Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

Crypto and Cybersecurity: The Rising Threats and Why Reliable Wallets Matter

Cybersecurity threats in crypto are rising, from the Bybit hack to fake wallets stealing funds. Learn how to…

HackRead
Open in Source
#vulnerability#web#ios#google#git#auth
Predatory app downloaded 100,000 times from Google Play Store steals data, uses it for blackmail

The stolen information included listed contacts, call logs, text messages, photos, and the device’s location.

The National Institute of Standards and Technology Braces for Mass Firings

Approximately 500 NIST staffers, including at least three lab directors, are expected to lose their jobs at the standards agency as part of the ongoing DOGE purge, sources tell WIRED.

Weathering the storm: In the midst of a Typhoon

Cisco Talos has been closely monitoring reports of widespread intrusion activity against several major U.S. telecommunications companies, by a threat actor dubbed Salt Typhoon. This blog highlights our observations on this campaign and identifies recommendations for detection and prevention.

FBI and CISA Warn of Ghost Ransomware: A Threat to Firms Worldwide

FBI and CISA warn of Ghost ransomware, a China-based cyber threat targeting businesses, schools, and healthcare worldwide by exploiting software vulnerabilities.

GHSA-m5mf-3963-4x26: Authelia applies regulation separately to Username-based logins to Email-based logins

### Summary If users are allowed to sign in via both username and email the regulation system treats these as separate login events. This leads to the regulation limitations being effectively doubled assuming an attacker using brute-force to find a user password. It's important to note that due to the effective operation of regulation where no user-facing sign of their regulation ban being visible either via timing or via API responses, it's effectively impossible to determine if a failure occurs due to a bad username password combination, or a effective ban blocking the attempt which heavily mitigates any form of brute-force. ### Details This occurs because the records and counting process for this system uses the method utilized for sign in rather than the effective username attribute. ### Impact This has a minimal impact on account security, this impact is increased naturally in scenarios when there is no two-factor authentication required and weak passwords are used. This make...

Hackers Tricking Users Into Linking Devices to Steal Signal Messages

Is your Signal, WhatsApp, or Telegram account safe? Google warns of increasing attacks by Russian state-backed groups. Learn…

What Is the Board's Role in Cyber-Risk Management in OT Environments?

By taking several proactive steps, boards can improve their organization's resilience against cyberattacks and protect their critical OT assets.

Google now allows digital fingerprinting of its users

Google is allowing its advertizing customers to fingerprint website visitors. Can you stop it?

A Signal Update Fends Off a Phishing Technique Used in Russian Espionage

Google warns that hackers tied to Russia are tricking Ukrainian soldiers with fake QR codes for Signal group invites that let spies steal their messages. Signal has pushed out new safeguards.