-
- ChetWisniewski: Microsoft wasn't the only one to release patches on Valentine's. Adobe Shockwave and Oracle Java get critical fixes http://t.co/S26DjIl7about 1 hour ago
- SophosLabs: Warning - Whitney Houston autopsy video links on Facebook aren’t what they seem http://t.co/aLG1e7vY tip @techmemeabout 8 hours ago
- SophosLabs: Who has better privacy laws: USA or European Union? http://t.co/rQUnw2kW (via @mooseabyte)about 8 hours ago
- gcluley: Warning: Whitney Houston autopsy video links on Facebook aren’t what they seem http://t.co/sg98h50Fabout 8 hours ago
- SophosLabs: iPhone 5 tester SMS text scam hits cellphones http://t.co/0orOOGG7about 12 hours ago
Tag Archives: XSS
XSS flaw in WordPress 3.3 - How the smallest things make testing tough
Researchers discovered a cross-site scripting flaw in WordPress 3.3 yesterday that only occurs if you ran the installation with an IP address instead of a domain name. WordPress 3.3.1 is now available to fix the vulnerability.
Facebook explains pornographic shock spam, hints at browser vulnerability
Facebook has released a statement about the fast spreading offensive messages that have been posted to many users walls. They claim there is a browser vulnerability that allowed users to paste malicious JavaScript into their web browsers and post the offensive messages.
Weibo, China's Twitter-like service, hit by worm
A worm which broke out on Weibo, exploited a cross-site scripting flaw and sent around messages claiming to link to naked photos of Fan Bingbing, romantic poetry and mobile phone spyware.
Sony Portugal latest to fall to hackers
Sony Music Portugal is the latest Sony asset to be targeted by hackers. Is there light at the end of the tunnel? Are there other Sony websites that are still flawed?
Facebook scam with a difference - Social Tagging Worldwide avoids rogue apps
Sick of reading about rogue apps on Facebook? Here's a Facebook scam with a difference.
A "profile viewer" scam under the name Social Tagging Worldwide tricks you via the clipboard, not via the usual rogue app.
September roundup - "90 Second News"
Don't just read the latest computer security news - watch it in 90 seconds! This month: when internet access chose the government; Adobe battles another zero-day; Twitter suffers XSS woes; and the Stuxnet malware keeps on making the wrong headlines. Read more…
The names and faces behind the 'onMouseOver' Twitter worm attack
It's been over 24 hours now since many Twitter users around the world found that their pages had become infested by messages spreading virally across the network. The victims High profile victims of the "onMouseOver" worm included ex-Prime Minister's wife Read more…
Twitter 'onMouseOver' security flaw widely exploited
The Twitter website is being widely exploited by users who have stumbled across a flaw which allows messages to pop-up and third-party websites to open in your browser just by moving your mouse over a link. In a worrying development, Read more…
The beginning of the end of popup porn, Facebook worms and cross-site phishing?
Visit just about any page on any website - including most of sophos.com - and your browser will suck in content from other sites, too. This third-party content is often sourced using script code, such as JavaScript, in the primary Read more…
Reddit exploited - Shows the world how to respond
Last night it was reported that Reddit had been attacked and malicious JavaScript was disrupting the use of the site. In less than 24 hours, Reddit had not only fixed the issue, but had come clean on how it had Read more…
