Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

Okta breach happened after employee logged into personal Google account

Okta has concluded that the root cause of its breach was an employee storing company credentials in a private Google account.

Malwarebytes
Open in Source
#web#google#git#auth#chrome
CVE-2023-47102: Quantiano

UrBackup Server 2.5.31 allows brute-force enumeration of user accounts because a failure message confirms that a username is not valid.

CVE-2023-36409

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

Okta Breach Linked to Employee’s Google Account, Affects 134 Customers

By Waqas Some of the most prominent victims of the data breach include Cloudflare, 1Password, and BeyondTrust. This is a post from HackRead.com Read the original post: Okta Breach Linked to Employee’s Google Account, Affects 134 Customers

Google Launches Verification Badges for Security Tested VPN Apps

By Deeba Ahmed The new feature will add an Independent Security Review badge at the top of the Google Play search results page when users search for VPN apps.  This is a post from HackRead.com Read the original post: Google Launches Verification Badges for Security Tested VPN Apps

CVE-2023-5950: Release Release 0.7.0 · Velocidex/velociraptor

Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability. This vulnerability allows attackers to inject JS into the error path, potentially leading to unauthorized execution of scripts within a user's web browser. This vulnerability is fixed in version 0.7.0-04 and a patch is available to download. Patches are also available for version 0.6.9 (0.6.9-1).

SecuriDropper: New Android Dropper-as-a-Service Bypasses Google's Defenses

Cybersecurity researchers have shed light on a new dropper-as-a-service (DaaS) for Android called SecuriDropper that bypasses new security restrictions imposed by Google and delivers the malware. Dropper malware on Android is designed to function as a conduit to install a payload on a compromised device, making it a lucrative business model for threat actors, who can advertise the capabilities

October 2023: back to Positive Technologies, Vulristics updates, Linux Patch Wednesday, Microsoft Patch Tuesday, PhysTech VM lecture

Hello everyone! October was an interesting and busy month for me. I started a new job, worked on my open source Vulristics project, and analyzed vulnerabilities using it. Especially Linux vulnerabilities as part of my new Linux Patch Wednesday project. And, of course, analyzed Microsoft Patch Tuesday as well. In addition, at the end of […]

Okta's Recent Customer Support Data Breach Impacted 134 Customers

Identity and authentication management provider Okta on Friday disclosed that the recent support case management system breach affected 134 of its 18,400 customers. It further noted that the unauthorized intruder gained access to its systems from September 28 to October 17, 2023, and ultimately accessed HAR files containing session tokens that could be used for session hijacking attacks. "The

CVE-2023-36034

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability