CSRF

Pierluigi Paganini November 23, 2020
TikTok fixed security issues that could have led one-click account takeover

TikTok has addressed a couple of security issues that could have been chained to led account takeover.  The first issue addressed by the social media platform is a reflected XSS security flaw that has been reported by the bug bounty hunter Muhammed “milly” Taskiran via the bug bounty platform HackerOne. The Cross-Site-Scripting flaw affected the company […]

Pierluigi Paganini June 18, 2020
Drupal addresses critical code execution vulnerability

Drupal released security updates to patch several security issues, including a flaw that could allow an attacker to execute arbitrary PHP code. Drupal released security updates to address multiple security vulnerabilities, including a “critical” flaw tracked as CVE-2020-13664 that could be exploited by an attacker to execute arbitrary PHP code. The CVE-2020-13664 flaw affects both […]

Pierluigi Paganini May 01, 2020
Over 800K WordPress sites are at risk due to a flaw in Ninja Forms plugin

The development team oh the Ninja Forms WordPress plugin fixed a high severity security flaw that can let attackers take over websites. The developers behind the Ninja Forms WordPress plugin have addressed a Cross-Site Request Forgery (CSRF) vulnerability that could lead to Stored Cross-Site Scripting (Stored XSS) attacks. Ninja Forms is a drag and drop form builder plugin […]

Pierluigi Paganini January 30, 2020
Over 200K WordPress sites potentially exposed to hack due to Code Snippets flaw

Over 200K WordPress sites are exposed to attacks due to a high severity cross-site request forgery (CSRF) bug in Code Snippets plugin. A high severity cross-site request forgery (CSRF) bug, tracked as CVE-2020-8417, in Code Snippets plugin could be exploited by attackers to take over WordPress sites running vulnerable versions of the Code Snippets plugin. The […]

Pierluigi Paganini July 14, 2019
For nearly a year, Brazilian users have been targeted with router attacks

Brazilian users have been targeted by a large number of router attacks aimed at modifying the configuration of their routers for malicious purposes. This year, security experts at Avast have blocked more than 4.6 million cross-site request forgery (CSRF) attempts carried out by crooks to execute commands without the users’ knowledge. The campaign uncovered by […]

Pierluigi Paganini March 14, 2019
CSRF flaw in WordPress potentially allowed the hack of websites

Security researcher Simon Scannell from RIPS Technologies, has discovered a new CSRF vulnerability in WordPress, that could potentially lead to remote code execution attacks. The flaw is a cross-site request forgery (CSRF) that resides in the comment section of WordPress that is enabled by default, the issue affects all WordPress versions prior to version 5.1.1. […]

Pierluigi Paganini February 17, 2019
Facebook paid $25,000 for CSRF exploit that leads to Account Takeover

Facebook paid a $25,000 bounty for a critical cross-site request forgery (CSRF) vulnerability that could have been exploited to hijack accounts simply by tricking users into clicki on a link. The white hat hacker who goes online with the moniker “Samm0uda” discovered a critical CSRF vulnerability in Facebook and the social network giant paid a […]

Pierluigi Paganini November 14, 2018
Facebook flaw could have exposed private info of users and their friends

Security experts from Imperva reported a new Facebook flaw that could have exposed private info of users and their friends A new security vulnerability has been reported in Facebook, the flaw could have been exploited by attackers to obtain certain personal information about users and their network of contacts. The recently discovered issue raises once again […]

Pierluigi Paganini April 29, 2018
Firefox 60 supports Same-Site Cookies to prevent CSRF attacks

This week Mozilla announced that the upcoming Firefox 60 version will implement a new Cross-Site Request Forgery (CSRF) protection by introducing support for the same-site cookie attribute. An attacker can launch a CSRF attack to perform unauthorized activities on a website on behalf of authenticated users, this is possible by tricking victims into visiting a specially crafted webpage. “Cross-Site […]

Pierluigi Paganini April 08, 2018
Auth0 authentication bypass issue exposed enterprises to hack

Auth0, one of the biggest identity-as-a-service platform is affected by a critical authentication bypass vulnerability that exposed enterprises to hack. Auth0, one of the biggest identity-as-a-service platform is affected by a critical authentication bypass vulnerability that could be exploited by attackers to access any portal or application which are using it for authentication. Auth0 implements a token-based authentication model for a […]