Cross-site Scripting | Breaking Cybersecurity News | The Hacker News

Google on Tuesday launched a Security testing tool "Firing Range" , which aimed at improving the efficiency of automated Web application security scanners by evaluating them with a wide range of cross-site scripting (XSS) and a few other web vulnerabilities seen in the wild. Firing Range basically provides a synthetic testing environment mostly for cross-site scripting (XSS) vulnerabilities that are seen most frequently in web apps. According to Google security engineer Claudio Criscione, 70 percent of the bugs in Google's Vulnerability Reward Program are cross-site scripting flaws . In addition to XSS vulnerabilities , the new web app scanner also scans for other types of vulnerabilities including reverse clickjacking , Flash injection , mixed content, and cross-origin resource sharing vulnerabilities. Firing Range was developed by Google with the help of security researchers at Politecnico di Milano in an effort to build a test ground for automated scanners

After a week delay, Adobe has finally pushed out critical security updates for its frequently-attacked Reader and Acrobat PDF software packages to patch serious vulnerabilities that could lead to computers being compromised. The new versions of Adobe Reader and Acrobat released Tuesday for both Windows and Macintosh computers address eight vulnerabilities, five of which could allow for remote code execution . The remaining three vulnerabilities involve a sandbox bypass vulnerability that can be exploited to escalate an attacker's privileges on Windows, a denial-of-service (DoS) vulnerability related to memory corruption, and a cross-site scripting (XSS) flaw that only affects the programs on the Mac platform. According to Adobe's advisory , applying the patches will involve a system restart. The affected versions are: Adobe Reader XI (11.0.08) and earlier 11.x versions for Windows Adobe Reader XI (11.0.07) and earlier 11.x versions for Macintosh Adobe Reade

Over the past two years, a shocking  51% of organizations surveyed in a leading industry report have been compromised by a cyberattack.  Yes, over half.  And this, in a world where enterprises deploy  an average of 53 different security solutions  to safeguard their digital domain.  Alarming? Absolutely. A recent survey of CISOs and CIOs, commissioned by Pentera and conducted by Global Surveyz Research, offers a quantifiable glimpse into this evolving battlefield, revealing a stark contrast between the growing risks and the tightening budget constraints under which cybersecurity professionals operate. With this report, Pentera has once again taken a magnifying glass to the state of pentesting to release its annual report about today's pentesting practices. Engaging with 450 security executives from North America, LATAM, APAC, and EMEA—all in VP or C-level positions at organizations with over 1,000 employees—the report paints a current picture of modern security validation prac

Scammers have again targeted more than one billion active users of the popular social networking giant Facebook, to infect as many victims as possible. Not by serving fake post, neither by providing malicious video link, instead this time scammers have used a new way of tricking Facebook users into injecting or placing malicious JavaScript or client-side code into their web browsers. This malicious code could allow an attacker to gain access to victims' accounts, thereby using it for fraud, to send spams, and promoting further attacks by posting the scam on timeline to victims' friends. This technique is known as Self Cross-site Scripting or Self XSS. Self-XSS (Self Cross-Site Scripting) scam is a combination of social engineering and a browser vulnerability , basically designed to trick Facebook users' into providing access to their account. Once an attacker or scammer gets access to users' Facebook account, they can even post and comment on things on users' behalf.