Tag Archives: Cross-site request forgery

Moxa Won’t Patch Publicly Disclosed Flaws Until August

A number of publicly disclosed vulnerabilities in Moxa networking gear won’t be patched until August, if at all, according to ICS-CERT.

Microsoft Pays $13,000 to Hacker for Finding Authentication Flaw

A security researcher has won $13,000 bounty from Microsoft for finding a critical flaw in its main authentication system that could allow hackers to gain access to a user’s Outlook, Azure and Office accounts.

The vulnerability has been uncovered by UK-based security consultant Jack Whitton and is similar to Microsoft’s OAuth CSRF (Cross-Site Request Forgery) in Live.com discovered by

Exploit Kit Using CSRF to Redirect SOHO Router DNS Settings

French researcher Kafeine has found an exploit kit delivering cross-site request forgery attacks that focus on SOHO routers and changing DNS settings to redirect to malicious sites.