ICT Security-Sécurité PC et Internet
87.1K views | +0 today
Follow
ICT Security-Sécurité PC et Internet
Education Technology
ICT Security + Privacy + Piracy + Data Protection - Censorship - Des cours et infos gratuites sur la"Sécurité PC et Internet" pour usage non-commercial... (FR, EN+DE)...
Curated by Gust MEES
Your new post is loading...
Your new post is loading...
Scooped by Gust MEES
Scoop.it!

Critical XSS vulnerability patched in WordPress plugin GDPR Cookie Consent | #CyberSecurity 

Critical XSS vulnerability patched in WordPress plugin GDPR Cookie Consent | #CyberSecurity  | ICT Security-Sécurité PC et Internet | Scoop.it
From www.zdnet.com - February 15, 2020 9:24 AM

Critical security issues caused by improper access controls in a WordPress plugin designed for GDPR cookie compliance have been resolved, but hundreds of thousands of websites may still be vulnerable to attack. 

The GDPR Cookie Consent plugin, offered by developer Cookie Law Info through WebToffee, has been designed to help ensure websites are compliant with the EU's General Data Protection Regulation (GDPR); specifically, obtaining consent for cookies from visitors, the creation of a Privacy & Cookies Policy page and the enablement of banners showing compliance.

The plugin accounts for over 700,000 active installs according to the WordPress library. 

On January 28, NinTechNet researcher Jerome Bruandet discovered a vulnerability affecting GDPR Cookie Consent version 1.8.2 and below.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=WordPress

 

https://www.scoop.it/t/wordpress-annotum-for-education-science-journal-publishing/?&tag=Cybersecurity

 

 

Gust MEES's insight:

Critical security issues caused by improper access controls in a WordPress plugin designed for GDPR cookie compliance have been resolved, but hundreds of thousands of websites may still be vulnerable to attack. 

The GDPR Cookie Consent plugin, offered by developer Cookie Law Info through WebToffee, has been designed to help ensure websites are compliant with the EU's General Data Protection Regulation (GDPR); specifically, obtaining consent for cookies from visitors, the creation of a Privacy & Cookies Policy page and the enablement of banners showing compliance.

The plugin accounts for over 700,000 active installs according to the WordPress library. 

On January 28, NinTechNet researcher Jerome Bruandet discovered a vulnerability affecting GDPR Cookie Consent version 1.8.2 and below.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=WordPress

 

https://www.scoop.it/t/wordpress-annotum-for-education-science-journal-publishing/?&tag=Cybersecurity

 

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Over 99 percent of About.com links vulnerable to XSS, XFS iframe attack | CyberSecurity

Over 99 percent of About.com links vulnerable to XSS, XFS iframe attack | CyberSecurity | ICT Security-Sécurité PC et Internet | Scoop.it
From www.zdnet.com - February 3, 2015 8:21 AM

About.com has a huge security problem, but it's likely worse for the over 98 million monthly visitors to the About Group's various topic-specific subdomains.

A security researcher disclosed Monday that "at least 99.88%" of all topic links and all domains related to About.com are vulnerable to open XSS (Cross Site Scripting) and Iframe Injection (Cross Frame Scripting, XFS) attacks.

According to the researcher's findings and proof-of-concept results, all subdomains of About.com are affected.


Learn more:


http://www.scoop.it/t/securite-pc-et-internet/?tag=iFrame-Injection


http://www.scoop.it/t/securite-pc-et-internet/?tag=XSS


Gust MEES's insight:

About.com has a huge security problem, but it's likely worse for the over 98 million monthly visitors to the About Group's various topic-specific subdomains.

A security researcher disclosed Monday that "at least 99.88%" of all topic links and all domains related to About.com are vulnerable to open XSS (Cross Site Scripting) and Iframe Injection (Cross Frame Scripting, XFS) attacks.

According to the researcher's findings and proof-of-concept results, all subdomains of About.com are affected.


more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

XSS vulnerabilities found on TripAdvisor and Uber websites

XSS vulnerabilities found on TripAdvisor and Uber websites | ICT Security-Sécurité PC et Internet | Scoop.it
From www.scmagazine.com - December 9, 2014 6:24 PM

A security researcher has uncovered four cross-site scripting (XSS) vulnerabilities on travel site TripAdvisor, a day after an XSS vulnerability was found on the website of private car service Uber, according to posts on xssposed.org.

Gust MEES's insight:

A security researcher has uncovered four cross-site scripting (XSS) vulnerabilities on travel site TripAdvisor, a day after an XSS vulnerability was found on the website of private car service Uber, according to posts on xssposed.org.


more...
No comment yet.
Sign up to comment
Rescooped by Gust MEES from WordPress and Annotum for Education, Science,Journal Publishing
Scoop.it!

XSS Flaw in WordPress Plugin Allows Injection of Malicious Code

XSS Flaw in WordPress Plugin Allows Injection of Malicious Code | ICT Security-Sécurité PC et Internet | Scoop.it
From threatpost.com - March 25, 2013 3:58 PM
A security vulnerability in the WP Banners Lite plugin for WordPress sites allows an attacker to inject malicious html or javascript code.

Via Gust MEES
Gust MEES's insight:

 

Check also:

 

http://www.scoop.it/t/wordpress-annotum-for-education-science-journal-publishing?tag=Cybersecurity

 

http://www.scoop.it/t/wordpress-annotum-for-education-science-journal-publishing

 

more...
Scooped by Gust MEES
Scoop.it!

Active XSS flaw discovered on Ebay

Active XSS flaw discovered on Ebay | ICT Security-Sécurité PC et Internet | Scoop.it
From www.zdnet.com - November 16, 2012 6:31 PM
According to XSSed, Shubham Upadhyay has discovered an active XSS flaw affecting Ebay.com.

 

Read more, a MUST:

http://www.zdnet.com/active-xss-flaw-discovered-on-ebay-7000007539/

 

more...
No comment yet.
Sign up to comment
Rescooped by Gust MEES from Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security...
Scoop.it!

Apple plugs staggering number of holes in Safari browser

Apple plugs staggering number of holes in Safari browser | ICT Security-Sécurité PC et Internet | Scoop.it
From www.infosecurity-magazine.com - July 26, 2012 5:03 PM
Apple has released an update to its Safari browser, version 6, that plugs 121 security holes, most of which involve the WebKit rendering engine.

 

The Safari update fixes a staggering 121 vulnerabilities, 117 of those flaws in WebKit, a browser engine designed to render HTML webpages. Most of the WebKit vulnerabilities could result in an unexpected application termination or arbitrary code execution if the user visits a maliciously created website, according to the security update.

 

Apple also patched two issues with the handling of feed:// URLs – one is a cross-site scripting vulnerability that could be exploited if a user visited a maliciously crafted site, and the other is an access control issue that could be exploited to send files from a user’s system to a remote server.

 

Another Safari fix resolves a problem in which passwords may autocomplete even when the site specifies that autocomplete should be disabled.

 

Read more:

http://www.infosecurity-magazine.com/view/27219/apple-plugs-staggering-number-of-holes-in-safari-browser/?utm_source=twitterfeed&utm_medium=twitter

 

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

CERTFR-2018-AVI-441 : Multiples vulnérabilités dans Moodle (17 septembre 2018) | #CyberSecurity #XSS

From www.mag-securs.com - September 18, 2018 12:51 PM

lundi 17 septembre 2018

CERTFR-2018-AVI-441 : Multiples vulnérabilités dans Moodle (17 septembre 2018)
De multiples vulnérabilités ont été découvertes dans Moodle . Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une injection de code indirecte à distance (XSS).

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=MOODLE

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=XSS

 

Gust MEES's insight:

lundi 17 septembre 2018

CERTFR-2018-AVI-441 : Multiples vulnérabilités dans Moodle (17 septembre 2018)
De multiples vulnérabilités ont été découvertes dans Moodle . Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une injection de code indirecte à distance (XSS).

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=MOODLE

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=XSS

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Malware-Einfallstor im Internet Explorer | CyberSecurity

Malware-Einfallstor im Internet Explorer | CyberSecurity | ICT Security-Sécurité PC et Internet | Scoop.it
From www.com-magazin.de - February 3, 2015 6:01 AM
Der Internet Explorer 11 unter Windows 7 und 8.1 hat eine Sicherheitslücke die Cross-Site Scripting erlaubt. Dies soll unter anderem ermöglichen, die Sicherheitsfunktionen des Browsers zu umgehen.
Im Internet Explorer gibt es eine größere ungepatchte Schwachstelle, die Angreifern erlaubt, beliebigen Schadcode aus einer (nicht vertrauenswürdigen) externen Domäne auf einer Webseite einer anderen (vertrauenswürdigen) Domäne auszuführen. Betroffen sind mindestens Windows 7 und 8.1 mit dem Internet Explorer 11.
Gust MEES's insight:

Der Internet Explorer 11 unter Windows 7 und 8.1 hat eine Sicherheitslücke die Cross-Site Scripting erlaubt. Dies soll unter anderem ermöglichen, die Sicherheitsfunktionen des Browsers zu umgehen.
Im Internet Explorer gibt es eine größere ungepatchte Schwachstelle, die Angreifern erlaubt, beliebigen Schadcode aus einer (nicht vertrauenswürdigen) externen Domäne auf einer Webseite einer anderen (vertrauenswürdigen) Domäne auszuführen. Betroffen sind mindestens Windows 7 und 8.1 mit dem Internet Explorer 11.


more...
No comment yet.
Sign up to comment
Rescooped by Gust MEES from 21st Century Learning and Teaching
Scoop.it!

XSS Cheat Sheet: Prevent Cross Site Scripting Attacks, Injections [Infographic]

XSS Cheat Sheet: Prevent Cross Site Scripting Attacks, Injections [Infographic] | ICT Security-Sécurité PC et Internet | Scoop.it
From www.veracode.com - May 1, 2013 10:16 AM
Cross Site Scripting Tutorial: Learn how to identify and prevent attacks. Download a FREE cheat sheet. See how Veracode protects against XSS Injection.
Gust MEES's insight:

 

Learn more:

 

http://www.scoop.it/t/securite-pc-et-internet?tag=Infographic

 

http://www.scoop.it/t/21st-century-learning-and-teaching?tag=Infographic

 

more...
Scooped by Gust MEES
Scoop.it!

Cross-site scripting attacks up 160%

Cross-site scripting attacks up 160% | ICT Security-Sécurité PC et Internet | Scoop.it
From www.net-security.org - January 30, 2013 5:38 PM

Each quarter, FireHost reports on the Superfecta – a group of four cyberattacks that are the most dangerous – and warns that both Cross-Site Scripting and SQL Injection attacks have become even more prevalent since the third quarter of 2012.

The four attack types which make up the Superfecta, and which pose the most serious threat to the private information hosted in your database are Cross-site Scripting (XSS), Directory Traversal, SQL Injection, and Cross-site Request Forgery (CSRF).


Gust MEES's insight:

                     ===> BEWARE of the MALWARE!!! <===

 

more...
No comment yet.
Sign up to comment
Rescooped by Gust MEES from 21st Century Learning and Teaching
Scoop.it!

Learning basics of Cyber-Security: What kind of Cyber-Attacks? Analysis of 15 million cyber attacks

Learning basics of Cyber-Security: What kind of Cyber-Attacks? Analysis of 15 million cyber attacks | ICT Security-Sécurité PC et Internet | Scoop.it
From www.net-security.org - October 22, 2012 11:00 AM

Learning basics of Cyber-Security: What kind of Cyber-Attacks?

 

FireHost announced the findings of its latest web application attack report, which provides statistical analysis of the 15 million cyber attacks blocked by its servers in the US and Europe during Q3 2012. The report looks at attacks on the web applications, databases and websites of FireHost’s customers between July and September, and offers an impression of the current internet security climate as a whole.

 

XSS is now the most common attack type in the Superfecta, with CSRF now in second. FireHost’s servers blocked more than one million XSS attacks during this period alone, a figure which rose 69 percent, from 603,016 separate attacks in Q2 to 1,018,817 in Q3. CSRF attacks reached second place on the Superfecta at 843,517.

 

Read more, a MUST:

http://www.net-security.org/secworld.php?id=13809

 

more...
No comment yet.
Sign up to comment
About Follow us Resources Terms Mobile Features
Facebook
X
LinkedIn