Menu
Bayou Technologies | Lake Charles, Louisiana | Technology | Cybersecurity | Communication | Marketing
Computer IT Services & Marketing
  • Technology
    • Managed Services
    • Computer Repair
    • Consulting
  • Cybersecurity
    • BDR
    • Network Security
    • Computer Security
    • Data Recovery
  • Communication
    • Cabling
    • Wireless Networking
    • Phones
  • Marketing
    • Website Development
    • Search Engine Optimization
    • Social Media & Online Presence
    • Location Scan
    • Website & Email Management
    • Online Advertising
    • Multimedia Design
    • Newsletter
  • CALL: 337-214-1172

HOME  |  BLOG  |  REMOTE SUPPORT

Home
Support
Blog
Contact
Close Menu
Meetup Website Has Patched Vulnerability Open To Hackers
August 12 2020

Meetup Website Has Patched Vulnerability Open To Hackers

wukovits Blog, Business & Finance, General Interest, Recent News, Security, Technology News

Recently, security researchers at Checkmarx discovered a pair of serious vulnerabilities in the popular online meeting website Meetup.

According to the researchers, a hacker could combine cross-site scripting (XSS) with cross-site request forgeries (CSRF) to gain admin privileges on the site.

This would allow them to do anything from changing the details of any user’s events, outright cancelling them, exfiltrating user information, and/or redirecting PayPal payments.

The research team discovered that by making use of these two vulnerabilities, it was possible to inject malicious scripts into posts made in the discussions section of the Meetup site. That is a feature enabled by default on every event inside the framework of the system.

Erez Yalon, the Director of Security Research at Checkmarx had this to say about his team’s discovery:

“When you have these two vulnerabilities, it’s basically the Holy Grail for a hacker. Because what it means is if an organizer page runs the script in the browser, we can actually use their role of administrator to do whatever we want.”

For their part, when Meetup was informed of the pair of vulnerabilities by Checkmarx, they responded quickly and patched the system. As of this moment, neither of the exploits remain functional and there is no evidence that hackers ever made use of them, which definitely counts as a bullet dodged.

Ultimately, the vulnerability was enabled by the fact that it’s possible to add scripts to the discussions page. That is something that could have been prevented if an allow list had been used that specifies exactly what script commands can be used on the page.

Unfortunately, the company used a deny list in this case. A deny list isn’t nearly as effective as a filtering mechanism, because hackers can almost always come up with things a site owner would never consider. They’re always finding ways around any deny list.

In any case, the issue is now resolved, and if you’re a Meetup user, there’s nothing you need to do. Continue making use of the site as you have been.

Used with permission from Article Aggregator

Cisco Data Center Manager Software Users Should Patch Immediately Popular Interior Design Website Has Breach Of User Accounts

Related Posts

Big Changes Coming To Microsoft Outlook In Coming Years

Blog, General Interest, Microsoft, Recent News, Technology News

Big Changes Coming To Microsoft Outlook In Coming Years

Hacker Attacks On Healthcare Industry Are On The Rise

Blog, General Interest, Recent News, Security, Technology News

Hacker Attacks On Healthcare Industry Are On The Rise

Adobe Flash Has Reached End of Life Status

Blog, General Interest, Recent News, Security, Technology News

Adobe Flash Has Reached End of Life Status

Recent Posts

  • Big Changes Coming To Microsoft Outlook In Coming Years
  • Hacker Attacks On Healthcare Industry Are On The Rise
  • Adobe Flash Has Reached End of Life Status

Archives

Categories

Get a Domain Registered


$.99* .COM Domain! Get going with GoDaddy!

Back To Top
Bayou Technologies | Lake Charles, Louisiana | Technology | Cybersecurity | Communication | Marketing
  • Home
  • Technology
  • Cybersecurity
  • Communication
  • Marketing
  • Newsletter
  • Blog
  • Support
  • Contact

BBB Logo

Bayou Technologies, LLC
✖
Bayou Technologies is a BBB Accredited Busines
A+
On a scale of A+ to F

Reviewed, Evaluated and Accredited

Meets All 26 Standards of Accreditation

BBB Accredited since 1/1/2012

Click here for BBB Business Report on Bayou Technologies, LLC

BBB Accredited:

BBB Rating as of:

Verify Bayou Technologies, LLC
Bayou Technologies, LLC © 2019
Website Development and Marketing in Lake Charles, Louisiana
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are as essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.