Security News

Mildly Interesting Security Stuff: Magento Bug Bounty 1 2: CSRF to code execution and Post-auth RCE via object injection (Reddit)
2015-08-18 13:09

Predictable CSRF tokens in Hak5 WiFi Pineapple firmware lt; 2.3.0 (CVE-2015-4624) (Reddit)
2015-08-14 13:08

TotoLink Routers Plagued By XSS, CSRF, RCE Bugs (Threatpost)
2015-07-16 16:53

A slew of routers manufactured in China are fraught with vulnerabilities, some which have existed in products for as long as six years.

XZERES Fixes CSRF Vulnerability in Small Wind Turbine (SecurityWeek)
2015-06-08 17:11

Researcher Finds CSRF Bug in Wind Turbine Software (Threatpost)
2015-06-08 14:45

Wind turbines have been popping up across the United States in great numbers of late, and many of them are connected to the Internet. That, of course, means that these turbines are going to be...

Exploit Kit Using CSRF to Redirect SOHO Router DNS Settings (Threatpost)
2015-05-26 15:05

French researcher Kafeine has found an exploit kit delivering cross-site request forgery attacks that focus on SOHO routers and changing DNS settings to redirect to malicious sites.

Protect ASP.NET Applications Against CSRF Attacks -- Visual Studio Magazine (Reddit)
2015-05-14 08:10

XSS, CSRF Vulnerabilities identitified in WSO2 Identity Server (Threatpost)
2015-05-13 18:45

A handful of vulnerabilities have been identified in WSO2 Identity Server that could lead to takeover, firewall bypass, and potentially open subsequent internal servers up to further attacks.

Protecting ASP.NET Applications Against CSRF Attacks (Reddit)
2015-04-10 07:55

CSRF Token Protection Bypass Methods (Reddit)
2015-03-01 02:19