XSS

Apple offers iOS 5.1.1 update, fixes some serious vulnerabilities

by Paul Ducklin on May 8, 2012 | 11 Comments

Apple's latest update to iOS just came out.

Version 5.1.1 is more than just a cosmetic fix: it patches at least three security flaws, all of which should be considered serious.

25 'VeriSign Trusted' shops found to have XSS holes

by Lisa Vaas on February 28, 2012 | 1 Comment

A grey hat hacker has discovered cross-site scripting (XSS) holes in 25 UK online stores that are certified as safe by the likes of VeriSign, Visa, and MasterCard.

XSS flaw in WordPress 3.3 - How the smallest things make testing tough

by Chester Wisniewski on January 3, 2012 | Leave a comment

Researchers discovered a cross-site scripting flaw in WordPress 3.3 yesterday that only occurs if you ran the installation with an IP address instead of a domain name. WordPress 3.3.1 is now available to fix the vulnerability.

Facebook explains pornographic shock spam, hints at browser vulnerability

by Chester Wisniewski on November 16, 2011 | 27 Comments

Facebook has released a statement about the fast spreading offensive messages that have been posted to many users walls. They claim there is a browser vulnerability that allowed users to paste malicious JavaScript into their web browsers and post the offensive messages.

Weibo, China's Twitter-like service, hit by worm

by Graham Cluley on June 30, 2011 | 3 Comments

A worm which broke out on Weibo, exploited a cross-site scripting flaw and sent around messages claiming to link to naked photos of Fan Bingbing, romantic poetry and mobile phone spyware.

Sony Portugal latest to fall to hackers

by Chester Wisniewski on June 9, 2011 | 2 Comments

Sony Music Portugal is the latest Sony asset to be targeted by hackers. Is there light at the end of the tunnel? Are there other Sony websites that are still flawed?

Facebook scam with a difference - Social Tagging Worldwide avoids rogue apps

by Paul Ducklin on April 11, 2011 | 8 Comments

Sick of reading about rogue apps on Facebook? Here's a Facebook scam with a difference.

A "profile viewer" scam under the name Social Tagging Worldwide tricks you via the clipboard, not via the usual rogue app.

September roundup - "90 Second News"

by Paul Ducklin on September 28, 2010 | Leave a comment

Don't just read the latest computer security news - watch it in 90 seconds! This month: when internet access chose the government; Adobe battles another zero-day; Twitter suffers XSS woes; and the Stuxnet malware keeps on making the wrong headlines. Read more…

The names and faces behind the 'onMouseOver' Twitter worm attack

by Graham Cluley on September 22, 2010 | Leave a comment

It's been over 24 hours now since many Twitter users around the world found that their pages had become infested by messages spreading virally across the network. The victims High profile victims of the "onMouseOver" worm included ex-Prime Minister's wife Read more…

XSS

Tags

Categories

Archives by month

Download some free tools

Take a look at our products

Investigate the threats