Security Alerts & News
by Tymoteusz A. Góral

History
#2151 New attack XSSJacking combines clickjacking, pastejacking, and SelfXSS
Security researcher Dylan Ayrey detailed last week a new web-based attack named XSSJacking that combines three other techniques — Clickjacking, Pastejacking, and Self-XSS — to steal data from careless users.

Ayrey says XSSJacking can help attackers reach sensitive information for which they would normally need a more complex security flaw, such as a stored XSS (Cross-Site Scripting) or CSRF (Cross-Site Request Forgery), issues which most websites tend to fix when reported.

The attack is not fully-automated, as it still relies on social engineering, a reason why many of today's security bug bounty programs won't even consider it as a security flaw, Ayrey told Bleeping Computer in an email.
Read more
#2155 Massive uproar on alleged Windows 10 built-in ‘keylogger’ feature
#2154 Strengthening the Microsoft Edge sandbox
#2153 SmartTV hacking - Oneconsult talk at EBU Media Cyber Security seminar (VIDEO)
#2152 GiftGhostBot attacks ecommerce gift card systems across major online retailers
#2151 New attack XSSJacking combines clickjacking, pastejacking, and SelfXSS
#2150 Symantec backs its CA
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12