From XSSed, more eBay cross site scripting problems:
eBay is again XSSed! Scammers can take advantage of these new critical cross-site scripting issues. They can inject JavaScript code to redirect users to eBay phishing scam pages and to display fake auctions. Victims who click on what appears to be a genuine eBay search results link, are also vulnerable to malware infection. [From New XSS flaws within eBay sites | News | XSSed.com]
Also, a zero day attack in Flash, from Search Security:
The widely used Adobe Flash Player has a zero day flaw that is being targeted by a number of attackers who set up more than 200,000 Web pages to exploit the flaw. The current malware attack has been traced back to Chinese blackhats, who are using a zero day to infect users with password stealers. Dancho Danchev, security researcher The unspecified remote code-execution vulnerability could be exploited to cause denial of service conditions, according to Symantec, which reported the flaw on Monday. [From Adobe zero day flaw being actively exploited in wild]
Leave a comment