Security Alerts & News
by Tymoteusz A. Góral

#1522 Google tackles XSS scripting flaws with new developer tools
Google has released two new tools for developers looking to protect web domains against XSS scripting security flaws.

Cross-site scripting (XSS) is a common security issue web developers face today. The attack, which relies on vulnerabilities which allow the injection of malicious codes into trusted websites and applications, can lead to malvertising campaigns, watering hole attacks, and drive-by attacks which do not need victims, visiting a trusted site, to do anything more than open a page.

Content Security Policy (CSP) is often the answer for web developers to stay clear of such attacks. CSP, support by all major browsers, can be used to restrict programming input and scripts and prevent them executing, even if attackers are able to inject malicious code into vulnerable web pages.
Read more
#1523 Mamba ransomware strikes at your whole disk, not just your files
#1522 Google tackles XSS scripting flaws with new developer tools
#1521 Record-breaking DDoS reportedly delivered by >145k hacked cameras
#1520 Europol warns of Android tap-and-go thefts
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12