WHO COVID-19 Mobile App: Probably unexploitable XSS via Header Injection

Summary: The Who-Platform header is reflected in the output of the page if it's not one of the recognized Who-Platform values IOS, ANDROID, WEB. While this is probably no longer exploitable as of 2015, it may be exploitable on less well implemented browsers not Chrome/Firefox/Edge. In general,...

Malware in Ad-Based Images Targets Mac Users

A massive adware campaign has so far impacted up to a million Mac users, using a tricky steganography technique to hide malware in image files. Researchers at Confiant and Malwarebytes said the attacks have been running since Jan. 11, using ads on the web and steganography to spread; steganograph...