Cross-site Request Forgery

Pierluigi Paganini November 14, 2018
Facebook flaw could have exposed private info of users and their friends

Security experts from Imperva reported a new Facebook flaw that could have exposed private info of users and their friends A new security vulnerability has been reported in Facebook, the flaw could have been exploited by attackers to obtain certain personal information about users and their network of contacts. The recently discovered issue raises once again […]

Pierluigi Paganini April 14, 2017
Hundreds of thousands Magento e-shops are exploited to hack due to an unpatched flaw

An unpatched vulnerability in Magento platform could be exploited by hackers to compromise fully web servers that host the e-commerce sites. An unpatched vulnerability in the Magento e-commerce platform could be exploited by attackers to upload and execute malicious PHP scripts on web servers that host online shops. The vulnerability was reported by experts at […]

Pierluigi Paganini March 11, 2016
0-day critical flaws in mobile modems allow hackers to take over your PC

The Russian security tester Timur Yunusov has discovered critical flaw affecting routers and 3G and 4G mobile modems from Huawei, ZTE, Gemtek, and Quanta. The Russian security tester Timur Yunusov has discovered critical vulnerabilities affecting routers and 3G and 4G mobile modems from Huawei, ZTE, Gemtek, and Quanta. The security holes could be exploited by remote attackers […]

Pierluigi Paganini January 17, 2016
LastPass phishing attack could allow attackers to steal your passwords

At the recent ShmooCon conference a researcher presented a LastPass phishing attack that could allow hackers to steal your password. We discussed several times the importance of password managers such as LastPass, but sometimes hackers could exploit them to launch their attacks. The security researcher Sean Cassidy has presented on Saturday at the ShmooCon hacker conference […]

Pierluigi Paganini September 21, 2015
3 flaws in StarBucks websites open its users to attacks

The Egyptian security researcher Mohamed M. Fouad has spotted three critical vulnerabilities in the StarBucks website that open users to cyber attacks. If you are one of the millions StarBucks users don’t waste time and change your password as soon as possible. StarBucks users who have registered an account and linked their credit card to it […]

Pierluigi Paganini March 11, 2015
Reconnect tool for hacking Facebook is publicly available

The security expert Egor Homakov from Sakurity firm has released the Reconnect tool that allows hackers to hijack accounts on sites that use Facebook logins. The security expert Security Egor Homakov has developed a hacking tool dubbed Reconnect that exploit a flaw in Facebook to hijack accounts on sites that use Facebook logins. Homakov, with works for […]

Pierluigi Paganini February 19, 2015
Serious flaws allowed the deletion of any comment on Facebook

A young hacker disclosed the details of an attack that by exploiting a couple of flaws in Facebook allowed him to delete any comment on the social network. The 19-year-old hacker Joe Balhis has discovered the way to delete any comment on Facebook by leveraging a session validation flaw and a cross-site request forgery (CSRF) vulnerability. The expert highlighted that […]

Pierluigi Paganini January 21, 2015
Ubuntu patched several security vulnerabilities

Ubuntu has released several patches for security vulnerabilities in different versions of the OS, including some CSRF, DoS and remote code execution flaws. Ubuntu has patched several security vulnerabilities that affect different OSs, some of them are affecting Thunderbird client included in Ubuntu release and could be exploited to remotely run arbitrary code. Thunderbird is a popular Mozilla […]

Pierluigi Paganini December 08, 2014
93 percent of Government Chinese websites are vulnerable

A report issued by the China Software Testing Center revealed that 93 percent of Chinese websites are vulnerable to cyber attacks. Nearly 93 percent of 1,000 Chinese government websites under evaluation is affected by vulnerabilities and other security issues. The data is part of a study conducted by the China Software Testing Center under the Chinese […]

Pierluigi Paganini August 17, 2014
Critical flaw in Fiverr.com potentially exposes millions accounts

A CSRF (Cross-site request forgery) vulnerability affects the Fiverr.com website, millions users are potentially at risk. The Egyptian Information Security Evangelist, Mohamed Abdelbaset, reported to the colleagues of The Hacker News a serious CSRF (Cross-site request forgery) vulnerability on the popular Fiverr website. The Fiverr.com website is a marketplace where people offers their services for five dollars per […]