Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

1Password Acquires SaaS Access Management Provider Trelica

The deal will enhance 1Password Extended Access Management offering with capabilities to address challenges around software-as-a-service sprawl and shadow IT.

DARKReading
Open in Source
#google#microsoft#cisco#auth#sap
Sharing of Telegram User Data Surges After CEO Arrest

Until September 2024, the encrypted messaging service acceded to 14 requests for user data from the US; that number jumped to 900 after its CEO was detained by French authorities in August.

Pentagon Adds Chinese Gaming Giant Tencent to Federal Ban

The sprawling social media and gaming platform says that being considered a Chinese military business must be a mistake.

License Plate Readers Are Leaking Real-Time Video Feeds and Vehicle Data

Misconfigured license-plate-recognition systems reveal the livestreams of individual cameras and the wealth of data they collect about every vehicle that passes by them.

CISA: Third-Party Data Breach Limited to Treasury Dept.

The breach was carried out by exploiting CVE-2024-12356 in BeyondTrust cybersecurity company, just last week.

PhishWP Plug-in Hijacks WordPress E-Commerce Checkouts

The malware, found on a Russian cybercriminal site, impersonates e-commerce payment-processing services such as Stripe to steal user payment data from legitimate websites.

GHSA-2r2v-9pf8-6342: WireGuard Portal v2 Vulnerable to OAuth Insecure Redirect URI / Account Takeover

### Impact Users of WireGuard Portal v2 who have OAuth (or OIDC) authentication backends enabled can be affected by an Account Takeover vulnerability if they visit a malicious website. ### Patches The problem was fixed in the latest alpha release, v2.0.0-alpha.3. The [docker images](https://hub.docker.com/r/wgportal/wg-portal) for the tag 'latest' built from the master branch also include the fix.

Name That Edge Toon: Greetings and Salutations

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 gift card.

Cybercriminals Don't Care About National Cyber Policy

We can't put defense on hold until Inauguration Day.

ABB ASPECT-Enterprise, NEXUS, and MATRIX Series Products

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: ASPECT-Enterprise, NEXUS, and MATRIX series Vulnerabilities: Files or Directories Accessible to External Parties, Improper Validation of Specified Type of Input, Cleartext Transmission of Sensitive Information, Cross-site Scripting, Server-Side Request Forgery (SSRF), Improper Neutralization of Special Elements in Data Query Logic, Allocation of Resources Without Limits or Throttling, Weak Password Requirements, Cross-Site Request Forgery (CSRF), Use of Weak Hash, Code Injection, PHP Remote File Inclusion, External Control of System or Configuration Setting, Insufficiently Protected Credentials, Unrestricted Upload of File with Dangerous Type, Absolute Path Traversal, Use of Default Credentials, Off-by-one Error, Use of Default Password, Session Fixation 2. RISK EVALUATION Multiple vulnerabilities in ABB ASPECT-Enterprise, NEXUS, and MATRIX series products have been ...