Comment On Facebook Plugin Vulnerability

What makes this particular vulnerability so severe is the attacker’s ability to assume the role of the victim. Through social engineering and creating a “legitimate” story with the brand they assume, the attacker can create all kinds of themes to exploit a user by asking for personal information. As long as an attacker has a method to spin a story, social engineering attacks are always a threat. As such, we will continue to see attempts to directly attack the human element that cause damage for the brand, not just the victim. When vulnerabilities are publicly announced, it is a race between administrators and attackers. This exploitation stresses the need to monitor vulnerabilities in relation to one’s tech stack and applications. If you don’t know it’s vulnerable, you can’t patch it. Potential targets should utilize a Web Application Firewall to help prevent exploits while also staying aware of vulnerabilities when they are released in order to proactively protect themselves.  Read Less