Anti-virus vendor trio plug website flaws

White-hat hackers have uncovered vulnerabilities on the websites of anti-virus firms that created a phishing risk.

Cross-site scripting (XSS) bugs of varying severity were found on the websites of Symantec, Eset and Panda Security by Team Elite, the white-hat hackers who discovered the flaws. We notified all three firms of the issue and all three responded by plugging the flaws in good time.

Coding errors that give rise to cross-site scripting flaws are endemic in web development. This class of vulnerability might, for example, allow a hacker to present content from third-party sites (pop-ups, malicious scripts etc.) as if it came from a site a surfer was trying to visit and that site alone. As such these flaws are very handy for phishing attacks that attempt to trick the unwary into handing over their credentials to untrusted sites.

A XSS flaw on Twitter's website was exploited by the infamous onMouseover worm last month, a point security firms were jumping over themselves to comment on. The XSS flaws on anti-virus firms websites were not exploited and no harm was done.

Read more -here-

• Google, Meta, Apple receive FCC approval to tap into airwaves for VR and AR
• State-sponsored hackers are leveraging WinRAR bug
• Amazon launches drug delivery by drone
• Unpatched Zero-Day being exploited in the wild, Cisco warns
• Apple plans to update iPhones in-store without opening the boxes
• Microsoft just bought Activision Blizzard for $69 billion