Tag: IFTTT
-
Stealing Facebook access_tokens using CSRF in device login flow via /r/netsec
Stealing Facebook access_tokens using CSRF in device login flow http://ift.tt/29R7x31 Submitted July 19, 2016 at 02:44PM by josipfranjkovic via reddit http://ift.tt/2a8RCtA
-
Client-Side Redis Attack PoC via /r/netsec
Client-Side Redis Attack PoC http://ift.tt/29KFq0K Submitted July 18, 2016 at 09:47PM by netsecthrowaway412 via reddit http://ift.tt/29LMxFj
-
Google Removes Suite of Chrome Extensions That Hijacked Facebook Accounts
Google Removes Suite of Chrome Extensions That Hijacked Facebook Accounts http://ift.tt/2a8xS9x Maxime Kjaer, a 19-year-old Danish student, has uncovered a set of Google Chrome extensions that were hijacking Facebook accounts but were capable of many more malicious actions. Crooks were distributing these extensions via Facebook posts for all sorts of cheesy and raunchy viral content.…
-
Bypassing Gmail’s malicious attachment filter with “one weird trick” via /r/netsec
Bypassing Gmail’s malicious attachment filter with “one weird trick” http://ift.tt/29TQzQi Submitted July 19, 2016 at 01:38PM by benichmt1 via reddit http://ift.tt/29Sexrd
-
[JSFuck fork] jsf$ck – Write any JavaScript without parenthesis, with only 8 characters: +![]{}$` via /r/netsec
[JSFuck fork] jsf$ck – Write any JavaScript without parenthesis, with only 8 characters: +![]{}$` http://ift.tt/29LsA1B Submitted July 19, 2016 at 11:55AM by Centime via reddit http://ift.tt/2a4MF6G
-
Shell No! Introducing Cknife, China Chopper’s Sibling (Part 2)
In part one of our web shell series we analyzed recent trends, code bases, and explored defensive mitigations. In part two we investigate a new web shell created by Chinese-speaking actors. On March 26, 2016, Recorded Future’s natural language processing (NLP) engine produced an alert for Cknife. Recorded Future alert showing Cknife reference. Background A…
-
Paypal bug bounty: Updating the Paypal.me profile picture without consent (CSRF attack) via /r/netsec
Paypal bug bounty: Updating the Paypal.me profile picture without consent (CSRF attack) http://ift.tt/29VgU0k Submitted July 19, 2016 at 10:41AM by theflofly via reddit http://ift.tt/29RSzEE
-
Fresh Ransomware ‘Stampado’ Priced Just $39, Spreads Fear
Fresh Ransomware ‘Stampado’ Priced Just $39, Spreads Fear http://ift.tt/2a8lYwp One completely new ransomware called Stampado that comes for rather cheap is being traded on underground forums. As per cyber-security firm Heimdal Security, it functions like CryptoLocker, however, contains some additional tricks, like it does not require administrative rights for contaminating computers. Threat Intel via CERT-EU…
-
Facebook CEO Password dadada hacked
Facebook CEO Password dadada hacked http://ift.tt/29Kl9by If you’ve heard this once, you need to hear it again—and again: Never use the same password and username for more than one account! If this got Mark Zuckerberg’s (Facebook’s […] Threat Intel via CERT-EU : EMM AlertFilter System: CERT-LatestNews http://ift.tt/1gYYfLb July 19, 2016 at 03:48AM
-
Polish telecom suffers major data breach following hack
Polish telecom suffers major data breach following hack http://ift.tt/29IJLoU Customer data including bank details entered on web forms lost in major data breach at Polish telecom operator. Threat Intel via CERT-EU : EMM AlertFilter System: CERT-LatestNews http://ift.tt/1gYYfLb July 19, 2016 at 03:48AM
securityXspace 