The Tor browser has a bug that could allow JavaScript to execute on websites even when users think they’ve disabled it for maximum anonymity. This post appeared first on Naked…
Browsing CategoryJavaScript
XSS plugin vulnerabilities plague WordPress users
Thousands of active WordPress plugins have been hit with a swathe of XSS vulnerabilities that could give attackers complete control of the site. This post appeared first on Naked Security…
Leading Magecart Group Targeting Captive Wi-Fi Users via L7 Routers
Threat hunters from IBM X-Force Incident Response and Intelligence Services (IRIS) identified malicious activity attributed to a financially motivated cybercrime faction known as Magecart 5 (MG5). Our research revealed that…
Latest Trickbot Campaign Delivered via Highly Obfuscated JS File
by Noel Anthony Llimos and Michael Jhon Ofiaza (Threats Analysts) We have been tracking Trickbot banking trojan activity and recently discovered a variant of the malware (detected by Trend Micro…
Social engineering forum hacked, user data dumped on rival site
Social Engineered, dedicated to the “Art of Human Hacking,” was gutted, with 55,121 users’ details leaked on the same day as the hack. This post appeared first on Naked Security…
CSS tracking trick can monitor your mouse without JavaScript
A security researcher has demonstrated a new way to track mouse movements even if users block JavaScript. This post appeared first on Naked Security Blog by Sophos Author: John E…
Analysis: Abuse of Custom Actions in Windows Installer MSI to Run Malicious JavaScript, VBScript, and PowerShell Scripts
by Llallum Victoria (Threats Analyst) Windows Installer uses Microsoft Software Installation (MSI) package files to install programs. Every package file has a relational-type database that contains instructions and data required…
Desktop, Mobile Phishing Campaign Targets South Korean Websites, Steals Credentials Via Watering Hole
By Joseph Chen We discovered a phishing campaign that has compromised at least four South Korean websites – including a business page ranked as one of the most visited sites…
Brave browser explains Facebook whitelist to concerned users
Brave is playing down fears after the revelation of what looked like a whitelist in its code allowing it to communicate with Facebook. This post appeared first on Naked Security…
Serious Security: How to stop dodgy HTTP headers clogging your website
It’s been dubbed ReDos, for Regular Expression Denial of Service – where a few rogue HTTP requests could clog your whole site. This post appeared first on Naked Security Blog…