Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

Russia Is Going All Out on Election Day Interference

Along with other foreign influence operations—including from Iran—Kremlin-backed campaigns to stoke division and fear have gone into overdrive.

Wired
Open in Source
#mac#google#ddos#git#intel#auth
Android Botnet 'ToxicPanda' Bashes Banks Across Europe, Latin America

Chinese-speaking adversaries are using a fresh Android banking Trojan to take over devices and initiate fraudulent money transfers from financial institutions across Latin America, Italy, Portugal, and Spain.

Schneider Electric Clawed by 'Hellcat' Ransomware Gang

The cybercriminal group holding the stolen information is demanding the vendor admit to the breach and pay up.

Man Arrested for Snowflake Hacking Spree Faces US Extradition

Alexander “Connor” Moucka was arrested this week by Canadian authorities for allegedly carrying out a series of hacks that targeted Snowflake’s cloud customers. His next stop may be a US jail.

GHSA-4cf2-cxp3-rjr7: HAPI FHIR XML External Entity (XXE) vulnerability

An XML External Entity (XXE) vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities.

GHSA-v2qh-f584-6hj8: @workos-inc/authkit-remix refresh tokens are logged when the debug flag is enabled

### Impact Refresh tokens are logged to the console when the disabled by default `debug` flag, is enabled. ### Patches Patched in [https://github.com/workos/authkit-remix/releases/tag/v0.4.1](https://github.com/workos/authkit-remix/releases/tag/v0.4.1)

GHSA-5wmg-9cvh-qw25: @workos-inc/authkit-nextjs refresh tokens are logged when the debug flag is enabled

### Impact Refresh tokens are logged to the console when the disabled by default `debug` flag, is enabled. ### Patches Patched in [https://github.com/workos/authkit-nextjs/releases/tag/v0.13.2](https://github.com/workos/authkit-nextjs/releases/tag/v0.13.2)

FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions

The U.S. Federal Bureau of Investigation (FBI) has sought assistance from the public in connection with an investigation involving the breach of edge devices and computer networks belonging to companies and government entities. "An Advanced Persistent Threat group allegedly created and deployed malware (CVE-2020-12271) as part of a widespread series of indiscriminate computer intrusions designed

Canada Arrests Suspected Hacker Linked to Snowflake Data Breaches

Canadian authorities arrest a suspect linked to the Snowflake data breach, exposing vulnerabilities in cloud infrastructure. The breach…

Canadian Man Arrested in Snowflake Data Extortions

A 26-year-old man in Ontario, Canada has been arrested for allegedly stealing data from and extorting more than 160 companies that used the cloud data service Snowflake. On October 30, Canadian authorities arrested Alexander Moucka, a.k.a. Connor Riley Moucka of Kitchener, Ontario, on a provisional arrest warrant from the United States. Bloomberg first reported Moucka's alleged ties to the Snowflake hacks on Monday. At the end of 2023, malicious hackers learned that many large companies had uploaded huge volumes of sensitive customer data to Snowflake accounts that were protected with little more than a username and password (no multi-factor authentication required). After scouring darknet markets for stolen Snowflake account credentials, the hackers began raiding the data storage repositories used by some of the world’s largest corporations.