Facebook has plugged a cross-site request forgery (CSRF) vulnerability that could have allowed attackers to alter privacy settings and deface profiles on the behalf of unwitting users, according to a security advisory released Monday by network security firm Alert Logic. The "critical" bug could had been exploited by bypassing Facebook's anti-CSRF controls and tricking a logged-in user to click on a malicious link. The vulnerability, discovered by M.J. Keith, senior security analyst at Alert Logic, was reported to Facebook on May 11 and patched Monday. The flaw appears to never have been publicly known. — DK
Fifty percent more distributed denial-of-service attacks have been launched by threat actors during the first quarter of 2024 over the same period last year, with thwarted DDoS attacks increasing by 93% year-over-year, SiliconAngle reports.
Security Affairs reports that attacks with an updated iteration of the LightSpy iOS spyware using the "F_Warehouse" framework have been deployed against Southern Asian targets as part of a new cyberespionage campaign.
Operations of Russia's industrial sensor and monitoring infrastructure were claimed to have been disrupted by Ukrainian hacking operation Blackjack following a Fuxnet malware attack against Moscow-based underground infrastructure firm Moscollector, reports SecurityWeek.