Google-owned social network sees 400,000 users hit by XSS attack

By
Follow google news

Attack on Orkut required no user interaction.

The Brazilian social network Orkut has been hit by a cross-site scripting (XSS) vulnerability that affected around 400,000 users.

Kaspersky Lab's Fabio Assolini said that the Google-owned website, used by 26 million Brazilians, was hit by an attack that requires no user interaction to be compromised.

He said: “You simply need to log into your profile and go visit a friend's profile. If you have a small picture of the Brazilian flag in your scraps section and so does your friend, you will be infected. When infected, this message calls an external JavaScript file and runs it.

“Everyone who is infected with this script is being added silently to a community called ‘Infected by the Virus of Orkut', which registers all of the users compromised by this new vulnerability.”

The description of the community translates as ‘You arrived here by a serious security vulnerability in Orkut. This vulnerability has already reported to Google and must be fixed soon. This community only has the intention of forcing a quicker fix'.

An update said that after more than 400,000 users were affected, Google fixed the XSS flaw.

See original article on scmagazineus.com


Add iTnews as your trusted source

Add iTnews As Your Trusted Source Add iTnews As Your Trusted Source
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
000byhitnetworkorkutsecurityseessocialusersvulnerabilityxss

Sponsored Whitepapers

5 reasons to adopt a mobile first security strategy
5 reasons to adopt a mobile first security strategy
Uncomplicate IT Service Delivery with AI Agents
Uncomplicate IT Service Delivery with AI Agents
Getting ahead of the tech: what’s next for Australian organisations in digital transformation
Getting ahead of the tech: what’s next for Australian organisations in digital transformation
Fintech compliance made fast and secure
Fintech compliance made fast and secure
How to evaluate SIEM solutions Safeguarding your future Get a demo Download guide
How to evaluate SIEM solutions Safeguarding your future Get a demo Download guide

Events

Most Read Articles

Poor WA gov M365 security led to $71k theft and children's data breached

Poor WA gov M365 security led to $71k theft and children's data breached
US medical device maker Stryker's Microsoft environment attacked

US medical device maker Stryker's Microsoft environment attacked
CBA chief impersonated in global investment fraud on Facebook

CBA chief impersonated in global investment fraud on Facebook
Services Australia describes fraud, debt-related machine learning use cases

Services Australia describes fraud, debt-related machine learning use cases
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio

Log In

  |  Forgot your password?