ICT Security-Sécurité PC et Internet
87.2K views | +1 today
Follow
ICT Security-Sécurité PC et Internet
Education Technology
ICT Security + Privacy + Piracy + Data Protection - Censorship - Des cours et infos gratuites sur la"Sécurité PC et Internet" pour usage non-commercial... (FR, EN+DE)...
Curated by Gust MEES
Your new post is loading...
Your new post is loading...
Scooped by Gust MEES
February 15, 2020 9:24 AM
Scoop.it!

Critical XSS vulnerability patched in WordPress plugin GDPR Cookie Consent | #CyberSecurity 

Critical XSS vulnerability patched in WordPress plugin GDPR Cookie Consent | #CyberSecurity  | ICT Security-Sécurité PC et Internet | Scoop.it
From www.zdnet.com - February 13, 2020 9:19 AM

Critical security issues caused by improper access controls in a WordPress plugin designed for GDPR cookie compliance have been resolved, but hundreds of thousands of websites may still be vulnerable to attack. 

The GDPR Cookie Consent plugin, offered by developer Cookie Law Info through WebToffee, has been designed to help ensure websites are compliant with the EU's General Data Protection Regulation (GDPR); specifically, obtaining consent for cookies from visitors, the creation of a Privacy & Cookies Policy page and the enablement of banners showing compliance.

The plugin accounts for over 700,000 active installs according to the WordPress library. 

On January 28, NinTechNet researcher Jerome Bruandet discovered a vulnerability affecting GDPR Cookie Consent version 1.8.2 and below.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=WordPress

 

https://www.scoop.it/t/wordpress-annotum-for-education-science-journal-publishing/?&tag=Cybersecurity

 

 

Gust MEES's insight:

Critical security issues caused by improper access controls in a WordPress plugin designed for GDPR cookie compliance have been resolved, but hundreds of thousands of websites may still be vulnerable to attack. 

The GDPR Cookie Consent plugin, offered by developer Cookie Law Info through WebToffee, has been designed to help ensure websites are compliant with the EU's General Data Protection Regulation (GDPR); specifically, obtaining consent for cookies from visitors, the creation of a Privacy & Cookies Policy page and the enablement of banners showing compliance.

The plugin accounts for over 700,000 active installs according to the WordPress library. 

On January 28, NinTechNet researcher Jerome Bruandet discovered a vulnerability affecting GDPR Cookie Consent version 1.8.2 and below.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=WordPress

 

https://www.scoop.it/t/wordpress-annotum-for-education-science-journal-publishing/?&tag=Cybersecurity

 

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
February 3, 2015 8:21 AM
Scoop.it!

Over 99 percent of About.com links vulnerable to XSS, XFS iframe attack | CyberSecurity

Over 99 percent of About.com links vulnerable to XSS, XFS iframe attack | CyberSecurity | ICT Security-Sécurité PC et Internet | Scoop.it
From www.zdnet.com - February 3, 2015 8:21 AM

About.com has a huge security problem, but it's likely worse for the over 98 million monthly visitors to the About Group's various topic-specific subdomains.

A security researcher disclosed Monday that "at least 99.88%" of all topic links and all domains related to About.com are vulnerable to open XSS (Cross Site Scripting) and Iframe Injection (Cross Frame Scripting, XFS) attacks.

According to the researcher's findings and proof-of-concept results, all subdomains of About.com are affected.


Learn more:


http://www.scoop.it/t/securite-pc-et-internet/?tag=iFrame-Injection


http://www.scoop.it/t/securite-pc-et-internet/?tag=XSS


Gust MEES's insight:

About.com has a huge security problem, but it's likely worse for the over 98 million monthly visitors to the About Group's various topic-specific subdomains.

A security researcher disclosed Monday that "at least 99.88%" of all topic links and all domains related to About.com are vulnerable to open XSS (Cross Site Scripting) and Iframe Injection (Cross Frame Scripting, XFS) attacks.

According to the researcher's findings and proof-of-concept results, all subdomains of About.com are affected.


more...
No comment yet.
Sign up to comment
Rescooped by Gust MEES from 21st Century Learning and Teaching
May 1, 2013 10:16 AM
Scoop.it!

XSS Cheat Sheet: Prevent Cross Site Scripting Attacks, Injections [Infographic]

XSS Cheat Sheet: Prevent Cross Site Scripting Attacks, Injections [Infographic] | ICT Security-Sécurité PC et Internet | Scoop.it
From www.veracode.com - May 1, 2013 10:13 AM
Cross Site Scripting Tutorial: Learn how to identify and prevent attacks. Download a FREE cheat sheet. See how Veracode protects against XSS Injection.
Gust MEES's insight:

 

Learn more:

 

http://www.scoop.it/t/securite-pc-et-internet?tag=Infographic

 

http://www.scoop.it/t/21st-century-learning-and-teaching?tag=Infographic

 

more...
Scooped by Gust MEES
January 30, 2013 5:38 PM
Scoop.it!

Cross-site scripting attacks up 160%

Cross-site scripting attacks up 160% | ICT Security-Sécurité PC et Internet | Scoop.it
From www.net-security.org - January 30, 2013 5:38 PM

Each quarter, FireHost reports on the Superfecta – a group of four cyberattacks that are the most dangerous – and warns that both Cross-Site Scripting and SQL Injection attacks have become even more prevalent since the third quarter of 2012.

The four attack types which make up the Superfecta, and which pose the most serious threat to the private information hosted in your database are Cross-site Scripting (XSS), Directory Traversal, SQL Injection, and Cross-site Request Forgery (CSRF).


Gust MEES's insight:

                     ===> BEWARE of the MALWARE!!! <===

 

more...
No comment yet.
Sign up to comment
Rescooped by Gust MEES from 21st Century Learning and Teaching
October 22, 2012 11:00 AM
Scoop.it!

Learning basics of Cyber-Security: What kind of Cyber-Attacks? Analysis of 15 million cyber attacks

Learning basics of Cyber-Security: What kind of Cyber-Attacks? Analysis of 15 million cyber attacks | ICT Security-Sécurité PC et Internet | Scoop.it
From www.net-security.org - October 22, 2012 10:57 AM

Learning basics of Cyber-Security: What kind of Cyber-Attacks?

 

FireHost announced the findings of its latest web application attack report, which provides statistical analysis of the 15 million cyber attacks blocked by its servers in the US and Europe during Q3 2012. The report looks at attacks on the web applications, databases and websites of FireHost’s customers between July and September, and offers an impression of the current internet security climate as a whole.

 

XSS is now the most common attack type in the Superfecta, with CSRF now in second. FireHost’s servers blocked more than one million XSS attacks during this period alone, a figure which rose 69 percent, from 603,016 separate attacks in Q2 to 1,018,817 in Q3. CSRF attacks reached second place on the Superfecta at 843,517.

 

Read more, a MUST:

http://www.net-security.org/secworld.php?id=13809

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
September 18, 2018 12:51 PM
Scoop.it!

CERTFR-2018-AVI-441 : Multiples vulnérabilités dans Moodle (17 septembre 2018) | #CyberSecurity #XSS

From www.mag-securs.com - September 17, 2018 12:47 PM

lundi 17 septembre 2018

CERTFR-2018-AVI-441 : Multiples vulnérabilités dans Moodle (17 septembre 2018)
De multiples vulnérabilités ont été découvertes dans Moodle . Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une injection de code indirecte à distance (XSS).

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=MOODLE

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=XSS

 

Gust MEES's insight:

lundi 17 septembre 2018

CERTFR-2018-AVI-441 : Multiples vulnérabilités dans Moodle (17 septembre 2018)
De multiples vulnérabilités ont été découvertes dans Moodle . Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une injection de code indirecte à distance (XSS).

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=MOODLE

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=XSS

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
February 3, 2015 6:01 AM
Scoop.it!

Malware-Einfallstor im Internet Explorer | CyberSecurity

Malware-Einfallstor im Internet Explorer | CyberSecurity | ICT Security-Sécurité PC et Internet | Scoop.it
From www.com-magazin.de - February 3, 2015 6:00 AM
Der Internet Explorer 11 unter Windows 7 und 8.1 hat eine Sicherheitslücke die Cross-Site Scripting erlaubt. Dies soll unter anderem ermöglichen, die Sicherheitsfunktionen des Browsers zu umgehen.
Im Internet Explorer gibt es eine größere ungepatchte Schwachstelle, die Angreifern erlaubt, beliebigen Schadcode aus einer (nicht vertrauenswürdigen) externen Domäne auf einer Webseite einer anderen (vertrauenswürdigen) Domäne auszuführen. Betroffen sind mindestens Windows 7 und 8.1 mit dem Internet Explorer 11.
Gust MEES's insight:

Der Internet Explorer 11 unter Windows 7 und 8.1 hat eine Sicherheitslücke die Cross-Site Scripting erlaubt. Dies soll unter anderem ermöglichen, die Sicherheitsfunktionen des Browsers zu umgehen.
Im Internet Explorer gibt es eine größere ungepatchte Schwachstelle, die Angreifern erlaubt, beliebigen Schadcode aus einer (nicht vertrauenswürdigen) externen Domäne auf einer Webseite einer anderen (vertrauenswürdigen) Domäne auszuführen. Betroffen sind mindestens Windows 7 und 8.1 mit dem Internet Explorer 11.


more...
No comment yet.
Sign up to comment
Rescooped by Gust MEES from WordPress and Annotum for Education, Science,Journal Publishing
March 25, 2013 3:58 PM
Scoop.it!

XSS Flaw in WordPress Plugin Allows Injection of Malicious Code

XSS Flaw in WordPress Plugin Allows Injection of Malicious Code | ICT Security-Sécurité PC et Internet | Scoop.it
From threatpost.com - March 25, 2013 3:46 PM
A security vulnerability in the WP Banners Lite plugin for WordPress sites allows an attacker to inject malicious html or javascript code.

Via Gust MEES
Gust MEES's insight:

 

Check also:

 

http://www.scoop.it/t/wordpress-annotum-for-education-science-journal-publishing?tag=Cybersecurity

 

http://www.scoop.it/t/wordpress-annotum-for-education-science-journal-publishing

 

more...
Scooped by Gust MEES
November 16, 2012 6:31 PM
Scoop.it!

Active XSS flaw discovered on Ebay

Active XSS flaw discovered on Ebay | ICT Security-Sécurité PC et Internet | Scoop.it
From www.zdnet.com - November 16, 2012 6:31 PM
According to XSSed, Shubham Upadhyay has discovered an active XSS flaw affecting Ebay.com.

 

Read more, a MUST:

http://www.zdnet.com/active-xss-flaw-discovered-on-ebay-7000007539/

 

more...
No comment yet.
Sign up to comment
About Follow us Resources Terms Mobile Features
Facebook
X
LinkedIn