Gmail-linked Facebook accounts vulnerable to attack using a chain of bugs—now fixed
A researcher has combined a chain of bugs into an attack method that makes it possible to take over Facebook accounts linked to Gmail.
Threat actor steals email with Zimbra zero-day
Researchers have uncovered a targeted phishing campaign exploiting a XSS zero-day vulnerability in the Zimbra email platform.
Vulnerable WordPress plugin leaves online shoppers vulnerable
The popular WooCommerce Dynamic Pricing and Discounts plugin lets anyone inject malicious code.
A week in security (August 23 – August 29)
A round-up of the most interesting blog posts and security news happenings for the week of August 23 to August 29.
Lock and Code S1Ep18: Finding consumer value in Cybersecurity Awareness Month with Jamie Court
This week on Lock and Code, we talk to Jamie Court, president of Consumer Watchdog, about the consumer value in Cybersecurity Awareness Month.
XSS to TSS: tech support scam campaign abuses cross-site scripting vulnerability
This tech support scam is being spread via Facebook links and uses several redirection mechanisms to avoid detection.
How to harden AdwCleaner’s web backend using PHP
More and more applications are moving from desktop to the web, where they are particularly exposed to security risks. They are often tied to a database backend, and thus need to be properly secured, even though most of the time they are designed to restrict access to authenticated users only. PHP is used to develop…