• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

InfoSec News

  • Home
  • Subscribe
  • Contact Us
  • Advertising
  • Privacy
  • About

CAC

DoD 8570 InfoSec Training and Compliance Vendors Vulnerable to XSS

July 26, 2018 By William Knowles

CVC8

By William Knowles @c4i
Senior Editor
InfoSec News
July 1, 2014

XSSposed (XSS exposed) is reporting that the Web sites of both the InfoSec Institute and the EC-Council are vulnerable to a Cross-site scripting (XSS) attack.

Cross-Site Scripting (XSS) inserts specially crafted data into existing applications through Web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a modification to a browser script, to a different end user. XSS attacks often lead to a bypass of access controls, unauthorized access, and disclosure of privileged or confidential information. Cross-site scripting attacks are listed as the number three vulnerability on the OWASP Top 10 list for 2013.

According to XSSposed, the InfoSec Institute has not one, two, three, four, five, six, but SEVEN XSS vulnerabilities discovered this week.

This most recent XSS vulnerability to the EC-Council is to their portal page where their customers sign in. This is not the only XSS vulnerability to their site, The Hacker News reported one back in 2011 and Rafay Baloch and Deepanker Arora discovered another in 2013.

In a previous Web defacement statement, the “EC-Council takes the privacy and confidentiality of their customers very seriously.” Regardless, the EC-Council Web site was compromised three times during a single week in February 2014. Since the breach, EC Council has neither confirmed nor denied allegations that the attacker exfiltrated thousands of passports, drivers. licenses, government, and military Common Access Cards (CAC).

It seems neither organization is practicing what they preach for thousands of taxpayer’s dollars training the next generation of cyber warriors.

A (supposedly) expert team of information security instructors founded the InfoSec Institute in 1998. Their goal was to build a business by offering the best possible training experience for students.’ ‘InfoSec Institute deeply understands the needs of today’s IT professionals and is best positioned to offer world-class training.

The EC-Council is an Albuquerque New Mexico based organization that offers security professionals a reasonably inexpensive certificate among other security certificates to be compliant with Department of Defense standard 8570.

 

Photo by Richard Termine Photography

Filed Under: News Tagged With: CAC, CEH, Citizenfour, cybersecurity, DoD, DoD 8570, EC-Council, Hacking, InfoSec, InfoSec Institute, Jack Koziol, Jay Bavisi, Security, Wolfking Awesomefox, XSS, XSS attack, XSSposed

Primary Sidebar

InfoSec News Stock Ticker

Ticker Tape by TradingView

Latest Tweets from InfoSec News

Tweets by @InfoSecNews_

Popular Tags

Business Continuity CEH China Citizenfour Code Talkers Crypto Cryptography Cyberattack Cybercrime Cyber Crime CyberCyberCyber cybersecurity Data Breach DDoS DoD EC-Council Edward Snowden Encryption Espionage FBI FISMA Google Hacker Hackers Hacking InfoSec InfoSecNews Intelligence Jay Bavisi Malware Microsoft NSA OPSEC OSINT Passwords PCI PII Security SnowdenWatch SSN USCYBERCOM USMC Wolfking Awesomefox WWII XSS

Upcoming Events

  1. ShmooCon

    January 31, 2020 - February 1, 2020
  2. CypherCon 5.0

    April 2, 2020 - April 3, 2020
  3. THOTCON 0xB

    May 8, 2020 - May 9, 2020
  4. CircleCityCon 7.0

    June 12, 2020 @ 8:00 am - June 14, 2020 @ 3:00 pm CDT

View All Events

RSS PacketStorm Security Advisories

  • Symantec Endpoint Protection Information Disclosure / Privilege Escalation
  • BeeGFS 7.1.3 Privilege Escalation
  • Red Hat Security Advisory 2019-4111-01
  • Red Hat Security Advisory 2019-4107-01
  • Red Hat Security Advisory 2019-4108-01
  • Ubuntu Security Notice USN-4214-1
  • Red Hat Security Advisory 2019-4109-01
  • Red Hat Security Advisory 2019-4110-01
  • Ubuntu Security Notice USN-4213-1
  • Ubuntu Security Notice USN-4212-1

RSS National Vulnerability Database

  • CVE-2019-16772
  • CVE-2019-9464
  • CVE-2019-2220
  • CVE-2019-2231
  • CVE-2019-2223
  • CVE-2019-2232
  • CVE-2019-2222
  • CVE-2019-2225
  • CVE-2019-2224
  • CVE-2019-2227

Archives

  • October 2019
  • September 2019
  • August 2019
  • June 2019
  • April 2019
  • March 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • August 2018
  • July 2018

Copyright © 2019 · InfoSec News · Log in