ResumeLooters target job search sites in extensive data heist
Group-IB identified a large-scale malicious campaign primarily targeting job search and retail websites of companies in the Asia-Pacific region. The group, dubbed …
Increasing security for single page applications (SPAs)
Single page applications (SPAs) have become the most popular way to create websites that feel faster for the end-user without hitting the server every time a user interacts …
Cisco security devices targeted with CVE-2020-3580 PoC exploit
Attackers and bug hunters are leveraging an exploit for CVE-2020-3580 to compromise vulnerable security devices running Cisco ASA or FTD software. Active attacks apparently …
Why XSS is still an XXL issue in 2021
Cross-site scripting (XSS) attacks take advantage of coding flaws in the way websites or web applications generate input from users. Despite their longstanding reputation as a …
Mobile providers exposing sensitive data to leakage and theft
Data exposure is a significant, unaddressed problem for Europe’s top mobile providers and, by extension, more than 253 million customers who sign up for their services and …
Tackling cross-site request forgery (CSRF) on company websites
Everyone with half a mind for security will tell you not to click on links in emails, but few people can explain exactly why you shouldn’t do that (they will usually offer a …
Surging CMS attacks keep SQL injections on the radar during the next normal
Every year, millions of websites across the world fall victim to malware attacks that are designed to gain access to the site’s backend without the administrator’s knowledge …
Most global brands fail to implement security controls to prevent data leakage and theft
The global pandemic has seen the web take center stage. Banking, retail and other industries have seen large spikes in web traffic, and this trend is expected to become …
Drupal fixes three vulnerabilities, including one RCE
Drupal’s security team has fixed three vulnerabilities in the popular content management system’s core, one of which (CVE-2020-13663) could be exploited to achieve …
How secure are open source libraries?
Seven in 10 applications have a security flaw in an open source library, highlighting how use of open source can introduce flaws, increase risk, and add to security debt, a …
Nearly a million WordPress sites targeted in extensive attacks
A threat actor is actively trying to insert a backdoor into and compromise WordPress-based sites to redirect visitors to malvertising. “While our records show that this …
Client-side web security
To address attacks such as XSS, Magecart and other card skimming exploits found in modern eCommerce environments, the use of client-side web security methods is beginning to …