Dark Reading

SSRF 101: How Server-Side Request Forgery Sneaks Past Your Web Apps

When it's time to talk attacks, it's hard to get more evil than a technique that uses victims' own systems against them. Server-side request forgery (SSRF) is one of those evil attacks, and it's one ...
CSOonline

SSRF attacks explained and how to defend against them

Server-side request forgery (SSRF) attacks consist of an attacker tricking the server into making an unauthorized request. The name itself implies that a request that should have otherwise been made ...
Wired

How Apple Pay Buttons Can Make Websites Less Safe

Apple Pay has a slew of protective features that make it a secure method of online credit card transactions. And since 2016, third-party merchants and services have been able to embed Apple Pay into ...
Hosted on MSN

Researcher uncovers a critical SSRF vulnerability in ChatGPT’s Custom GPT

OpenAI’s large language model ChatGPT fixed a security flaw found earlier this week by a researcher within the “Actions” feature of Custom GPTs. Attackers could have exploited a Server-Side Request ...
WeLiveSecurity

IIStealer: A server-side threat to e-commerce transactions

ESET researchers have discovered and analyzed a previously undocumented trojan that steals payment information from e-commerce websites' customers. The trojan, which we named IIStealer, is detected by ...
SiliconANGLE

Jira Server-Side vulnerability exposes user data on cloud-based hosting

Security firm Palo Alto Networks Inc. has uncovered a serious Server-Side vulnerability in Atlassian Corp. PLC’s Jira issue tracking product that exposes data stored using the product. The Server-Side ...
WeLiveSecurity

IISpy: A complex server-side backdoor with anti-forensic features

ESET researchers have discovered and analyzed a previously undocumented backdoor, implemented as an extension for Internet Information Services (IIS), Microsoft’s web server software. The backdoor, ...