Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

Hitachi NAS SMU Backup And Restore Insecure Direct Object Reference

Hitachi NAS SMU Backup and Restore versions prior to 14.8.7825.01 suffer from an insecure direct object reference vulnerability.

Packet Storm
Open in Source
#vulnerability#web#linux#js#auth#firefox
TP-Link TL-WR740N Buffer Overflow / Denial Of Service

There exists a buffer overflow vulnerability in the TP-Link TL-WR740 router that can allow an attacker to crash the web server running on the router by sending a crafted request.

Russian Midnight Blizzard Hackers Breached Microsoft Source Code

By Deeba Ahmed Midnight Blizzard (aka Cozy Bear and APT29) originally breached Microsoft on January 12, 2024. This is a post from HackRead.com Read the original post: Russian Midnight Blizzard Hackers Breached Microsoft Source Code

Dropbox Abused in New Phishing, Malspam Scam to Steal SaaS Logins

By Waqas That new Dropbox email landing in your inbox might be part of a phishing or malspam attack! This is a post from HackRead.com Read the original post: Dropbox Abused in New Phishing, Malspam Scam to Steal SaaS Logins

Proof-of-Concept Exploit Released for Progress Software OpenEdge Vulnerability

Technical specifics and a proof-of-concept (PoC) exploit have been made available for a recently disclosed critical security flaw in Progress Software OpenEdge Authentication Gateway and AdminServer, which could be potentially exploited to bypass authentication protections. Tracked as CVE-2024-1403, the vulnerability has a maximum severity rating of 10.0 on the CVSS scoring system. It

Hacker Claims Breaching US Federal Contractor Acuity, Selling ICE, USCIS Data

By Waqas The teasure trove of highly sentisive data is being sold for just $3,000 in Monero (XMR) cryptocurrency on Breach Forums. This is a post from HackRead.com Read the original post: Hacker Claims Breaching US Federal Contractor Acuity, Selling ICE, USCIS Data

Russian Hackers Stole Microsoft Source Code—and the Attack Isn’t Over

Plus: An ex-Google engineer gets arrested for allegedly stealing trade secrets, hackers breach the top US cybersecurity agency, and X’s new feature exposes sensitive user data.

Unsecured Video Doorbells Sold on Major Platforms: Millions at Risk of Hacking

By Deeba Ahmed Major Retailers Selling Video Doorbells with Serious Security Flaws, Consumer Reports Warns. This is a post from HackRead.com Read the original post: Unsecured Video Doorbells Sold on Major Platforms: Millions at Risk of Hacking

Debian Security Advisory 5637-1

Debian Linux Security Advisory 5637-1 - Several security vulnerabilities have been discovered in Squid, a full featured web proxy cache. Due to programming errors in Squid's HTTP request parsing, remote attackers may be able to execute a denial of service attack by sending large X-Forwarded-For header or trigger a stack buffer overflow while performing HTTP Digest authentication. Other issues facilitate request smuggling past a firewall or a denial of service against Squid's Helper process management.

MongoDB 2.0.1 / 2.1.1 / 2.1.4 / 2.1.5 Local Password Disclosure

MongoDB versions 2.0.1, 2.1.1, 2.1.4, and 2.1.5 appear to suffer from multiple localized password disclosure issues.