#auth

Ubuntu Security Notice 6500-2 - USN-6500-1 fixed several vulnerabilities in Squid. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Joshua Rogers discovered that Squid incorrectly handled the Gopher protocol. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. Gopher support has been disabled in this update.

A message about extra delivery addresses getting added to Amazon accounts has gone wild on social media. Luckily, it's nothing to worry about.

In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit document type definition (DTD) references to external entities. This means that if a user chooses to use a malicious report definition XML file containing an external entity reference to generate a report then Eclipse Memory Analyzer may access external files or URLs defined via a DTD in the report definition.

A vulnerability has been discovered on OJS, that consists in a CSRF (Cross-Site Request Forgery) attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated.

Our latest findings indicate a definitive shift in the tactics of the North Korean APT group Lazarus Group.

By Deeba Ahmed Operation Storm Makers II, as dubbed by Interpol, witnessed the mobilization of law enforcement agencies from 27 countries. This is a post from HackRead.com Read the original post: Interpol Busts Human Traffickers Luring Victims with Fake Online Job Ads

Malwarebytes is offering customers its ThreatDown Vulnerability Assessment solution without extra costs to help reduce attack surfaces and improve their security posture

This vulnerability allows an remote attacker with low privileges to misuse Improper Control of Generation of Code ('Code Injection') to gain full control of the affected device.

Cybersecurity researchers have discovered 18 malicious loan apps for Android on the Google Play Store that have been collectively downloaded over 12 million times. "Despite their attractive appearance, these services are in fact designed to defraud users by offering them high-interest-rate loans endorsed with deceitful descriptions, all while collecting their victims' personal and

A stored cross-site scripting (XSS) vulnerability exists in Monica (aka MonicaHQ) 4.0.0 via an SVG document uploaded by an authenticated user.