India s open-source community challenges crypto-busting content-removal and ID-recording Code theregister.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from theregister.com Daily Mail and Mail on Sunday newspapers.
Why Jabber reigns across the Russian cybercrime underground
Photo by Anton Fomkin/Flickr (CC BY 2.0)
Share Apr 19, 2017 | CYBERSCOOP
Much of the Russian cybercrime underworld is an enigma, but one technology serves as a crucial common link across all of it: Jabber.
In a space of cutting-edge tech, creativity and crime, the 18-year-old instant messenger is the most popular communication tool among Russian-speaking cybercriminals, according to new research from the security firm Flashpoint. It’s how hackers make deals, share intelligence and offer tech support on their malware products. While it already reigns in Russian communities, Jabber is simultaneously rising in popularity for cybercriminals around the world.
SEE: (TechRepublic Premium)
Cisco says the bugs allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges or gain access to sensitive information . Customers have no other option but to install the latest updates to prevent attacks.
Norwegian security outfit Watchcom found earlier this year that Jabber was vulnerable to cross-site scripting (XSS) through XHTML-IM messages. Jabber did not properly sanitize incoming HTML messages and instead passed them through a faulty XSS filter.
Cisco notes that the new message-handling vulnerabilities can be exploited if an attacker can send Extensible Messaging and Presence Protocol (XMPP) messages to end-user systems running Cisco Jabber.