Security News > 2021 > August > India's Koo, a Twitter-like Service, Found Vulnerable to Critical Worm Attacks
Koo, India's homegrown Twitter clone, recently patched a serious security vulnerability that could have been exploited to execute arbitrary JavaScript code against hundreds of thousands of its users, spreading the attack across the platform.
The vulnerability involves a stored cross-site scripting flaw in Koo's web application that allows malicious scripts to be embedded directly into the affected web application.
To carry out the attack, all a malicious actor had to do was log into the service via the web application and post an XSS-encoded payload to its timeline, which automatically gets executed on behalf of all users who saw the post.
The issue was discovered by security researcher Rahul Kankrale in July, following which a fix was rolled out by Koo on July 3.
The end result of this vulnerability in Koo, also known as XSS worm, is more worrisome because it automatically propagates malicious code among a website's visitors to infect other users-without any user interaction, like a chain reaction.
Koo, which launched in November 2019, bills itself as an Indian alternative to Twitter and boasts of 6 million active users on its platform.
News URL
Related news
- US sanctions APT31 hackers behind critical infrastructure attacks (source)
- Cyber attacks on critical infrastructure show advanced tactics and new capabilities (source)
- Critical RCE bug in 92,000 D-Link NAS devices now exploited in attacks (source)
- Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks (source)
- Critical Rust flaw enables Windows command injection attacks (source)
- Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks (source)
- Zero-Day Alert: Critical Palo Alto Networks PAN-OS Flaw Under Active Attack (source)
- Critical Update: CrushFTP Zero-Day Flaw Exploited in Targeted Attacks (source)
- Palo Alto Networks Discloses More Details on Critical PAN-OS Flaw Under Attack (source)
- Palo Alto Networks Outlines Remediation for Critical PAN-OS Flaw Under Attack (source)