Mail.ru: Flash XSS on img.mail.ru

Vulnerable Flash File: http://img.mail.ru/r/video2/playerv2.swf Steps: + Open http://img.mail.ru/r/video2/playerv2.swf?metadataUrl=http://videoapi.my.mail.ru/videos//community/mir/groupvideo/921.json&redirectUrl=%22;alertdocument.domain;catche// + Click on social share and click on anything eg...

Facebook User Error Behind Porn, Mutilation Spam

A campaign of explicit spam on Facebook this week has been linked to a relatively obscure exploit method known as self-inflicted JavaScript injection and not malicious code running on Facebook’s massive network, an independent analysis has shown. The campaign, in which violent and pornographic...

Shocking Winehouse Death Videos Linked to Scams

Scammers wasted little time generating campaigns to exploit the untimely death of troubled pop-diva, Amy Winehouse. Anti malware experts have identified at least five separate scams attempting to exploit the event, promising videos of Winehouse shortly before her death.The scams include Facebook...

Facebook Like-Jacking Going Multi-Lingual

Facebook like-jacking scams are popping up in a wider variety of languages, according to research by Kaspersky Lab. Kaspersky Lab Expert Christian Funk writes on the Securelist blog that Like-jacking scams will expand from an English-only phenomenon, becoming a nuisance to speakers of all the...

Facebook 'Like-jacking' Scams Expand

Facebook attacks that force users to unwittingly endorse scam pages keep spreading, researchers say. Attacks have now circulated that cause users to recommend pages promising naked pictures of alternative rock diva Hayley Williams or the phone number of heart-throb singer Justin Bieber. Read the...