AliExpress | Breaking Cybersecurity News | The Hacker News

Alibaba Group has patched a major security vulnerability in one of its e-commerce portals that exposed account details of tens of millions of Merchants and shoppers to cyber criminals. An Israeli application security firm, AppSec Labs, found a Cross site scripting (XSS) vulnerability in AliExpress, the company's English language e-commerce site that was found vulnerable to similar flaw a week ago that compromised personal information of Alibaba customers. The flaw was fixed shortly after Cybermoon security firm disclosed it to Alibaba. AliExpress is an online marketplace owned by Chinese E-Commerce giant Alibaba.com, also known as Google of China. The company serves more than 300 Million active users from more than 200 countries including the U.S., Russia and Brazil. But the critical vulnerability found by the researcher could allow an attacker to hijack merchant's account. Using AliExpress XSS vulnerability an attacker can inject any malicious payload script as v...

A critical, but easily exploitable personal information disclosure vulnerability has been discovered in the widely popular online marketplace AliExpress website that affects its millions of users worldwide. The reported vulnerability could allow anyone to steal personal information of hundreds of millions of AliExpress users without knowing their account passwords. AliExpress is an online marketplace owned by Chinese E-Commerce giant Alibaba.com , which offers more than 300 Million active users from more than 200 countries and regions to order items in bulk or one at a time at low wholesale prices. Amitay Dan , an Israeli application security researcher working at Cybermoon.cc, reported the vulnerability to The Hacker News after providing full disclosure of the flaw to the AliExpress team and Israeli media. According to the Proof-of-Concept video and screenshots provided by the security researcher to The Hacker News , AliExpress website allows logged in user to add...

Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...