Technology

This bug could have allowed malicious users to send requests with CSRF tokens to arbitrary endpoints on Facebook which could lead to takeover of victim’s accounts. In order for this attack to be effective, an attacker would have to trick the target into clicking on a link. Demonstration This is possible because of a vulnerable endpoint which takes another given Facebook endpoint selected by the attacker along with the parameters and make a POST request to that endpoint after adding the fb_dtsg parameter. Also this endpoint is located under the main domain  www.facebook.com  which makes it easier for the attacker to trick his victims to visit the URL. The vulnerable endpoint is: https://www.facebook.com/comet/dialog_DONOTUSE/?url=XXXX where XXXX is the endpoint with parameters where the POST request is going to be made (the CSRF token fb_dtsg is added automatically to the request body). This allowed me to make many actions if the victim visits this URLs. Some ...

Cyber resilience isn’t something you can buy. It’s not as simple as finding off-the-shelf tools to plug into your organisation. Rather, you must tailor your approach to your needs, assessing the way any one solution affects the whole. That may sound daunting, but when cyber resilience is done right, your cyber security and incident response strategy will seem straightforward. You’ll have a clear understanding of what each control does, how it fits into your organisation and why it’s worth the cost of investment. What is cyber resilience? Cyber resilience is the ability to prepare for, respond to and recover from cyber attacks. It helps organisations protect themselves from cyber risks, defend against and limit the severity of attacks, and ensure that business operations continue to function. Getting the most out of cyber resilience Most organisations have some set of processes that resembles cyber resilience, even if they don’t call it that. A cyber security strategy alo...