Daniel Norton · @daniel
97 followers · 587 posts · Server mastodon.danielnorton.comCongrats to the University of Pennsylvania for the greatest number of hacked Google hits via website open redirect.
e.g. https://www.google.com/search?q=site%3Awww.workday.upenn.edu+%22untitled%22
You can put any URL after "http://www.workday.upenn.edu/" and it will redirect there.
See https://cwe.mitre.org/data/definitions/601.html
#cybersecurity #security #privacy #CWE #CWE601 #OpenRedirect #WebSecurity #CrossSiteRedirect #CrossDomainRedirect #UniversityOfPennsylvania
#cybersecurity #security #privacy #cwe #cwe601 #openredirect #websecurity #crosssiteredirect #crossdomainredirect #universityofpennsylvania
tiburoncito · @tiburoncito
28 followers · 351 posts · Server mastodon.social1/ Intersection of #Disinformation and #InfoSec
"The links had another feature that experts said appeared designed to make search engines give prominence to the fake news outlets. They were crafted to piggyback on the URLs of legitimate websites, including those of Stanford University, NASA and the Federal Highway Administration. That was possible because of a security flaw within the websites of the reputable institutions that allows..."
https://www.washingtonpost.com/investigations/interactive/2023/eliminalia-fake-news-misinformation/
#disinformation #infosec #openredirect #openredirects
Patryk Krawaczyński · @agresor
42 followers · 132 posts · Server infosec.exchangeApache 2.4 - o jeden slash od otwartego przekierowania ( https://nfsec.pl/security/6012 ) #apache #httpd #linux #openredirect #phishing #security #twittermigration
#apache #httpd #linux #openredirect #phishing #security #twittermigration
Gonçalo Ribeiro · @goncalor
106 followers · 211 posts · Server infosec.exchangeIt seems #Tiktok has an open redirect being actively abused by attackers.
hxxps://www.tiktok.com/link/v2?aid=1988&lang=fr-FR&scene=bio_url&target=hxxps://berkaodelrortraxion.blogspot.com/
#tiktok #openredirect #phishing #fraud
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
Facebook, News and XSS Underpin Complex Browser Locker Attack - A sophisticated “browser locker” campaign is spreading via Facebook, ultimately pushing a tech-sup... https://threatpost.com/facebook-xss-browser-locker/160465/ #crosssitescripting #vulnerabilities #techsupportscam #browserlocker #malwarebytes #openredirect #redirections #websecurity #securitybug #facebook #grupoppe #newssite #peru #xss
#xss #peru #newssite #grupoppe #facebook #securitybug #websecurity #redirections #openredirect #malwarebytes #browserlocker #techsupportscam #vulnerabilities #crosssitescripting