wang | Breaking Cybersecurity News | The Hacker News

Thamatam Deepak (Mr.47™) reported a Cross site scripting (XSS) Vulnerability and cookie handling in HTC website, that allow an attacker to HTC website hijack accounts. Mr. Deepak is a 16 years old whitehat hacker, listed in Apple Hall of Fame with 'The Hacker News' researcher Mohit Kumar this month. Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites. The malicious script can access any cookies, session tokens, or other sensitive information retained by your browser. This vulnerability may be used by attackers to bypass access controls such as the same origin policy. Cross site scripting is very common web application vulnerability, Yesterday our security researcher, Christy Philip Mathew reported about multiple xss in official latest versions of cPanel and WHM . As reported by Whitehat hacker Deepak, there are multiple xss in HTC website, that allow an attacker

Iran claims to have repelled a fresh cyber attack on its industrial units in a southern province. In the last few years, various Iranian industrial, nuclear and government bodies have recently come under growing cyber attacks, widely believed to be designed and staged by the US and Israel . A power plant and other industries in southern Iran have been targeted by the Stuxnet computer worm , an Iranian civil defense official says. Iran's news agency reported that the worm attacked the Culture Ministry's Headquarters for Supporting and Protecting Works of Art and Culture and was reportedly sent from Dallas via switches in Malaysia and Vietnam. This recent Stuxnet attack was successfully defeated, according to local Iranian civil defense chief Ali Akbar Akhavan. " We were able to prevent its expansion owing to our timely measures and the cooperation of skilled hackers ," Akhavan said. The sophisticated worm spreads via USB drives and through four previously