#auth

Cybersecurity researchers have disclosed multiple security flaws in Cinterion cellular modems that could be potentially exploited by threat actors to access sensitive information and achieve code execution. "These vulnerabilities include critical flaws that permit remote code execution and unauthorized privilege escalation, posing substantial risks to integral communication networks and IoT

Recently we announced that Red Hat Insights along with Red Hat OpenShift on AWS GovCloud has achieved Federal Risk and Authorization Management Program (FedRAMP®) Agency Authority to Operate (ATO) at the High Impact Level.We delved down a bit further into what this means with a recent blog post: Beyond the lingo: What does Red Hat Insights and FedRAMP mean for your workload?We are still getting questions on how to get started and what it looks like to use Insights in a FedRamp environment. To help answer these questions I put together a video that covers the initial configuration of Insights

By Waqas Notorious hacker IntelBroker claims a major data breach at Europol. Allegedly, sensitive data including employee info, source code, and operational documents were compromised. Europol has yet to confirm the breach. Could this expose ongoing investigations and endanger law enforcement personnel? Find out more. This is a post from HackRead.com Read the original post: Europol Hacked? IntelBroker Claims Major Law Enforcement Breach

By Deeba Ahmed Researchers uncover a novel cyberattack scheme called "LLMjacking" exploiting stolen cloud credentials to hijack powerful AI models. This article explores the implications of attackers leveraging large language models (LLMs) for malicious purposes and offers security recommendations for the cloud and AI communities. This is a post from HackRead.com Read the original post: New LLMjacking Attack Lets Hackers Hijack AI Models for Profit

### Description: A Stored Blind Cross-Site Scripting (XSS) vulnerability has been identified in the Failed Login Attempts Logging Feature of the Froxlor Application. Stored Blind XSS occurs when user input is not properly sanitized and is stored on the server, allowing an attacker to inject malicious scripts that will be executed when other users access the affected page. In this case, an unauthenticated User can inject malicious scripts in the loginname parameter on the Login attempt, which will then be executed when viewed by the Administrator in the System Logs. The application protects users against XSS attacks by utilizing an xss sanitization library. But the checks of the library were bypassed by crafting an XSS Payload using data binding and interpolation of Vue.js A working XSS payload was crafted which forces an administrator to add a new malicious attacker-controlled Administrator User. The Payload is: [payload.txt](https://github.com/froxlor/Froxlor/files/15142616/payload...

### Summary The latest version of lobe-chat(by now v0.141.2) has an unauthorized ssrf vulnerability. An attacker can construct malicious requests to cause SSRF without logging in, attack intranet services, and leak sensitive information. ### Details * visit https://chat-preview.lobehub.com/settings/agent * you can attack all internal services by /api/proxy and get the echo in http response :)    ### PoC ```http POST /api/proxy HTTP/2 Host: xxxxxxxxxxxxxxxxx Cookie: LOBE_LOCALE=zh-CN; LOBE_THEME_PRIMARY_COLOR=undefined; LOBE_THEME_NEUTRAL_COLOR=undefined; _ga=GA1.1.86608329.1711346216; _ga_63LP1TV70T=GS1.1.1711346215.1.1.1711346846.0.0.0 Content-Length: 23 Sec-Ch-Ua: "Google Chrome";v=...

Red Hat Security Advisory 2024-2668-03 - Red Hat OpenShift Container Platform release 4.14.24 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

Dell has notified some customers about a data breach reported to include 49 million records.

By Waqas Dell has announced a data breach, while a hacker using the alias Menelik is selling 49 million Dell customer data on the notorious Breach Forums. This is a post from HackRead.com Read the original post: Dell Discloses Data Breach As Hacker Sells 49 Million Customer Data

Under a pilot program, CISA has sent out more than 2,000 alerts to registered organizations regarding the existence of any unpatched vulnerabilities in CISA’s KEV catalog.