Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

GHSA-m5mf-3963-4x26: Authelia applies regulation separately to Username-based logins to Email-based logins

### Summary If users are allowed to sign in via both username and email the regulation system treats these as separate login events. This leads to the regulation limitations being effectively doubled assuming an attacker using brute-force to find a user password. It's important to note that due to the effective operation of regulation where no user-facing sign of their regulation ban being visible either via timing or via API responses, it's effectively impossible to determine if a failure occurs due to a bad username password combination, or a effective ban blocking the attempt which heavily mitigates any form of brute-force. ### Details This occurs because the records and counting process for this system uses the method utilized for sign in rather than the effective username attribute. ### Impact This has a minimal impact on account security, this impact is increased naturally in scenarios when there is no two-factor authentication required and weak passwords are used. This make...

ghsa
Open in Source
#ios#git#auth
Hackers Tricking Users Into Linking Devices to Steal Signal Messages

Is your Signal, WhatsApp, or Telegram account safe? Google warns of increasing attacks by Russian state-backed groups. Learn…

What Is the Board's Role in Cyber-Risk Management in OT Environments?

By taking several proactive steps, boards can improve their organization's resilience against cyberattacks and protect their critical OT assets.

Google now allows digital fingerprinting of its users

Google is allowing its advertizing customers to fingerprint website visitors. Can you stop it?

A Signal Update Fends Off a Phishing Technique Used in Russian Espionage

Google warns that hackers tied to Russia are tricking Ukrainian soldiers with fake QR codes for Signal group invites that let spies steal their messages. Signal has pushed out new safeguards.

Elon Musk’s DOGE Is Being Sued Under the Privacy Act: What to Know

At least eight ongoing lawsuits related to the so-called Department of Government Efficiency’s alleged access to sensitive data hinge on the Watergate-inspired Privacy Act of 1974. But it’s not airtight.

Hard drives containing sensitive medical data found in flea market

A flea market buyer found medical information about hundreds of patients on second hand decommissioned hard drives.

The Official DOGE Website Launch Was a Security Mess

Plus: Researchers find RedNote lacks basic security measures, surveillance ramps up around the US-Mexico border, and the UK ordering Apple to create an encryption backdoor comes under fire.

Scammers Exploit JFK Files Release with Malware and Phishing

Veriti Research reported a developing cyber threat campaign centred around the declassification and release of the RFK, MLK…

ClearML and Nvidia vulns

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed two vulnerabilities in ClearML and four vulnerabilities in Nvidia.  The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy.    For Snort