If you are using Ruby to develop applications, run the latest update of Acunetix to make sure that you are safe. A very popular Rails gem bootstrap-sass was recently compromised. A malicious version of the package (3.2.0.3) was available in the official RubyGems repository for several…
Author Archives Tomasz Andrzej Nidecki
THE AUTHOR
Tomasz Andrzej Nidecki
Principal Cybersecurity Writer
Principal Cybersecurity Writer
Mutation XSS in Google Search
Are you sure that your website is safe from Cross-site Scripting if Google Search was not for five months? On September 26, 2018, one of the developers working on the open-source Closure library (originally created by Google and used in Google Search) created a commit…
All about Man-in-the-Middle Attacks
In a man-in-the-middle attack (MITM), a black hat hacker takes a position between two victims who are communicating with one another. In this spot, the attacker relays all communication, can listen to it, and even modify it. Imagine that Alice and Barbara talk to one…
GIF Buffer Content Exposed by Facebook Messenger
The saying one man’s trash is another man’s treasure applies to IT security as well. There are several types of attacks, such as buffer overflow, that rely on accessing leftover memory content. For example, this is exactly what the infamous Heartbleed bug in OpenSSL was…
Remote Code Execution Possible in Drupal
On February 19, Drupal released a security advisory PSA-2019-02-19 (further amended by PSA-2019-02-22). The advisory contains information about a critical security flaw in Drupal 8.5 and 8.6 core. This flaw, classified as CVE-2019-6340, can be used for remote code execution (code injection). An exploit for…
DOM XSS: An Explanation of DOM-based Cross-site Scripting
DOM XSS stands for Document Object Model-based Cross-site Scripting. A DOM-based XSS attack is possible if the web application writes data to the Document Object Model without proper sanitization. The attacker can manipulate this data to include XSS content on the web page, for example,…
Critical CSRF Vulnerability on Facebook
A security researcher Youssef Sammouda (Samm0uda) recently discovered a critical CSRF (Cross-site Request Forgery) security vulnerability on Facebook. This security issue could have been used to take over any Facebook user account. Samm0uda reported the bug on January 26 and Facebook fixed it just 5…