Hijack
-
Blog
New DoubleClickjacking attack exploits double-clicks to hijack accounts
A new variation of clickjacking attacks called “DoubleClickjacking” lets attackers trick users into authorizing sensitive actions using double-clicks while bypassing existing protections against these types of attacks. Clickjacking, also known as UI redressing, is when threat actors create malicious web pages that trick visitors into clicking on hidden or disguised webpage elements. The attacks work by overlaying a legitimate webpage in…
Read More » -
Blog
Palo Alto Networks warns of firewall hijack bugs with public exploit
Palo Alto Networks warned customers today to patch security vulnerabilities (with public exploit code) that can be chained to let attackers hijack PAN-OS firewalls. The flaws were found in Palo Alto Networks’ Expedition solution, which helps migrate configurations from other Checkpoint, Cisco, or supported vendors. They can be exploited to access sensitive data, such as user credentials, that can help…
Read More » -
Blog
New Revival Hijack technique leaves 22,000 PyPi projects vulnerable to attacks
Up to 22,000 PyPI packages may be at risk of being hijacked in a newly-developed supply chain attack technique, research reveals. Security researchers at devops specialist JFrog published a blog warning developers about a new attack technique that leverages the ability to re-register popular packages once the original owner removes them from PyPI’s index. Dubbed ‘Revival Hijack’, the technique builds…
Read More »