Subj : Gallup blocks security flaw which could have led to fake polling To : All From : TechnologyDaily Date : Thu Sep 12 2024 13:15:04 Gallup blocks security flaw which could have led to fake polling data Date: Thu, 12 Sep 2024 12:05:00 +0000 Description: Gallup survey site was found to have security vulnerabilities that have since been addressed. FULL STORY ====================================================================== Researchers at Checkmarx recently identified critical Cross-Site scripting (XSS) vulnerabilities on the website of polling firm Gallup which they say could have been used by malicious actors to gain access to the survey companys platform. The research notes XSS is a vulnerability that might enable attackers to gain full control over an applications functionality and data, especially if the user impersonated has been granted special access. By allowing the execution of arbitrary code, the vulnerability could have even given threat actors the ability to add unauthorized items to users shopping carts (as the site also sells customizable surveys and books). Misinformation risk The vulnerabilities were discovered in June 2024, but have since been resolved - but in a time where reliable and safe information is so vital, especially relating to political opinion, the consequences of the flaw could have been dire. It is possible a malicious actor could have posted false polling results or information to the site, confirmed the Checkmarx team. In an era where misinformation and identity theft pose significant threats, the security of survey platforms is crucial, particularly during pivotal global election cycles," the report notes. "It's important to note that this endpoint is commonly used to access Gallup surveys, which may make users more susceptible to exploitation. The 2024 election cycle has seen particularly high rates of misinformation and election interference attempts, so its important for firms with influence or prominence to ensure security on their sites to keep information safe. Web defacement is a relatively common practice for hackers to use to spread their message or embarrass the site owners, but in this case the information could easily have been disguised as legitimate, with the intention of swaying voters. In a remarkably close election race, swing state votes in particular are impactful, so any potential vulnerabilities should be closely monitored. More from TechRadar Pro Check out our list of the best firewall software Exploring modern Hacktivist tactics, a threat to digital infrastructure Take a look at our top endpoint protection software choices ====================================================================== Link to news story: https://www.techradar.com/pro/security-vulnerabilities-found-on-the-gallup-sit e --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .