Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

Section 702 Surveillance Fight Pits the White House Opposite Reproductive Rights

Prominent advocates for the rights of pregnant people are urging members of Congress to support legislation that would ban warrantless access to sensitive data as the White House fights against it.

Wired
Open in Source
#ios#intel#auth
How are attackers using QR codes in phishing emails and lure documents?

QR code attacks are particularly dangerous because they move the attack vector off a protected computer and onto the target’s personal mobile device, which usually has fewer security protections in place and ultimately has the sensitive information that attackers are after.

Zero-Day in QNAP QTS Affects NAS Devices Globally

By Deeba Ahmed QNAP has released fixes for the zero-day vulnerability, so it's important to install them immediately. This is a post from HackRead.com Read the original post: Zero-Day in QNAP QTS Affects NAS Devices Globally

GHSA-3hv4-r2fm-h27f: Email Validation Bypass And Preventing Sign Up From Email's Owner

### Summary Email validation can easily be bypassed because `verify_email_enabled` option enable email validation at sign up only. A user changing it's email after signing up (and verifying it) can change it without verification in `/profile`. This can be used to prevent legitimate owner of the email address from signing up. Another way to prevent email's owner from signing up is by setting Username as an email: When a new user is registrering, they can set two different email addresses in the Email and Username field, technically having 2 email addresses (because Grafana handles usernames and emails the same in some situations), but only the former is validated. ![](https://user-images.githubusercontent.com/44581623/282073913-c1a8c20b-b6c3-46eb-840c-9e0dae718a2a.png) Here user a prevents owner of [email protected] to signup. ### Details I don't know exact location but this is related to PUT /api/user handler. ### PoC Bypass email validation: * Start a new grafana instance using lat...

TheTruthSpy stalkerware, still insecure, still leaking data

Stalkerware app TheTruthSpy has been hacked for the fourth time, once again leaking the sensitive data it captures.

Beyond the Charts -The Human Factor in Cybersecurity and Financial Decisions

By Owais Sultan Beneath the surface of those analytical gear lies a crucial element that regularly shapes the future of investments… This is a post from HackRead.com Read the original post: Beyond the Charts -The Human Factor in Cybersecurity and Financial Decisions

Ransomware review: February 2024

In January, we recorded a total of 261 ransomware victims.

AI-generated voices in robocalls are illegal, rules FCC

The FCC has ruled that the use of AI generated voices in robocalls is illegal, by considering them as artificial under the Telephone Consumer Protection Act.

Why Are Compromised Identities the Nightmare to IR Speed and Efficiency?

Incident response (IR) is a race against time. You engage your internal or external team because there's enough evidence that something bad is happening, but you’re still blind to the scope, the impact, and the root cause. The common set of IR tools and practices provides IR teams with the ability to discover malicious files and outbound network connections. However, the identity aspect - namely

A Celebrated Cryptography-Breaking Algorithm Just Got an Upgrade

Two researchers have improved a well-known technique for lattice basis reduction, opening up new avenues for practical experiments in cryptography and mathematics.