Cyber security news for all

More

    Vodafone experiences a vulnerability with fatal effects

    The injected JavaScript can access the session cookies from Vodafone website and send them to a server. An attacker can take over the session of the logged in Vodafone customer.

    Hackers Could Execute The Code Of The Website

    This is extremely dangerous because the browser executes the code of the vulnerable website and thus gives it access to all of the website’s resources. The code can manipulate the website in any way and can eavesdrop on keystrokes. A keylogger would be conceivable that spies on Vodafone customers when they enter their password. It is also possible to exploit security gaps in browsers and to spread malware. Often, these attacks target the victims session cookies: the code can use the document to retrieve all cookies that the browser has stored for the vulnerable website.

    Vodafone

    In the case of Vodafone, it would most likely have been possible to view data and invoices and even set up call diversion. This is a common method of making quick payments: attackers divert numbers to expensive premium ones and earn money with the connection costs. The victims often only notice the fraud with the next phone bill, which is very high. The customer’s mail are also attached to the Vodafone account, so taking over additional accounts would have been conceivable. To do this, the attacker would only have to trigger the forgot password section on another service that the Vodafone customer uses.

    No security policies were active on the website at the time of going to press. Apparently, the company is optimistic that in future it will reliably appear a code that has been smuggled in from the outside before it is executed. The provider adds that the company does not have any indications of abuse from this closed vulnerability. Why the vulnerability was discovered in this prominent part of the website that was closed several weeks after it became known remains unclear.

    Recent Articles

    Cyber threats become more dangerous to secure the digitization

    The pandemic has provided a boost to digital world. But now it is important to secure it. Examples of developments in the pandemic are...

    Sopra Steria was encrypted with Ryuk ransomware

    Last week, there was a successful ransomware on the servers of the French provider Sopra Steria. In an extremely brief statement, the company only...

    Emotet takes unusual approaches and loads new malware

    Even those who are not concerned with the security have mostly heard of Emotet. The malware has been up to mischief for several years,...

    Cyber criminals could exploit the Oracle network

    The software manufacturer Oracle network only holds its updates every three months. Oracle speaks of security gaps - Due to the extensive product range...

    Unauthorized access at Scalable Capital

    There has apparently been unauthorized access to individual data at Scalable Capital. The company informed its customers about the incident by mail yesterday, referring...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox