CSRF

Pierluigi Paganini March 11, 2015
Reconnect tool for hacking Facebook is publicly available

The security expert Egor Homakov from Sakurity firm has released the Reconnect tool that allows hackers to hijack accounts on sites that use Facebook logins. The security expert Security Egor Homakov has developed a hacking tool dubbed Reconnect that exploit a flaw in Facebook to hijack accounts on sites that use Facebook logins. Homakov, with works for […]

Pierluigi Paganini February 27, 2015
Pharming attacks exploit default passwords to hack routers

Experts at Proofpoint uncovered a pharming attack that uses phishing to exploit router vulnerabilities and carry out malicious activities. Security firm Proofpoint revealed that its experts recently detected a spam campaign targeting organizations and primarily Brazilian Internet users. The spam campaign implements a very effective technique to spy on a victim’s Web traffic. The particularity of this […]

Pierluigi Paganini February 19, 2015
Serious flaws allowed the deletion of any comment on Facebook

A young hacker disclosed the details of an attack that by exploiting a couple of flaws in Facebook allowed him to delete any comment on the social network. The 19-year-old hacker Joe Balhis has discovered the way to delete any comment on Facebook by leveraging a session validation flaw and a cross-site request forgery (CSRF) vulnerability. The expert highlighted that […]

Pierluigi Paganini January 20, 2015
GoDaddy fixed a CSRF flaw that allows Domain takeover

A security expert discovered a cross-site request forgery (CSRF) flaw to take over domains registered with GoDaddy, the company has already fixed it. The security engineer Dylan Saccomanni discovered a critical cross-site request forgery (CSRF) vulnerability in GoDaddy domain management console that could be exploited by attackers to take over domains. The vulnerability was discovered on January 17 […]

Pierluigi Paganini December 15, 2014
Fixed a critical flaw in Blogger that allows to write posts on any blog

A security expert discovered a critical CSRF vulnerability in Blogger.com that allows an attacker to write posts in any blog hosted on the popular platform. The Egyptian security expert Mazen Gamal Mesbah (@MazenGamal) has discovered a critical CSRF (Cross-site request forgery) vulnerability in the free weblog publishing tool Blogger.com. The vulnerability could be exploited by an attacker to write posts […]

Pierluigi Paganini December 03, 2014
Hacking PayPal Account with a single exploit

An Egyptian hacker demonstrated that using a single exploit is possible to take control of any PayPal account due to the presence of a series of flaws . The Egyptian security researcher, Yasser H. Ali has reported three critical vulnerabilities in PayPal website that could be exploited by an attacker to compromise users’ account. The vulnerabilities include a CSRF and an Authentication token […]

Pierluigi Paganini September 20, 2014
Avira – Critical CSRF flaw Vulnerability puts millions users at risk

Egyptian bug hunter discovered that Avira Website is affected by CSRF flaw that allows attackers to hijack users’ accounts and access to their online backup. What do you think about if tell you that an antivirus could represent a menace for your system? Antivirus like any other kind of software could be exploited by threat […]

Pierluigi Paganini September 19, 2014
Schneider ClearSCADA platform affected by different security flaws

ICS-CERT issued a security advisory for the existence of vulnerabilities in a variety of Schneider Electric StruxureWare SCADA Expert ClearSCADA versions. According to a recent advisory issued by the ICS-CERT (ICSA-14-259-01) several Electric’s StruxureWare SCADA Expert ClearSCADA are affected by different vulnerabilities. The independent researcher Aditya Sood has discovered a weak hashing algorithm and CSRF vulnerability in […]

Pierluigi Paganini September 16, 2014
A critical flaw in Twitter allows to delete payment cards from any account

An Egyptian security researcher has discovered a critical flaw in Twitter platform which allows an attacker to delete credit cards from Any Twitter Account. The Egyptian Security Researcher, Ahmed Mohamed Hassan Aboul-Ela has discovered a critical vulnerability in Twitter’s advertising service that allowed an attacker to delete credit cards from any Twitter account. Ahmed Mohamed Hassan Aboul-Ela […]

Pierluigi Paganini August 17, 2014
Critical flaw in Fiverr.com potentially exposes millions accounts

A CSRF (Cross-site request forgery) vulnerability affects the Fiverr.com website, millions users are potentially at risk. The Egyptian Information Security Evangelist, Mohamed Abdelbaset, reported to the colleagues of The Hacker News a serious CSRF (Cross-site request forgery) vulnerability on the popular Fiverr website. The Fiverr.com website is a marketplace where people offers their services for five dollars per […]