Ventas de Seguridad

Account

×

Open Redirect vulnerability in #Cuevana (fixed)

Through a post about spam on Facebook of MasFB's friends you can see a script that uses Cuevana to send the user to harmful sites, because said site has an open redirection vulnerability, that is, the URLs that can be accessed using Cuevana as a redirector are not properly validated.

In the script you can see a code similar to the following:
http://go.cuevana.tv/[ELIMINADO]http://sitio-dañino.blogspot.com/

In this URL, the deleted part corresponds to the name of the PHP that performs the redirection to the indicated site and, by not being correctly validated, allows to deceive the user into thinking that he will enter Cuevana when in fact he will be redirected to the harmful site.

These types of vulnerabilities, as we have shown several times are used by criminals and even the NBA site has been used for this purpose.

As this vulnerability is also being used by criminals actively in Facebook applications, from Segu-Info we have already informed Cuevana to proceed to solve the problem.

- Publicidad -

Update 18:00: The vulnerability has already been fixed.

Cristian from the Segu-Info Newsroom

See original.

No thoughts on “Open Redirect vulnerability in #Cuevana (fixed)”

• If you're already registered, please log in first. Your email will not be published.

Leave your comment

An important security component will have Integratec Mexico 2024

Mexico. The Integratec Mexico Fair, which specializes in technologies for the integration of low-voltage systems, and which will be held on August 14 and 15 at the World...
Oaxaca representative wins the first Dahua Legend

Mexico. The company Dahua Mexico held the grand finale of its new contest, in which participants measure their skills for the integration of security solutions.
Alai Secure announces its participation in Seguri Expo Ecuador

Ecuador. The company Alai Secure announced that it will participate as a speaker and exhibitor in the international fair, to be held from May 9 to 10 at the Guayaquil...
Hikvision and Can'nX to work on KNX-based building automation

International. Manufacturer Hikvision announced a technology partnership with Can'nX, which will allow Hikvision's technologies to be integrated with the KNX protocol, the...
Video surveillance project developed in Bermuda

Bermuda. According to Nino Armando Vaprio, general manager of Tactical Security Services, the asymmetric integration implemented allows this initiative to have a new horizon...
Colombian Authorities Articulate Actions Against Cybercrime

Colombia. The National Police and the Ministry of Information and Communications Technologies announced that they have defined a series of joint actions to combat cybercrime...
"I have energy, passion and experience": Jason Souza, new Genetec executive

Latin America. We interviewed Genetec's newly appointed Managing Director for Latin America and the Caribbean, Jason Souza.
Desico joins the Casmar Group

International. The automation and control project engineering company for the security market has been acquired by the Casmar Group, a Spanish company that provides...
Increase in visits to Expo Seguridad Mexico meets expectations and reaches 15%

Mexico. More than 24,000 square meters of the Citibanamex Center hosted the most recent editions of Expo Seguridad México (ESM) and Expo Seguridad Industrial (ESI) for three...
New president of ALAS, Manuel Zamudio, speaks for Ventas de Seguridad

Latin America. The executive has more than 25 years linked to ALAS, within which he has served as an instructor, lecturer and volunteer member of the different national...
Tecnosynergy Express Plus inaugurated in Mexico City

Mexico. Located on Avenida Marina Nacional, Miguel Hidalgo district, the new Tecnosinergia store was built under an innovative concept that brings together, in one place,...
Siasa will distribute HID Vento technology in the region

Latin America. Wholesale distributor of security technology Siasa announced the strengthening of its commercial partnership with the manufacturer HID Global, to market its...
SECO-LARM develops a new universal lock for low-profile doors

International. At just 1 inch (26 mm) deep, this deadbolt from SECO-LARM offers a compact solution for metal and wood door frames, fitting virtually into any cylindrical...
Asis launched new comprehensive framework for assessing security risks

International. The ASIS Security Risk Assessment (SRA) provides a comprehensive overview of how to conduct security risk assessment and management in organizations.
Morse Watchmans introduces innovations for key control and inventory management

International. Recently, Morse Watchmans has participated in several international trade shows, where it has exhibited products such as the new Emergency Key Grip (EKG) and...

Suscribase Gratis

SUBSCRIBE TO OUR ENGLISH NEWSLETTER

• Earn 25 Loyalty Points •

DO YOU NEED A SERVICE OR PRODUCT QUOTE?

LATEST INTERVIEWS

Webinar: NxWitness el VMS rápido fácil y ultra ligero

https://www.ventasdeseguridad.com/2...

Webinar: Por qué elegir productos con certificaciones de calidad

Por: Eduardo Cortés Coronado, Representante Comercial - SECO-LARM USA INC La importancia de utilizar productos certificados por varias normas internacionales como UL , Ul294, CE , Rosh , Noms, hacen a tus instalciones mas seguras y confiables además de ser un herramienta más de venta que garantice nuestro trabajo, conociendo qué es lo que certifica cada norma para así dormir tranquilos sabiendo que van a durar muchos años con muy bajo mantenimiento. https://www.ventasdeseguridad.com/2...

Webinar: Anviz ONE - Solución integral para pymes

Por: Rogelio Stelzer, Gerente comercial LATAM - Anviz Presentación de la nueva plataforma Anviz ONE, en donde se integran todas nuestras soluciones de control de acceso y asistencia, video seguridad, cerraduras inteligentes y otros sensores. En Anviz ONE el usuario podrá personalizar las opciones según su necesidad, de forma sencilla y desde cualquier sitio que tenga internet. https://www.ventasdeseguridad.com/2...

Webinar: Aplicaciones del IoT y digitalización en la industria logística

Se presentarán los siguientes temas: • Aplicaciones del IoT y digitalización en la industria logística. • Claves para decidir el socio en telecomunicaciones. • La última milla. • Nuevas estrategias de logística y seguimiento de activos sostenibles https://www.ventasdeseguridad.com/2...

Sesión 5: Milestone, Plataforma Abierta que Potencializa sus Instalaciones Manteniéndolas Protegidas

Genaro Sanchez, Channel Business Manager - MILESTONE https://www.ventasdeseguridad.com/2...

Load more...

SITE SPONSORS

LATEST NEWSLETTER

Latest Newsletter