Cross-Site Request Forgery Cross-Site Request Forgery (CSRF) is an attack targeting vulnerabilities in computer security, posing significant risks to user information and accounts. It manipulates the web browser to perform unwanted actions within an application, harming the user logged into the system. A successful attack can lead to unauthorized money transfers, data theft, password changes,… Continue reading CSRF (Cross-Site Request Forgery) vs XSS
Tag: XSS
New GrimResource Attack Technique Targets MMC, DLL Flaw
A new malicious code execution technique, coined GrimResource, was discovered, targeting Microsoft Management Console. Attackers are exploiting an old cross-site scripting vulnerability that allows them to bypass defenses and deploy malware to endpoints. Attack Technique Exploits Microsoft Management Console Files On June 6, 2024, Elastic reported about discovering a new attack technique that uses Microsoft… Continue reading New GrimResource Attack Technique Targets MMC, DLL Flaw
Sierra AirLink Vulnerabilities Expose Critical Infrastructure
The grand total of 21 security flaws was discovered in Sierra Wireless AirLink routers firmware. The vulnerabilities allow for remote code injection, unauthenticated access, DoS attacks, and else. As such network devices are commonly used in industrial manufacturing and applications the like, the impact of such attacks may be rather serious. Sierra AirLink Routers Have… Continue reading Sierra AirLink Vulnerabilities Expose Critical Infrastructure
Web Application Firewall: Difference Blocklist and Allowlist WAFs
You may have come across a Web Application Firewall (WAF) concept but have yet to give it much thought. However, it is essential to understand what a WAF is to decide if it is right for you. Now we will take a closer look at web application firewalls and give you a definition, explain their… Continue reading Web Application Firewall: Difference Blocklist and Allowlist WAFs
Hackers Stole over $2.5 million from Hackers
In the past 12 months hackers have scammed more than $2.5 million from other cybercriminals on three separate hack forums alone (Exploit, XSS and BreachForums), according to Sophos researchers. You might also be interested in reading All About Hacker Motivation: Why Do Hackers Hack? Experts spoke about the results of studying darknet forums during a… Continue reading Hackers Stole over $2.5 million from Hackers
About 30% of critical vulnerabilities in WordPress plugins remain unpatched
Patchstack analysts have released a report on security and critical vulnerabilities in WordPress in 2021. Unfortunately, the picture turned out to be depressing, for example, it turned out that 29% of critical errors in WordPress plugins did not receive patches at all. In addition, the number of reported vulnerabilities has increased by 150% over the… Continue reading About 30% of critical vulnerabilities in WordPress plugins remain unpatched
Hacker XSS Forum Banned Ransomware Ads
The administration of the popular hacker forum XSS (formerly DaMaGeLab) has banned advertising and sale of any ransomware on its pages. Groups like REvil, LockBit, DarkSide, Netwalker, Nefilim, and so on have often used the forum to advertise new customer acquisition. As a result, ransomware affiliate programs, renting such malware and selling lockers are now… Continue reading Hacker XSS Forum Banned Ransomware Ads
Netherlands police posted warnings on hacker forums
The Netherlands police posted warnings on popular Russian and English hacker forums (RaidForums and XSS), stating that “the deployment of criminal infrastructure in the Netherlands is hopeless.” The messages were published after the successful operation of Operation Ladybird, during which law enforcement agencies from several countries jointly eliminated one of the largest current botnets, Emotet.… Continue reading Netherlands police posted warnings on hacker forums