24th March 2017 By Catalin Cimpanu
Security researcher Dylan Ayrey detailed last week a new web-based attack named XSSJacking that combines three other techniques — Clickjacking, Pastejacking, and Self-XSS — to steal data from careless users.
Ayrey says XSSJacking can help attackers reach sensitive information for which they would normally need a more complex security flaw, such as a stored XSS (Cross-Site Scripting) or CSRF (Cross-Site Request Forgery), issues which most websites tend to fix when reported.
The attack is not fully-automated, as it still relies on social engineering, a reason why many of today’s security bug bounty programs won’t even consider it as a security flaw, Ayrey told Bleeping Computer in an email.
Full Article
Take a look at the best antivirus, anti-malware, anti-spy, etc. software
Powered by WPeMatico