered a cross-site scripting (XSS) attack affecting numerous websites, including major companies like HotJar and Business Insider. The attack exploits OAuth implementation, potentially leading to complete account takeovers. Salt Labs released its findings and a free scanner to … Read more
May 30, 2024 at 11:16AM Fastly warns of ongoing exploitation of vulnerabilities in three WordPress plugins, enabling the injection of malicious scripts and backdoors. These flaws permit unauthenticated stored cross-site scripting attacks, creation of new administrator accounts, and stealing of credentials. Impacting over 600,000 installations, the campaign is emanating from IPs linked to AS IP … Read more
February 8, 2024 at 11:08PM Singapore-based cyber security firm Group-IB uncovered a group, dubbed “ResumeLooters,” operating across Asia, stealing sensitive data using SQL injection and XSS attacks. The victims were mainly job search websites and e-commerce companies in Asia, with evidence showing the attacks beginning as early as January 2023. The attackers attempted to gain … Read more
February 6, 2024 at 10:11AM The ‘ResumeLooters’ threat group has compromised 65 job listing and retail sites using SQL injection and XSS attacks, stealing personal data from over two million job seekers primarily in the APAC region. They employ various tools for penetration testing, such as SQLmap and Acunetix, to exploit security weaknesses and inject … Read more
November 6, 2023 at 04:59PM Veeam has released hotfixes to address four vulnerabilities in its Veeam ONE IT infrastructure monitoring and analytics platform. Two of the vulnerabilities are critical and allow attackers to gain remote code execution and steal NTLM hashes. The remaining two are medium-severity bugs. The company has provided hotfixes for actively supported … Read more