Malware, Network Security, Threat Management, Vulnerability Management

Facebook seals shut CSRF vulnerability

May 18, 2010

Facebook has plugged a cross-site request forgery (CSRF) vulnerability that could have allowed attackers to alter privacy settings and deface profiles on the behalf of unwitting users, according to a security advisory released Monday by network security firm Alert Logic. The "critical" bug could had been exploited by bypassing Facebook's anti-CSRF controls and tricking a logged-in user to click on a malicious link. The vulnerability, discovered by M.J. Keith, senior security analyst at Alert Logic, was reported to Facebook on May 11 and patched Monday. The flaw appears to never have been publicly known. — DK

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Dan Kaplan

Related

Researchers warn that tools using the BatCloak component are becoming increasingly popular with adversaries, making the already difficult task of detecting BAT files harder. (Image credit: Vector illustration via Getty Images)

Newly emergent OBSCURE#BAT malware campaign uncovered

SC StaffMarch 14, 2025

Attackers behind the OBSCURE#BAT use fake CAPTCHAs in typosquatted domains and spoofed software.

Researchers use jailbreak to build functional malware via DeepSeek

Steve ZurierMarch 13, 2025

Tenable researchers jailbreak DeepSeek to build a keylogger and ransomware.

Chinese cyber threat

Threat Intelligence

Old Juniper routers targeted by Chinese hackers to deploy various payloads

SC StaffMarch 13, 2025

UNC3886 targeted the outdated Juniper routers to deploy the Medusa and Reptile rootkits.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Related Terms

ACK Piggybacking Bastion Host Border Gateway Protocol (BGP)Bug Business Email Compromise (BEC)Domain Name Domain Name System (DNS)Drive-by Download DumpSec Dynamic Routing Protocol