Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

A Comprehensive Guide to Investing Securely in Digital Assets

By Owais Sultan Entering the world of cryptocurrency might seem straightforward, but ensuring the security of your crypto funds is crucial.… This is a post from HackRead.com Read the original post: A Comprehensive Guide to Investing Securely in Digital Assets

HackRead
Open in Source
#vulnerability#git#auth
GHSA-6xwf-xvf3-v459: Apache Airflow: Incorrect Default Permissions in audit logs for Ops and Viewers users

Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated Ops and Viewers users to view all information on audit logs, including dag names and usernames they were not permitted to view. With 2.8.2 and newer, Ops and Viewer users do not have audit log permission by default, they need to be explicitly granted permissions to see the logs. Only admin users have audit log permission by default. Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability

CutOut.Pro AI Tool Data Breach: Hacker Leak 20 Million User Info

By Waqas In an exclusive statement to Hackread.com, CutOut.Pro denied the breach and labeled the leak as a 'clear scam.' This is a post from HackRead.com Read the original post: CutOut.Pro AI Tool Data Breach: Hacker Leak 20 Million User Info

GHSA-jq57-3w7p-vwvv: Docassemble unauthorized access through URL manipulation

### Impact The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. ### Patches The vulnerability has been patched in version 1.4.97 of the master branch. The Docker image on docker.io has been patched. ### Workarounds If upgrading is not possible, manually apply the changes of [97f77dc](https://github.com/jhpyle/docassemble/commit/97f77dc486a26a22ba804765bfd7058aabd600c9) and restart the server. ### Credit The vulnerability was discovered by Riyush Ghimire (@richighimi). ### For more information If you have any questions or comments about this advisory: * Open an issue in [docassemble](https://github.com/jhpyle/docassemble/issues) * Join the [Slack channel](https://join.slack.com/t/docassemble/shared_invite/zt-2cspzjo9j-YyE7SrLmi5muAvnPv~Bz~A) * Email us at [email protected]

Android Money Transfer XHelper App Exposed as Money Laundering Network

By Deeba Ahmed Don't confuse the XHelper app with the notorious XHelper malware, which targets Android devices and is notoriously difficult to remove. This is a post from HackRead.com Read the original post: Android Money Transfer XHelper App Exposed as Money Laundering Network

Why Apple added protection against quantum computing when quantum computing doesn’t even exist yet

Apple’s newest encryption technology, called PQ3, now secures iMessages with end-to-end encryption that is quantum-resistant.

Here Are the Google and Microsoft Security Updates You Need Right Now

Plus: Mozilla patches 12 flaws in Firefox, Zoom fixes seven vulnerabilities, and more critical updates from February.

GHSA-q76r-7p4q-mqpw: Cockpit CMS Cross-Site Scripting vulnerability

A Cross-Site Scripting vulnerability in Cockpit CMS affecting version 2.7.0. This vulnerability could allow an authenticated user to upload an infected PDF file and store a malicious JavaScript payload to be executed when the file is uploaded.

New Silver SAML Attack Evades Golden SAML Defenses in Identity Systems

Cybersecurity researchers have disclosed a new attack technique called Silver SAML that can be successful even in cases where mitigations have been applied against Golden SAML attacks. Silver SAML “enables the exploitation of SAML to launch attacks from an identity provider like Entra ID against applications configured to use it for authentication, such as Salesforce,” Semperis

Backdoor.Win32.Agent.amt MVID-2024-0673 Authentication Bypass / Code Execution

Backdoor.Win32.Agent.amt malware suffers from bypass and code execution vulnerabilities.