Get up-to-the-minute news and opinions, plus access to a wide assortment of IT security resources that will keep you current and informed.

Keep me logged in Forgot your password?

Please wait...

Please wait...

 Cross-Site Scripting

Major software flaws in iPhones, iPads fixed in update

May 07, 2012

A difficult-to-find vulnerability, disclosed in March at Google's inaugural hacker competition, was among the iOS fixes.
 

Google to offer up to 20K prize for bug finds

April 25, 2012

Google has significantly increased its finder's fee for vulnerability researchers.
 

IBM X-Force reports that mobile threats are increasing

March 22, 2012

While progress against security threats has been made, attackers are targeting new vulnerabilities, such as those found in mobile devices, according to the annual IBM X-Force study.
 

Adobe patches Flash because of ongoing attacks

February 15, 2012

A cross-site scripting vulnerability being exploited in the wild has prompted Adobe to issue an update to its Flash Player, a move that may catch security pros off guard.
 

Facebook identifies porn spam perpetrators

November 18, 2011

The social media giant is "pursuing the appropriate action" against those behind a wave of pornographic content that showed up on users' news feeds this week.
 

Flash to get update for zero-day bug

September 21, 2011

Adobe is rushing a fix for a Flash Player vulnerability that is being actively exploited to launch cross-site scripting attacks.
 

Gmail users targeted by Adobe Flash exploit

June 06, 2011

Hackers are actively exploiting a cross-site scripting vulnerability in Adobe's Flash Player, the company revealed Sunday.
 

New report finds most applications don't pass security tests

April 20, 2011

A new report from Veracode paints a grim picture of the security built into application software.
 

McAfee working to fix XSS, information disclosure flaws

March 29, 2011

McAfee's website suffers from a number of vulnerabilities, which could allow cross-site scripting (XSS) attacks and information disclosure, researchers warned this week.
 

WordPress update addresses vulnerabilities

February 08, 2011

Popular blogging platform WordPress on Monday released version 3.0.5 to patch a number of vulnerabilities that could allow a contributor- or author-level user to execute cross-site scripting attacks or siphon sensitive information. The company stated that the update also improves security of plug-ins "which were not properly leveraging our security API." US-CERT recommends that WordPress users install the update. - GM
 

Microsoft releases advisory for Windows scripting bug

January 28, 2011

Microsoft on Friday warned of a new Windows scripting vulnerability that could result in information disclosure.
 

WordPress to users: Put down the eggnog and patch

December 30, 2010

WordPress is urging customers to install the latest version of its popular blogging software to close a "core security bug" that could be exploited to launch cross-site scripting attacks against vulnerable installations. Version 3.0.4 fixes the "critical" issue, present in the HTML sanitation library, and is available for download. "I realize an update during the holidays is no fun, but this one is worth putting down the eggnog for," Matt Mullenweg, WordPress creator, wrote in a blog post on Wednesday. "In the spirit of the holidays, consider helping your friends as well. - DK
 

Software assurance has reached a crisis point

November 15, 2010

Much of the software that the U.S. government is running can be successfully exploited, said Dan Shoemaker, professor at the University of Detroit Mercy, at SC World Congress last week.
 

Google extends bug bounties to YouTube, other sites

November 01, 2010

Google on Monday announced plans to extend its existing Chrome browser bounty program to cover some of its other properties, such as YouTube, Blogger and Orkut.
 

Websites suffer from 13 security flaws on average

September 24, 2010

The average website contains nearly 13 "serious" vulnerabilities, according to a report released this week by White Hat Security, a website risk management solutions provider. The report, which was compiled using data from more than 2,000 websites across 350 organizations, found that cross-site scripting and information leakage flaws were most prevalent, and websites belonging to large organizations - those with more than 2,500 employees - had the highest average number of serious flaws. In terms of industry, banking organizations had the least amount of vulnerabilities on average, followed by insurance and health care firms. — AM
 

Automated web attacks: Interview with Amichai Shulman, co-founder and CTO of Imperva

September 16, 2010

In a conversation with SC Magazine Deputy Editor Dan Kaplan, Amichai Shulman, co-founder and CTO of Imperva, introduces a new research initiative underway and addresses the automated methods now used by attackers to compromise legitimate websites.
 

Twitter fixes XSS flaw after being exploited

September 08, 2010

Cybercriminals this week took advantage of a cross-site scripting vulnerability on Twitter that since has been fixed, according to security researchers
 

Symantec secures its vulnerable "Hack is Wack" site

September 07, 2010

Security giant Symantec said it has secured its "Hack is Wack" contest website after researchers discovered it was riddled with vulnerabilities.
 

YouTube, iTunes hit in holiday attacks

July 06, 2010

Cybercriminals were out in full force over the Independence Day weekend, launching attacks on some of the world's most popular online destinations: YouTube and iTunes.
 

Researcher demonstrates Twitter XSS vulnerability

June 24, 2010

A Twitter user has demonstrated a cross-site scripting (XSS) vulnerability on the microblogging platform that could allow an attacker to take over users' accounts or spread malware.
 

Injection tops list of web application security risks

April 19, 2010

Injection flaws and cross-site scripting are the two most critical web application security flaws, according to the newly updated version of the OWASP Top 10.
 

Apache.org hit by targeted XSS attack

April 13, 2010

The Apache Software Foundation is advising users to change their passwords after hackers launched a successful attack against its infrastructure.
 

Google patches XSS hole in its Buzz social media platform

February 17, 2010

Google on Tuesday fixed a cross-site scripting (XSS) vulnerability in the "Google Buzz for mobile" website that could have allowed an attacker to hijack user's accounts.
 

Researcher demonstrates Pentagon XSS vulnerability

December 08, 2009

A cross-site scripting vulnerability affecting the Pentagon website is not a major security threat -- but it could turn into one, said a researcher who examined the bug.
 

Researcher finds "frighteningly bad" Adobe Flash flaw

November 13, 2009

A new point of entry has been discovered in Adobe Flash that allows attackers to infect any website which permits visitors to upload content, a researcher claims.
 

Study finds 64 percent of websites contain serious flaws

November 12, 2009

Web application vulnerabilities remains the primary avenue of attack for cybercriminals, according to a new report.
 

Reddit succumbs then cleans up from XSS attack

September 28, 2009

Reddit is the latest Web 2.0 site to be slowed by a cross-site scripting attack.
 

Twitter XSS vulnerability not yet fixed

August 26, 2009

Because of the bug, an attacker could potentially capture account credentials, redirect a user to any site, alter a user's tweets or followers, or send messages from a compromised account.
 

Adobe ColdFusion, JRun updated for critical issues

August 17, 2009

Vulnerabilities that affect Adobe's ColdFusion 8.0.1 (and earlier versions) and JRun 4.0 could result in user accounts or an affected system being compromised.
 
Popular Topics
4G-war Advanced Persistent Threat Adware AMTSO Anonymous Botnets Cyber Attacks Cyber Crime Data Breach Data Breaches Encryption Hackers Hacktivism Health Care IT Security Java Malware Mobile Devices Phishing Risk Management Social Security Numbers Stolen Information Survey Trojans Vulnerabilities & Flaws