Business-oriented social platform vulnerable to hackers: Report
News

Business-oriented social platform vulnerable to hackers: Report

Views: 322

cyber-crimeSocial platforms are a big target for hackers. A business-oriented social platform that gives details of millions of business men and women, along with their titles, colleagues, career information and more, could be extremely vulnerable to hackers, says a blogpost by Kaspersky Lab.

According to the blogpost, it is not difficult to target a user, and exploiting that information is just a single comment away. Injecting a malicious comment into a user’s post thread will automatically launch a notification to his email account, regardless of the email provider or connection hierarchy between the victim and the attacker.

“Although it seems that the application server had escaped the dangerous characters, the payload is only escaped from the main application.”

In the worst case scenario, if an email provider fails to properly escape the content of an incoming email, the attacker can leverage the issue to execute a malicious JavaScript injection attack, also known as Stored XSS.

Another scenario might involve using an associated HTML form to collect information about the victim or redirect the victim to a site where a malicious executable can be downloaded.

Last year, security researchers from Kaspersky Lab warned LinkedIn, the world’s largest business-oriented social network, about a security issue that could pose a major threat to its 360+ million users. Because LinkedIn attracts so many people in the business community, a security flaw could help attackers to efficiently execute spear phishing campaigns, steal credentials and potentially gain remote control over selected victims without needing to resort to social engineering.

Linkedin engaged to remediate the threat and had since issued a fix to the vulnerable platform. “While certain HTML content should be restricted and we have issued a fix and thanked Kaspersky researchers; the likelihood of exploit on popular modern email platforms is unlikely.” says David Cintz, Senior Technical Program Manager at Linkedin security ecosystem.

Some tips to prevent yourself from becoming a victim:

* Use an advanced Internet Security solution to filter out dangerous redirections to servers that contain malware, phishing and more. If a solution is already installed, keep it updated at all times.

* Opening an attachment or following a link in an email – even from a known party – might contain malicious content. Be very wary before making the decision to open it.

* Do not register to social platforms with your corporate email account.

Get a chance to meet who's who of Transport ecosystem in India including key policymakers from Central and State Governments. Join us at National Summit on ‘Strategy for Ports, Highways Infrastructure and Logistics Efficiency , New Delhi on Aug 13, 2018 to explore business opportunities. Like and connect with us on Facebook, Linkedin and Twitter.
Click to comment

Leave a Reply

Your email address will not be published.

Latest News

To Top