#auth

An ongoing cyberattack campaign with apparent ties to China uses a new version of sophisticated JavaScript remote access Trojan JSOutProx and is now targeting banks in the Middle East.

While some states have made data privacy gains, the US has so far been unable to implement protections at a federal level. A new bipartisan proposal called APRA could break the impasse.

Ad trackers are out of control. Use a browser that reins them in.

Plus: Microsoft scolded for a “cascade” of security failures, AI-generated lawyers send fake legal threats, a data broker quietly lobbies against US privacy legislation, and more.

One issue would have allowed cross-tenant attacks, and another enabled access to a shared registry for container images; exploitation via an insecure Pickle file showcases emerging risks for AI-as-a-service more broadly.

By Deeba Ahmed New Byakugan Malware Steals Data, Grants Remote Access & Uses OBS Studio to Spy! Fortinet reveals a phishing campaign distributing Byakugan malware disguised as a PDF. Don't click! Learn how to stay safe. This is a post from HackRead.com Read the original post: Beware the Blur: Phishing Scam Drops Byakugan Malware via Fake PDF

### Summary The ***DELETE /api/snapshots/{key}*** endpoint allows any Grafana user to delete snapshots if the user is NOT in the organization of the snapshot ### Details An attacker (a user without organization affiliation or with a "no basic role" in an organization other than the one where the dashboard exists), knowing the key or URL of a snapshot created by any user (including Grafana admins), can delete a snapshot (It is not feasible using UI), resulting in a BOLA vulnerability. If an attacker is in the same organization of the dashboard snapshot, he can’t delete the snapshot. However, an attacker with low-privilege from a different organization would be able to delete it, resulting in the authorization flaw.  ### Precondition To exploit this endpoint, an attacker must know the {key} of a snapshot. The attacker can potentially discover ...

Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: Dealing with a Ramadan cyber spike; funding Internet security; and Microsoft's Azure AI changes.

The IEEE CSR Workshop on Cyber Forensics and Advanced Threat Investigations in Emerging Technologies organizing committee is inviting you to submit your research papers. The workshop will be held in Hybrid mode. The in-person mode will held at Hilton London Tower Bridge, London from September 2nd through the 4th, 2024.

Authenticated attackers can exploit a weakness in the XML parser functionality of the Visual Planning application in order to obtain read access to arbitrary files on the application server. Depending on configured access permissions, this vulnerability could be used by an attacker to exfiltrate secrets stored on the local file system. All versions prior to Visual Planning 8 (Build 240207) are affected.