A group of white-hat hackers has discovered various XSS vulnerabilities on websites belonging to three well-known security companies, and have reported it to the firms themselves so that they can fix them them as soon as possible.
"XSS vulnerability is a high level vulnerability which could allow an attacker to steal sensitive data such as login information and other credentials," said one of the members of white-hat Team Elite to The Register. "I've noticed that all three security vendors have fixed the bugs on their websites, which is very positive."
The three security firms in question are Symantec, Eset and Panda Security, and as the group points out, these XSS flaws could easily allow attackers to push their own malicious content to visitors or for executing phishing attacks. XSS flaws basically happen because of errors in coding, but one would think that security firms would be especially careful to avoid things like that on their pages.
Fortunately, it seems these particular flaws have not been misused before the patching, but this instance should be a lesson for us all. And that lesson is - always keep your eyes on the ball.
Source
A Guy
My Computer
At a glance
Windows 10 Home x64INTEL Core i5-750 Quad-Core 3.37GHzHyperX Fury Black Series 8GB (2 x 4GB) 1866MhzEVGA GeForce GTX 750 Superclocked 1GB 128-Bit...
- Computer type
- PC/Desktop
- OS
- Windows 10 Home x64
- CPU
- INTEL Core i5-750 Quad-Core 3.37GHz
- Motherboard
- ASUS P7P55D
- Memory
- HyperX Fury Black Series 8GB (2 x 4GB) 1866Mhz
- Graphics Card(s)
- EVGA GeForce GTX 750 Superclocked 1GB 128-Bit GDDR5
- Monitor(s) Displays
- LG 32MA68HY 32" IPS
- Screen Resolution
- 1920 x 1080
- Hard Drives
- Samsung 840 Evo 120GB, SEAGATE 500GB Barracuda® 7200.12, SATA 3 Gb/s, 7200 RPM, 16MB cache
- PSU
- ANTEC TruePower New TP-550, 80 PLUS, 550W
- Case
- ANTEC Three Hundred Illusion
- Cooling
- COOLER MASTER Hyper 212 Plus, 4 x 120mm 1 x 140mm Noctua's
- Internet Speed
- 85 + Mbps
- Antivirus
- Avast
- Browser
- Vivaldi