Comment: Open Source Assessment Platform Riddled With XSS Flaws

Web Vulnerability Scanner

It has been reported that security researchers have uncovered multiple XSS vulnerabilities in TAO, an open source assessment platform. Researchers discovered the ‘medium’ severity vulnerabilities after examining the community edition of TAO, an employee training and assessment tool.

White House Phishing Scam – Expert Comments

Phishing scammers have started to impersonate President Trump and Vice President Mike Pence in emails that distribute malware or perform extortion scams. In phishing emails discovered by an email security firm called Inky, threat actors try to impersonate the White House who is sending out Coronavirus guidelines on behalf of President Trump. These emails state […]

To Avoid Magecart Attacks, Visa Urges Merchants To Migrate To Magento 2.X – Expert Advise

To avoid exposing their stores to Magecart attacks and to remain PCI compliant, Visa is urging merchants to migrate their online stores to Magento 2.x before the Magento 1.x e-commerce platform reaches end-of-life (EoL) in June 2020. #Visa urges merchants to migrate e-commerce sites to Magento 2.xhttps://t.co/d0cqAXqhfz pic.twitter.com/80oefzC9AH — John Morgan (@johnmorganFL) April 9, 2020

Minimising The Threat From Sophisticated Cyber Attacks

Today, cybercriminals have the capacity and resources to carry out mass-targeted attacks that can inflict a great deal of destruction on an organisation. With these sophisticated skills and a growing number of solutions available to them, it is possible for criminals to create ransomware as a service, to ‘spin up’ email servers and blast out […]

Expert Insight On RigUp Exposes More Than 70,000 Private Files

It has been reported that, led by Noam Rotem and Ran Locar, vpnMentor’s research team recently discovered a breached database belonging to American software company RigUp, containing more than 70,000 private files belonging to its US energy sector clients. RigUp, founded in 2014, is a labor marketplace and services provider built for the US energy […]

Experts On Cybercriminals Hide Malware & Phishing Sites Under SSL Certificates

Dark Reading recently wrote about cybercriminals increasingly relying on SSL certificates to lull people into a false sense of security when clicking malicious links. The assumption that HTTPS links and the accompanying lock icon protect employees from an attack can threaten businesses without sufficient SSL inspection. Nearly 52% of the top 1 million websites were […]

Fake BBC Twitter Account Removed After Spreading Fake News

The BBC and Twitter moved quickly yesterday to remove a fake account impersonating the corporation’s Breaking News Twitter page, but not before it had managed to spread an untrue story about the health of UK Prime Minister Boris Johnson. The fake post was picked up by a prominent TV channel in Pakistan, which is aired […]