Please turn on your JavaScript for this page to function normally.
ResumeLooters
ResumeLooters target job search sites in extensive data heist

Group-IB identified a large-scale malicious campaign primarily targeting job search and retail websites of companies in the Asia-Pacific region. The group, dubbed …

application
Increasing security for single page applications (SPAs)

Single page applications (SPAs) have become the most popular way to create websites that feel faster for the end-user without hitting the server every time a user interacts …

Cisco
Cisco security devices targeted with CVE-2020-3580 PoC exploit

Attackers and bug hunters are leveraging an exploit for CVE-2020-3580 to compromise vulnerable security devices running Cisco ASA or FTD software. Active attacks apparently …

Hand
Why XSS is still an XXL issue in 2021

Cross-site scripting (XSS) attacks take advantage of coding flaws in the way websites or web applications generate input from users. Despite their longstanding reputation as a …

lock
Mobile providers exposing sensitive data to leakage and theft

Data exposure is a significant, unaddressed problem for Europe’s top mobile providers and, by extension, more than 253 million customers who sign up for their services and …

Tackling cross-site request forgery (CSRF) on company websites

Everyone with half a mind for security will tell you not to click on links in emails, but few people can explain exactly why you shouldn’t do that (they will usually offer a …

attacks
Surging CMS attacks keep SQL injections on the radar during the next normal

Every year, millions of websites across the world fall victim to malware attacks that are designed to gain access to the site’s backend without the administrator’s knowledge …

lock
Most global brands fail to implement security controls to prevent data leakage and theft

The global pandemic has seen the web take center stage. Banking, retail and other industries have seen large spikes in web traffic, and this trend is expected to become …

Drupal
Drupal fixes three vulnerabilities, including one RCE

Drupal’s security team has fixed three vulnerabilities in the popular content management system’s core, one of which (CVE-2020-13663) could be exploited to achieve …

open source
How secure are open source libraries?

Seven in 10 applications have a security flaw in an open source library, highlighting how use of open source can introduce flaws, increase risk, and add to security debt, a …

WordPress
Nearly a million WordPress sites targeted in extensive attacks

A threat actor is actively trying to insert a backdoor into and compromise WordPress-based sites to redirect visitors to malvertising. “While our records show that this …

Client-side web security

To address attacks such as XSS, Magecart and other card skimming exploits found in modern eCommerce environments, the use of client-side web security methods is beginning to …

Don't miss

Cybersecurity news