Data Protection Report

NOVEMBER 29, 2023

Notably, the draft regulations specify that a notification or tool regarding cookies would not by itself be an acceptable method for submitting opt-out requests of the business’s use of automated decision-making technology.

Access 64

Access Privacy Personal data Authentication 64

Security Affairs

JUNE 13, 2019

The vulnerability discovered by the experts in the Evernote extension allows an attacker to inject a malicious payload into all iframe contexts and steal credentials, cookies, and other data. Researchers published a video PoC of the attacks that shows how hackers can steal a user’s Facebook information and data on PayPal transactions.

Security 65

Security Access IT Information Security 65

Security Affairs

APRIL 8, 2021

When viewing what was posted by a user in the server response, contents of the processed result is placed in a script tag with the type MathJax/TeX to be rendered on the client’s browser. In our report, we decided that the “hacker” account would be a student account, but it could be any other account type (teacher or manager).

Passwords 116

Passwords Communications Access Education 116

Security Affairs

JUNE 23, 2019

“With this in mind I tried inserting a script tag instead of an iframe into an email. In Outlook on the Android, the iframe JavaScript had full access to cookies, tokens and even some emails. . But if an attacker could gain the ability to run JavaScript in an email, there could be a much more dangerous attack vector.”

Mining 64

Mining Access Authentication Security 64

Troy Hunt

NOVEMBER 14, 2017

The objective of this particular exercise is for the participants to steal the victim's auth cookie by constructing an XSS attack within the query string parameter. No external videos embedded from YouTube, no JavaScript libraries off your favourite CDN and no analytics or tracking from Google. Also, no script blocks.

Analytics 87

Analytics Libraries IT Risk 87

Troy Hunt

FEBRUARY 11, 2018

This tag was in the source code over at secure.donaldjtrump.com/donate-homepage yet it was pulling script directly off Igor Escobar's GitHub repository for the project. Modify the DOM, redirect the user, load in external content, challenge visitors to install software, add a key logger and grab any non- HTTP only cookies. Until now.

Libraries 97

Libraries Risk Government IT 97

ARMA International

SEPTEMBER 13, 2021

Techopedia (2021) defines a CSP as “a software environment where users can collaborate as well as create and work on different types of content such as text, audio and video pieces. This includes the digital content previously mentioned, but with a greater emphasis on multimedia, such as podcasts, video, digital images, and movies.

Digital transformation 59

Digital transformation Blockchain IT Computer and Electronics 59