Security
Headlines
HeadlinesLatestCVEs

Tag

#amazon

Office 365 Phishing Campaign Abuses Stolen Amazon SES Token

Stolen access token leveraged in phishing campaign that spoofs brand name email addresses.

Threatpost
Open in Source
#Cryptography#Web Security#Government#Malware#Mobile Security#Vulnerabilities#android#google#Malware#Vulnerabilities#Web Security#mac#apple#Hacks#Web Security#amazon
Pirate Sports Streamer Gets Busted, Pivots to MLB Extortion

An alleged sports content pirate is accused of not only hijacking leagues' streams but also threatening to tell reporters how he accessed their systems.

Name That Edge Toon: Parting Thoughts

Feeling creative? Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.

‘Trojan Source’ Hides Invisible Bugs in Source Code

The old RLO trick of exploiting how Unicode handles script ordering and a related homoglyph attack can imperceptibly switch the real name of malware.

Understanding the Human Communications Attack Surface

Companies should recognize that collaboration platforms aren't isolated, secure channels where traditional threats don't exist.

UPDATE: EU’s Green Pass Vaccination ID Private Key Leaked or Forged

UPDATE: French & Polish authorities found no sign of cryptographic compromise in the leak of the private key used to sign the vaccine passports and to create fake passes for Mickey Mouse and Adolf Hitler, et al.

CVE-2021-39348: Vulnerability Advisories - Wordfence

The LearnPress WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $custom_profile parameter found in the ~/inc/admin/views/backend-user-profile.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 4.1.3.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. Please note that this is seperate from CVE-2021-24702.

Apple Releases Urgent iPhone and iPad Updates to Patch New Zero-Day Vulnerability

Apple on Monday released a security update for iOS and iPad to address a critical vulnerability that it says is being exploited in the wild, making it the 17th zero-day flaw the company has addressed in its products since the start of the year. The weakness, assigned the identifier CVE-2021-30883, concerns a memory corruption issue in the "IOMobileFrameBuffer" component that could allow an

Name That Toon: Bone Dry

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.