#ios

Google and Apple are pushing forward on industry guidelines to stop the sue of Bluetooth devices for unwanted tracking

### Impact Since version 2.11.1, Scrapy drops the `Authorization` header when a request is redirected to a different domain. However, it keeps the header if the domain remains the same but the scheme (http/https) or the port change, all scenarios where the header should also be dropped. In the context of a man-in-the-middle attack, this could be used to get access to the value of that `Authorization` header ### Patches Upgrade to Scrapy 2.11.2. ### Workarounds There is no easy workaround for unpatched versions of Scrapy. You can replace the built-in redirect middlewares with custom ones patched for this issue, but you have to patch them yourself, manually. ### References This security issue was reported and fixed by @szarny at https://huntr.com/bounties/27f6a021-a891-446a-ada5-0226d619dd1a/.

### Impact OctoPrint versions up until and including 1.10.0 contain a vulnerability that allows an unauthenticated attacker to completely bypass the authentication **if the `autologinLocal` option is enabled** within `config.yaml`, even if they come from networks that are not configured as `localNetworks`, by spoofing their IP via the `X-Forwarded-For` header. If autologin is not enabled, this vulnerability does not have any impact. ### Patches The vulnerability has been patched in version 1.10.1. ### Workaround Until the patch has been applied, OctoPrint administrators who have autologin enabled on their instances should disable it and/or to make the instance inaccessible from potentially hostile networks like the internet. ### PoC 1. Enable the `autologinAs` configuration within the `accessControl` section in the [OctoPrint yaml configuration file](https://docs.octoprint.org/en/master/configuration/config_yaml.html#access-control) 2. Set your browser to add the `X-Forwarded-F...

By Deeba Ahmed Android Security Alert- Hackers are disguising malware as popular apps like Instagram and Snapchat to steal your login details. Learn how to identify fake apps and protect yourself from this sneaky cyberattack. This is a post from HackRead.com Read the original post: Android Malware Poses as WhatsApp, Instagram, Snapchat to Steal Data

Apple and Google on Monday officially announced the rollout of a new feature that notifies users across both iOS and Android if a Bluetooth tracking device is being used to stealthily keep tabs on them without their knowledge or consent. "This will help mitigate the misuse of devices designed to help keep track of belongings," the companies said in a joint statement, adding it aims to address "

By Cyber Newswire London, United Kingdom, May 13th, 2024, CyberNewsWire Logicalis, the global technology service provider delivering next-generation digital managed services,… This is a post from HackRead.com Read the original post: Logicalis enhances global security services with the launch of Intelligent Security

Amid a rising tide of adversary drones and missile attacks, laser weapons are finally poised to enter the battlefield.

The Security Explorations team has come up with two attack scenarios that make it possible to extract private ECC keys used by a PlayReady client (Windows SW DRM scenario) for the communication with a license server and identity purposes. Proof of concept included.

Debian Linux Security Advisory 5682-2 - The update for glib2.0 released as DSA 5682-1 caused a regression in ibus affecting text entry with non-trivial input methods. Updated glib2.0 packages are available to correct this issue.

By Waqas Discover the future of phishing email training, including personalized simulations, gamification, AI, and realistic scenarios. Empower your employees to combat evolving cyber threats and protect your organization. This is a post from HackRead.com Read the original post: The Future of Phishing Email Training for Employees in Cybersecurity