#auth

By Uzair Amir Isn’t it shocking that people still use passwords like QWERTY12, 1234, or pet names for their online accounts?… This is a post from HackRead.com Read the original post: Payment authorization and one-time passwords – Mobile Token

By Owais Sultan Modern advancements have tilted the world into a tightly-knit web. Accessing localized content and resources can be hard… This is a post from HackRead.com Read the original post: The Power of ISP Proxies: Unlocking Local Content and Resources

Updated March 30, 2024: We have determined that Fedora Linux 40 beta does contain two affected versions of xz libraries - xz-libs-5.6.0-1.fc40.x86_64.rpm and xz-libs-5.6.0-2.fc40.x86_64.rpm. At this time, Fedora 40 Linux does not appear to be affected by the actual malware exploit, but we encourage all Fedora 40 Linux beta users to revert to 5.4.x versions.Editor's note: This post has been updated to more clearly articulate the affected versions of Fedora Linux and add additional mitigation methods.Yesterday, Red Hat Information Risk and Security and Red Hat Product Security learned that the l

Thread hijacking attacks. They happen when someone you know has their email account compromised, and you are suddenly dropped into an existing conversation between the sender and someone else. These missives draw on the recipient's natural curiosity about being copied on a private discussion, which is modified to include a malicious link or attachment. Here's the story of a recent thread hijacking attack in which a journalist was copied on a phishing email from the unwilling subject of a recent scoop.

## Description ### Improved security for stored password hashes Serverpod now uses the OWASP, [source](https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#introduction), recommended Argon2Id password hash algorithm to store password hashes for the email authentication module. Starting from Serverpod `1.2.6` all users that either creates an account or authenticates with the server will have their password stored using the safer algorithm. No changes are required from the developer to start storing passwords using the safer algorithm. ### Why did we change how passwords are stored? An issue was identified with the old password hash algorithm that made it susceptible to rainbow attacks if the database was compromised. It is strongly recommended to migrate your existing password hashes. ### Migrate existing password hashes The email authentication module provides a helper method to migrate all the existing legacy password hashes in the database. Simply cal...

By Uzair Amir Wilder World, a massively multiplayer online metaverse, is now available for wishlisting on the Epic Games Store, a… This is a post from HackRead.com Read the original post: Wilder World Launches on Epic Games Store as The First ‘GTA of Web3’ Game

By Deeba Ahmed Critical Microsoft SharePoint Flaw Exploited: Patch Now, CISA Urges! This is a post from HackRead.com Read the original post: CISA Urges Patching Microsoft SharePoint Vulnerability (CVE-2023-24955)

### Impact Under certain circumstances an action could set [reserved claims](https://zitadel.com/docs/apis/openidoauth/claims#reserved-claims) managed by ZITADEL. For example it would be possible to set the claim `urn:zitadel:iam:user:resourceowner:name` ```json {"urn:zitadel:iam:user:resourceowner:name": "ACME"} ``` if it was not set by ZITADEL itself. To compensate for this we introduced a protection that does prevent actions from changing claims that start with `urn:zitadel:iam` ### Patches 2.x versions are fixed on >= [2.48.3](https://github.com/zitadel/zitadel/releases/tag/v2.48.3) 2.47.x versions are fixed on >= [2.47.8](https://github.com/zitadel/zitadel/releases/tag/v2.47.8) 2.46.x versions are fixed on >= [2.46.5](https://github.com/zitadel/zitadel/releases/tag/v2.46.5) 2.45.x versions are fixed on >= [2.45.5](https://github.com/zitadel/zitadel/releases/tag/v2.45.5) 2.44.x versions are fixed on >= [2.44.7](https://github.com/zitadel/zitadel/releases/tag/v2.44.7) 2.43.x ve...

The Police of Finland (aka Poliisi) has formally accused a Chinese nation-state actor tracked as APT31 for orchestrating a cyber attack targeting the country's Parliament in 2020. The intrusion, per the authorities, is said to have occurred between fall 2020 and early 2021. The agency described the ongoing criminal probe as both demanding and time-consuming, involving extensive analysis of a "

Event Management version 1.0 suffers from a remote SQL injection vulnerability.