Security
Headlines
HeadlinesLatestCVEs

Tag

#git

Former NSA Employee Faces Life in Prison After Espionage Attempt

The ex-employee claimed that he believed the shared information would benefit Russia and harm the US.

DARKReading
Open in Source
#vulnerability#git
The Evolution of Influencer Marketing in Manchester, UK

By Owais Sultan Dive into Manchester’s vibrant influencer marketing scene. Discover key strategies, leading influencer marketing agencies, and how brands are… This is a post from HackRead.com Read the original post: The Evolution of Influencer Marketing in Manchester, UK

GHSA-r2hw-74xv-4gqp: Nautobot vulnerable to exposure of hashed user passwords via REST API

### Impact In Nautobot 2.0.x, certain REST API endpoints, in combination with the `?depth=<N>` query parameter, can expose hashed user passwords as stored in the database to any authenticated user with access to these endpoints. > The passwords are *not* exposed in plaintext. > Nautobot 1.x is *not* affected by this vulnerability. Example: ``` GET /api/users/permissions/?depth=1 HTTP 200 OK API-Version: 2.0 Allow: GET, POST, PUT, PATCH, DELETE, HEAD, OPTIONS Content-Type: application/json Vary: Accept ``` ```json { "count": 1, "next": null, "previous": null, "results": [ { "id": "28ea85e4-5039-4389-94f1-9a3e1c787149", "object_type": "users.objectpermission", "display": "Run Job", "url": "http://localhost:8080/api/users/permissions/28ea85e4-5039-4389-94f1-9a3e1c787149/", "natural_slug": "run-job_28ea", "object_types": [ "extras.job" ], "name": ...

15 Best SaaS SEO Experts That Will Help You Dominate Online

By Owais Sultan Looking for a SaaS SEO consultant? We’ve rounded up the top 15 SaaS SEO experts you need to… This is a post from HackRead.com Read the original post: 15 Best SaaS SEO Experts That Will Help You Dominate Online

WordPress LiteSpeed Cache 5.6 Cross Site Scripting

WordPress LiteSpeed Cache plugin versions 5.6 and below suffer from a persistent cross site scripting vulnerability.

Cyberattacks on Kenya Drop in Third Quarter

National response team attributes reduction to a cyber workforce with better training.

VMWare Aria Operations For Networks SSH Private Key Exposure

VMWare Aria Operations for Networks (vRealize Network Insight) versions 6.0.0 through 6.10.0 do not randomize the SSH keys on virtual machine initialization. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as the "support" (root) user.

Israeli-Hamas Conflict Spells Opportunity for Online Scammers

As the conflict in the Middle East rages, malicious actors look to exploit the situation with bogus charity sites encouraging donations.

Ex-NSA Employee Pleads Guilty to Leaking Classified Data to Russia

A former employee of the U.S. National Security Agency (NSA) has pleaded guilty to charges accusing him of attempting to transmit classified defense information to Russia. Jareh Sebastian Dalke, 31, served as an Information Systems Security Designer for the NSA from June 6, 2022, to July 1, 2022, where he had Top Secret clearance to access sensitive documents. The latest development comes more

Attacks on web applications spike in third quarter, new Talos IR data shows

We observed the BlackByte ransomware group’s new variant, BlackByte NT, for the first time in addition to the previously seen LockBit ransomware, which continues to be the top observed ransomware family in Talos IR engagements.