#clickjacking — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #clickjacking, aggregated by home.social.
-
Google is stealing the whole Internet.
I looked up Project Gutenberg on Google. Clicked on the link. Used the search box to find a book. Used Share to copy the link. And that link...was a Google copy. Here it is, slightly munged because I don't want to give Google the clicks:
A Shropshire Lad by A. E. Housman | Project Gutenberg https: //share.google/A0nO7OWm4c2uVLgD2
Now mind you, I didn't take this directly FROM Google. I clicked on the Project Gutenberg link from Google, yes. But then I used the search box on Project Gutenberg itself. So this was two clicks in. Nonetheless Google hijacked the link, flat out stole it and replaced it with a "share Google" link.
Google doesn't own Project Gutenberg. Google didn't do any of the work to make the books available on Project Gutenberg. I'm sure Project Gutenberg didn't agree to let Google steal all their links and clicks. Nonetheless, that's what Google is doing.
And I'll be very surprised if they aren't doing that for EVERY OTHER LINK that could be shared from a site that someone finds via Google.
That is barefaced robbery on a global scale.
Who is going to stop them?
By the way, just in case you were wondering: Yes, Project Gutenberg has their own website with their own actual Project Gutenberg links. Here's the link that I was actually •trying• to get:
http://www.gutenberg.org/ebooks/5720
Sneak preview, this is going to be my recommended book of the day. 😜
#Google #Theft #tech #technology #ClickJacking #LinkJacking #AbolishGoogle #GoogleSucks
-
Google is stealing the whole Internet.
I looked up Project Gutenberg on Google. Clicked on the link. Used the search box to find a book. Used Share to copy the link. And that link...was a Google copy. Here it is, slightly munged because I don't want to give Google the clicks:
A Shropshire Lad by A. E. Housman | Project Gutenberg https: //share.google/A0nO7OWm4c2uVLgD2
Now mind you, I didn't take this directly FROM Google. I clicked on the Project Gutenberg link from Google, yes. But then I used the search box on Project Gutenberg itself. So this was two clicks in. Nonetheless Google hijacked the link, flat out stole it and replaced it with a "share Google" link.
Google doesn't own Project Gutenberg. Google didn't do any of the work to make the books available on Project Gutenberg. I'm sure Project Gutenberg didn't agree to let Google steal all their links and clicks. Nonetheless, that's what Google is doing.
And I'll be very surprised if they aren't doing that for EVERY OTHER LINK that could be shared from a site that someone finds via Google.
That is barefaced robbery on a global scale.
Who is going to stop them?
By the way, just in case you were wondering: Yes, Project Gutenberg has their own website with their own actual Project Gutenberg links. Here's the link that I was actually •trying• to get:
http://www.gutenberg.org/ebooks/5720
Sneak preview, this is going to be my recommended book of the day. 😜
#Google #Theft #tech #technology #ClickJacking #LinkJacking #AbolishGoogle #GoogleSucks
-
Google is stealing the whole Internet.
I looked up Project Gutenberg on Google. Clicked on the link. Used the search box to find a book. Used Share to copy the link. And that link...was a Google copy. Here it is, slightly munged because I don't want to give Google the clicks:
A Shropshire Lad by A. E. Housman | Project Gutenberg https: //share.google/A0nO7OWm4c2uVLgD2
Now mind you, I didn't take this directly FROM Google. I clicked on the Project Gutenberg link from Google, yes. But then I used the search box on Project Gutenberg itself. So this was two clicks in. Nonetheless Google hijacked the link, flat out stole it and replaced it with a "share Google" link.
Google doesn't own Project Gutenberg. Google didn't do any of the work to make the books available on Project Gutenberg. I'm sure Project Gutenberg didn't agree to let Google steal all their links and clicks. Nonetheless, that's what Google is doing.
And I'll be very surprised if they aren't doing that for EVERY OTHER LINK that could be shared from a site that someone finds via Google.
That is barefaced robbery on a global scale.
Who is going to stop them?
By the way, just in case you were wondering: Yes, Project Gutenberg has their own website with their own actual Project Gutenberg links. Here's the link that I was actually •trying• to get:
http://www.gutenberg.org/ebooks/5720
Sneak preview, this is going to be my recommended book of the day. 😜
#Google #Theft #tech #technology #ClickJacking #LinkJacking #AbolishGoogle #GoogleSucks
-
Google is stealing the whole Internet.
I looked up Project Gutenberg on Google. Clicked on the link. Used the search box to find a book. Used Share to copy the link. And that link...was a Google copy. Here it is, slightly munged because I don't want to give Google the clicks:
A Shropshire Lad by A. E. Housman | Project Gutenberg https: //share.google/A0nO7OWm4c2uVLgD2
Now mind you, I didn't take this directly FROM Google. I clicked on the Project Gutenberg link from Google, yes. But then I used the search box on Project Gutenberg itself. So this was two clicks in. Nonetheless Google hijacked the link, flat out stole it and replaced it with a "share Google" link.
Google doesn't own Project Gutenberg. Google didn't do any of the work to make the books available on Project Gutenberg. I'm sure Project Gutenberg didn't agree to let Google steal all their links and clicks. Nonetheless, that's what Google is doing.
And I'll be very surprised if they aren't doing that for EVERY OTHER LINK that could be shared from a site that someone finds via Google.
That is barefaced robbery on a global scale.
Who is going to stop them?
By the way, just in case you were wondering: Yes, Project Gutenberg has their own website with their own actual Project Gutenberg links. Here's the link that I was actually •trying• to get:
http://www.gutenberg.org/ebooks/5720
Sneak preview, this is going to be my recommended book of the day. 😜
#Google #Theft #tech #technology #ClickJacking #LinkJacking #AbolishGoogle #GoogleSucks
-
[Перевод] SVG-фильтры как язык атак: кликджекинг нового поколения
Команда JavaScript for Devs подготовила перевод исследования о новой технике кликджекинга, которая использует SVG-фильтры как полноценную среду выполнения логики. Автор показывает, как с их помощью читать пиксели, строить логические схемы, реализовывать многошаговые атаки и даже эксфильтрировать данные через QR-коды — включая реальный кейс атаки на Google Docs.
https://habr.com/ru/articles/986358/
#svg #clickjacking #qrкоды #безопасность_браузеров #эксфильтрация #логические_схемы
-
[Перевод] SVG-фильтры как язык атак: кликджекинг нового поколения
Команда JavaScript for Devs подготовила перевод исследования о новой технике кликджекинга, которая использует SVG-фильтры как полноценную среду выполнения логики. Автор показывает, как с их помощью читать пиксели, строить логические схемы, реализовывать многошаговые атаки и даже эксфильтрировать данные через QR-коды — включая реальный кейс атаки на Google Docs.
https://habr.com/ru/articles/986358/
#svg #clickjacking #qrкоды #безопасность_браузеров #эксфильтрация #логические_схемы
-
[Перевод] SVG-фильтры как язык атак: кликджекинг нового поколения
Команда JavaScript for Devs подготовила перевод исследования о новой технике кликджекинга, которая использует SVG-фильтры как полноценную среду выполнения логики. Автор показывает, как с их помощью читать пиксели, строить логические схемы, реализовывать многошаговые атаки и даже эксфильтрировать данные через QR-коды — включая реальный кейс атаки на Google Docs.
https://habr.com/ru/articles/986358/
#svg #clickjacking #qrкоды #безопасность_браузеров #эксфильтрация #логические_схемы
-
[Перевод] SVG-фильтры как язык атак: кликджекинг нового поколения
Команда JavaScript for Devs подготовила перевод исследования о новой технике кликджекинга, которая использует SVG-фильтры как полноценную среду выполнения логики. Автор показывает, как с их помощью читать пиксели, строить логические схемы, реализовывать многошаговые атаки и даже эксфильтрировать данные через QR-коды — включая реальный кейс атаки на Google Docs.
https://habr.com/ru/articles/986358/
#svg #clickjacking #qrкоды #безопасность_браузеров #эксфильтрация #логические_схемы
-
#Development #Discoveries
SVG clickjacking attacks · A novel and powerful twist on an old classic https://ilo.im/168wsj_____
#Attacks #SVG #Clickjacking #Captcha #QrCode #Vulnerability #Security #Browser #WebDev #Frontend -
🕵️♂️🎨 "SVG Clickjacking" 🎨🕵️♂️: Because apparently, the world was just DYING for more ways to trick clueless users into unwittingly handing over their #data. 🤷♂️🤦♀️ Who knew #infosec was all about turning "harmless" #design elements into sinister traps? 🕸️🔒
https://lyra.horse/blog/2025/12/svg-clickjacking/ #SVG #Clickjacking #security #privacy #HackerNews #ngated -
Trick users and bypass warnings – Modern SVG Clickjacking attacks
https://lyra.horse/blog/2025/12/svg-clickjacking/
#HackerNews #SVG #Clickjacking #Clickjacking #Cybersecurity #WebSecurity #ModernThreats
-
Tıklayan ne var ne yok kaybediyor! İşte, banka hesabını boşaltan taktik...: Siber güvenlik alanı, “DoubleClickjacking” adı verilen yeni bir hacker yöntemiyle karşı karşıya. Bu teknik, kullanıcıların farkında olmadan kritik işlemleri onaylamalarını sağlamak üzere tasarlanmış karmaşık bir tuzak. Özellikle banka havalesi yapmak veya kişisel verilere erişim sağlamak gibi… https://www.eshahaber.com.tr/haber/tiklayan-ne-var-ne-yok-kaybediyor-iste-banka-hesabini-bosaltan-taktik...-260312.html?utm_source=dlvr.it&utm_medium=mastodon EshaHaber.com.tr #SiberGüvenlik #DoubleClickjacking #Clickjacking #HackerTaktikleri #BankaHesabı
-
Tıklayan ne var ne yok kaybediyor! İşte, banka hesabını boşaltan taktik...: Siber güvenlik alanı, “DoubleClickjacking” adı verilen yeni bir hacker yöntemiyle karşı karşıya. Bu teknik, kullanıcıların farkında olmadan kritik işlemleri onaylamalarını sağlamak üzere tasarlanmış karmaşık bir tuzak. Özellikle banka havalesi yapmak veya kişisel verilere erişim sağlamak gibi… https://www.eshahaber.com.tr/haber/tiklayan-ne-var-ne-yok-kaybediyor-iste-banka-hesabini-bosaltan-taktik...-260312.html?utm_source=dlvr.it&utm_medium=mastodon EshaHaber.com.tr #SiberGüvenlik #DoubleClickjacking #Clickjacking #HackerTaktikleri #BankaHesabı
-
Tıklayan ne var ne yok kaybediyor! İşte, banka hesabını boşaltan taktik...: Siber güvenlik alanı, “DoubleClickjacking” adı verilen yeni bir hacker yöntemiyle karşı karşıya. Bu teknik, kullanıcıların farkında olmadan kritik işlemleri onaylamalarını sağlamak üzere tasarlanmış karmaşık bir tuzak. Özellikle banka havalesi yapmak veya kişisel verilere erişim sağlamak gibi… https://www.eshahaber.com.tr/haber/tiklayan-ne-var-ne-yok-kaybediyor-iste-banka-hesabini-bosaltan-taktik...-260312.html?utm_source=dlvr.it&utm_medium=mastodon EshaHaber.com.tr #SiberGüvenlik #DoubleClickjacking #Clickjacking #HackerTaktikleri #BankaHesabı
-
Пароли не там, где вы их оставили. Как работает DOM Clickjacking
Если честно, менеджеры паролей давно стали для меня чем‑то вроде зубной щётки. Пользуюсь каждый день, но задумываюсь о них только тогда, когда что‑то идёт не так. Обычно всё просто: клик — и нужная форма заполнена. Красота. Но именно эта красота может сыграть злую шутку. Совсем недавно я наткнулся на исследование про DOM Clickjacking, и понял, что даже привычное «автозаполнить» может подставить. В отличие от старого доброго clickjacking с iframe, здесь никто ничего поверх не накладывает. Всё хитрее: страница сама превращается в ловушку. Менеджер паролей видит поле логина и честно вставляет туда пароль. А пользователь (ну то есть мы с вами) жмёт на кнопку и уверен, что всё нормально. На самом деле клик улетает в невидимый элемент, и данные — вместе с ним. Честно говоря, когда я это увидел на демо, стало немного не по себе. Есть три главные причины, почему расширения ведутся на такой обман. Во‑первых, некоторые из них слишком доверчиво вставляют пароль сразу, без всякого подтверждения. Во‑вторых, они проверяют только домен верхнего уровня. А если у сайта есть хитрый поддомен — привет, уязвимость. И в‑третьих, далеко не все разработчики заморачиваются с CSP, поэтому любой внедрённый скрипт может вытворять с DOM что угодно. Проверить страницу самому несложно. Открываете DevTools, смотрите на элементы. Если видите кучу строк с opacity:0 или position:absolute; left:-9999px — повод насторожиться. В Chrome во вкладке Layers это особенно хорошо видно. Для любителей автоматизации есть и короткий скрипт на JavaScript, который подсветит такие штуки.
https://habr.com/ru/articles/941712/
#информационная_безопасность #браузерные_расширения #менеджеры_паролей #dom #clickjacking #двухфакторная_аутентификация #totp #passkeys
-
Новости кибербезопасности за неделю с 18 по 24 августа 2025
Всё самое интересное из мира кибербезопасности /** с моими комментариями. На этой неделе новости про то, как и зачем хакеры сами исправляют уязвимости во взломанных системах, Hyundai делает уязвимое ПО, чтобы потом зарабатывать на патчах, Microsoft по доброте душевной сливал PoC в Китай, но сейчас передумал и другие только самые важные и интересные новости из мира информационной безопасности.
https://habr.com/ru/articles/940494/
#информационная_безопасность #microsoft #clickjacking #hyundai #apache #poc #nmap #apple #ios #уязвимости
-
Bu hile yüzünden cebinizde 1 kuruş dahi kalmayabilir! Son günlerde arttı: Siber güvenlik alanı, “DoubleClickjacking” adı verilen yeni bir hacker yöntemiyle karşı karşıya. Bu teknik, kullanıcıların farkında olmadan kritik işlemleri onaylamalarını sağlamak üzere tasarlanmış karmaşık bir tuzak. Özellikle banka havalesi yapmak veya kişisel verilere erişim sağlamak gibi… https://www.eshahaber.com.tr/haber/bu-hile-yuzunden-cebinizde-1-kurus-dahi-kalmayabilir-son-gunlerde-artti-251670.html?utm_source=dlvr.it&utm_medium=mastodon EshaHaber.com.tr #SiberGüvenlik #DoubleClickjacking #HackerYöntemleri #Clickjacking #KişiselVeriler
-
Bu hile yüzünden cebinizde 1 kuruş dahi kalmayabilir! Son günlerde arttı: Siber güvenlik alanı, “DoubleClickjacking” adı verilen yeni bir hacker yöntemiyle karşı karşıya. Bu teknik, kullanıcıların farkında olmadan kritik işlemleri onaylamalarını sağlamak üzere tasarlanmış karmaşık bir tuzak. Özellikle banka havalesi yapmak veya kişisel verilere erişim sağlamak gibi… https://www.eshahaber.com.tr/haber/bu-hile-yuzunden-cebinizde-1-kurus-dahi-kalmayabilir-son-gunlerde-artti-251670.html?utm_source=dlvr.it&utm_medium=mastodon EshaHaber.com.tr #SiberGüvenlik #DoubleClickjacking #HackerYöntemleri #Clickjacking #KişiselVeriler
-
Bu hile yüzünden cebinizde 1 kuruş dahi kalmayabilir! Son günlerde arttı: Siber güvenlik alanı, “DoubleClickjacking” adı verilen yeni bir hacker yöntemiyle karşı karşıya. Bu teknik, kullanıcıların farkında olmadan kritik işlemleri onaylamalarını sağlamak üzere tasarlanmış karmaşık bir tuzak. Özellikle banka havalesi yapmak veya kişisel verilere erişim sağlamak gibi… https://www.eshahaber.com.tr/haber/bu-hile-yuzunden-cebinizde-1-kurus-dahi-kalmayabilir-son-gunlerde-artti-251670.html?utm_source=dlvr.it&utm_medium=mastodon EshaHaber.com.tr #SiberGüvenlik #DoubleClickjacking #HackerYöntemleri #Clickjacking #KişiselVeriler
-
Clickjack attack steals password managers' secrets
https://www.malwarebytes.com/blog/news/2025/08/clickjack-attack-steals-password-managers-secrets
This is indeed why I prefer manually copying in my credentials.
It is good that some vendors have fixed the issue already, but for the others: get into the game soon!
#passwordmanager #attack #exploit #clickjacking #malwarebytes
-
Passwort-Manager: Datenklau durch Browser-Erweiterungen | heise online https://www.heise.de/news/Passwort-Manager-Browser-Erweiterungen-koennen-Datenklau-ermoeglichen-10569024.html #ClickJacking #Datenschutz #privacy
-
Well #PasswordManagers were not as secure as we all thought.
All Password Managers that use a browser add-on/plugin for auto-fill functionality are susceptible to #ClickJacking security vulnerabilities that could be exploited to steal account credentials.
It works on all of them:
#LastPass
#Bitwarden
#iCloudPasswords
#Enpass
#1Password
#NordPass
#ProtonPass
#Keeper
#Dashlane
& yes even the one I use #KeePassXC
Some have pushed out updates.More info: https://marektoth.com/blog/dom-based-extension-clickjacking/
-
⚠️ Sicherheitsforscher entdeckt Clickjacking-Schwachstelle bei 11 beliebten Passwortmanagern wie 1Password, Bitwarden & LastPass. Ein einziger Klick kann Zugangsdaten, 2FA-Codes & mehr preisgeben. Updates sind wichtig! 🔒🔑 #Cybersecurity #Passwortmanager #Clickjacking https://www.golem.de/news/clickjacking-gaengige-passwortmanager-koennen-zugangsdaten-leaken-2508-199406.html
#newz -
DOM-Based Extension Clickjacking Exposes Millions of Password Manager Users to Credential Theft https://thecyberexpress.com/dom%E2%80%91based-extension-clickjacking/ #TheCyberExpressNews #DOM‑basedextension #Vulnerabilities #TheCyberExpress #FirewallDaily #clickjacking #CyberNews #TOTP
-
DOM-Based Extension Clickjacking Exposes Popular Password Managers to Credential and Data Theft
https://thehackernews.com/2025/08/dom-based-extension-clickjacking.html
-
Yikes, some of the responses by these companies to a vulnerability in their password managers would inspire me to never do business with them. 1Password has two replies:
"As noted in our bug bounty brief: "Clickjacking the autofill action for the personal identification item has also already been reported in previous programs, and will not be reconsidered at this time."
"Nobody is denying that there is the potential for clickjacking. We understand that the presence of XSS vulnerabilities can potentially increase the impact of clickjacking attempts, this is a general security principle that applies universally and is not unique to our application. Our stance is that if a user visits a vulnerable website, that is outside of our control, just like if a user visits a malicious website or has a compromised device."
Bitwarden and some others are working on solutions to this potential problem, instead of happily taking the money of others without trying to patch potentially dangerous vulnerabilities like 1Password.
Even though I don't browse dangerous sites, I have uninstalled the Bitwarden extension and will use the desktop version, as malicious actors can be clever and hijack a legit site due to some weird flaw.
-
This research by Marek Tóth presented at #DEFCON is good. The vulnerability he discusses is real.
However, exploiting it requires the attacker to compromise a website and add phantom workflows to it that the victim doesn't notice as suspicious. Not impossible, but also IMO not likely unless you visit shady websites frequently.
Personally, I do not think the likelihood is high enough to disrupt my existing workflows to protect against the attack.
#clickjacking #infosec
https://marektoth.com/blog/dom-based-extension-clickjacking/ -
Göz açıp kapayıncaya kadar parasız kalabilirsiniz! Pes dedirtecek tuzak: Siber güvenlik alanı, “DoubleClickjacking” adı verilen yeni bir hacker yöntemiyle karşı karşıya. Bu teknik, kullanıcıların farkında olmadan kritik işlemleri onaylamalarını sağlamak üzere tasarlanmış karmaşık bir tuzak. Özellikle banka havalesi yapmak veya kişisel verilere erişim sağlamak gibi tehlikeli amaçlar… https://www.eshahaber.com.tr/haber/goz-acip-kapayincaya-kadar-parasiz-kalabilirsiniz-pes-dedirtecek-tuzak-248947.html?utm_source=dlvr.it&utm_medium=mastodon EshaHaber.com.tr #siber #güvenlik #DoubleClickjacking #clickjacking #online
-
Göz açıp kapayıncaya kadar parasız kalabilirsiniz! Pes dedirtecek tuzak: Siber güvenlik alanı, “DoubleClickjacking” adı verilen yeni bir hacker yöntemiyle karşı karşıya. Bu teknik, kullanıcıların farkında olmadan kritik işlemleri onaylamalarını sağlamak üzere tasarlanmış karmaşık bir tuzak. Özellikle banka havalesi yapmak veya kişisel verilere erişim sağlamak gibi tehlikeli amaçlar… https://www.eshahaber.com.tr/haber/goz-acip-kapayincaya-kadar-parasiz-kalabilirsiniz-pes-dedirtecek-tuzak-248947.html?utm_source=dlvr.it&utm_medium=mastodon EshaHaber.com.tr #siber #güvenlik #DoubleClickjacking #clickjacking #online
-
Göz açıp kapayıncaya kadar parasız kalabilirsiniz! Pes dedirtecek tuzak: Siber güvenlik alanı, “DoubleClickjacking” adı verilen yeni bir hacker yöntemiyle karşı karşıya. Bu teknik, kullanıcıların farkında olmadan kritik işlemleri onaylamalarını sağlamak üzere tasarlanmış karmaşık bir tuzak. Özellikle banka havalesi yapmak veya kişisel verilere erişim sağlamak gibi tehlikeli amaçlar… https://www.eshahaber.com.tr/haber/goz-acip-kapayincaya-kadar-parasiz-kalabilirsiniz-pes-dedirtecek-tuzak-248947.html?utm_source=dlvr.it&utm_medium=mastodon EshaHaber.com.tr #siber #güvenlik #DoubleClickjacking #clickjacking #online
-
Ne olduğunu bile anlamadan parasız kalabilirsiniz! Pes dedirten yeni tuzak: Siber güvenlik alanı, “DoubleClickjacking” adı verilen yeni bir hacker yöntemiyle karşı karşıya. Bu teknik, kullanıcıların farkında olmadan kritik işlemleri onaylamalarını sağlamak üzere tasarlanmış karmaşık bir tuzak. Özellikle banka havalesi yapmak veya kişisel verilere erişim sağlamak gibi tehlikeli amaçlar… https://www.eshahaber.com.tr/haber/ne-oldugunu-bile-anlamadan-parasiz-kalabilirsiniz-pes-dedirten-yeni-tuzak-248455.html?utm_source=dlvr.it&utm_medium=mastodon EshaHaber.com.tr #siber #güvenlik #DoubleClickjacking #clickjacking #saldırı
-
Ne olduğunu bile anlamadan parasız kalabilirsiniz! Pes dedirten yeni tuzak: Siber güvenlik alanı, “DoubleClickjacking” adı verilen yeni bir hacker yöntemiyle karşı karşıya. Bu teknik, kullanıcıların farkında olmadan kritik işlemleri onaylamalarını sağlamak üzere tasarlanmış karmaşık bir tuzak. Özellikle banka havalesi yapmak veya kişisel verilere erişim sağlamak gibi tehlikeli amaçlar… https://www.eshahaber.com.tr/haber/ne-oldugunu-bile-anlamadan-parasiz-kalabilirsiniz-pes-dedirten-yeni-tuzak-248455.html?utm_source=dlvr.it&utm_medium=mastodon EshaHaber.com.tr #siber #güvenlik #DoubleClickjacking #clickjacking #saldırı
-
Ne olduğunu bile anlamadan parasız kalabilirsiniz! Pes dedirten yeni tuzak: Siber güvenlik alanı, “DoubleClickjacking” adı verilen yeni bir hacker yöntemiyle karşı karşıya. Bu teknik, kullanıcıların farkında olmadan kritik işlemleri onaylamalarını sağlamak üzere tasarlanmış karmaşık bir tuzak. Özellikle banka havalesi yapmak veya kişisel verilere erişim sağlamak gibi tehlikeli amaçlar… https://www.eshahaber.com.tr/haber/ne-oldugunu-bile-anlamadan-parasiz-kalabilirsiniz-pes-dedirten-yeni-tuzak-248455.html?utm_source=dlvr.it&utm_medium=mastodon EshaHaber.com.tr #siber #güvenlik #DoubleClickjacking #clickjacking #saldırı
-
#ActuLibre Over 50 Android Apps for Kids on Google Play Store Caught in Ad Fraud Scheme -> http://feedproxy.google.com/~r/TheHackersNews/~3/IAheiFn_tvw/android-apps-ad-fraud.html #AndroidMalware #adwaremalware #mobilehacking #Clickjacking #clickfraud #Android
-
DoubleClickjacking: la nueva amenaza de los dobles clics para secuestras cuentas https://blog.elhacker.net/2025/01/doubleclickjacking-la-nueva-amenaza-secuestrar-cuentas.html #Clickjacking #hijacking
-
[Перевод] Clipjacking: Взлом через копирование текста — тот же Clickjacking, но круче
Атака осуществляется через браузер, когда вы используете его для копирования кода со StackOverflow или ChatGPT. Я называю это clipjacking («перехват буфера обмена»), это как clickjacking, но круче. Расскажу о нескольких полезных техниках, которые могут пригодиться при создании Proof‑of‑Concept (PoC) для атак на клиентской стороне.
-
They are saying "new browser based attack" but isn't this just user redress?
https://www.infosecurity-magazine.com/news/browser-exploit-technique/
-
Today's #TechTerm of the day is: #Clickjacking 🖱️ Clickjacking is when a malicious actor hides a harmful link behind something that seems harmless For example, you click the "play" button to watch a cute cat video, but instead, you're taken to a fake tech support site
-
От пользовательского пути к защищённым системам: как UX / UI влияет на кибербезопасность
Современный дизайн, стремящийся к удобству и интуитивности, может стать опасным оружием в руках злоумышленников. Минималистичные интерфейсы, копирующие стиль популярных брендов, вызывают доверие, позволяя обманом получить данные пользователя. Темные паттерны — яркие кнопки «Согласиться» вместо почти невидимых «Отклонить» или ложные таймеры с надписью «Действуйте срочно!» подталкивают к поспешным действиям. А эмоциональные триггеры вроде фейковых уведомлений «Ваш аккаунт будет заблокирован!» отключают критическое мышление. Цель этой статьи — показать, как киберпреступники используют самые неожиданные и тонкие механизмы для атак, опираясь на привычное поведение пользователей. В статье будут рассмотрены интересные и необычные техники, которые не сразу бросаются в глаза, но способны нанести серьезный ущерб.
https://habr.com/ru/companies/securityvison/articles/884558/
-
DoubleClickjacking allows clickjacking on major websites – Source: securityaffairs.com https://ciso2ciso.com/doubleclickjacking-allows-clickjacking-on-major-websites-source-securityaffairs-com/ #rssfeedpostgeneratorecho #informationsecuritynews #ITInformationSecurity #DoubleClickjacking #SecurityAffairscom #CyberSecurityNews #PierluigiPaganini #SecurityAffairs #SecurityAffairs #BreakingNews #clickjacking #SecurityNews #hackingnews #hacking
-
Explained: Android overlays and how they are used to trick people https://www.malwarebytes.com/blog/news/2024/06/explained-android-overlays-and-how-they-are-used-to-trick-people #clickjacking #overlays #passkeys #Android #News #mfa
-
📬 O2 Abo-Falle schnappt weiterhin zu – was tun als Betroffener?
#Mobilfunk #Clickjacking #Drittanbietersperre #iFrameLayer #insidedigitalde #O2AboAbzocke #O2AboFalle https://sc.tarnkappe.info/84ffce -
"Don't Believe Your Eyes - A WhatsApp Clickjacking Vulnerability"
https://00xbyte.github.io/posts/Don%27t-Believe-Your-Eyes-A-WhatsApp-Clickjacking-Vulnerability/
-
🚨 Don't fall victim to #Clickjacking!
Learn how this malicious technique, also known as UI redress attack or UI manipulation, can trick users into unintended actions on web pages.
Stay informed and protect yourself against #cyberthreats.Read the complete blog: https://bit.ly/4bJXDKq
#clickjackingattacks #cyberattacks #cybercriminals #webapplications #vulnerabilities #maliciousattacks #webbrowsersattacks #managedwaf #zerofalsepositives #apptrana #indusface
