Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

Scammers Use DocuSign API to Evade Spam Filters with Phishing Invoices

Scammers are exploiting DocuSign’s APIs to send realistic fake invoices, primarily targeting security software like Norton. This phishing…

HackRead
Open in Source
#ios#mac#google#microsoft#git#auth
Inside the Massive Crime Industry That’s Hacking Billion-Dollar Companies

When you download a piece of pirated software, you might also be getting a piece of infostealer malware, and entering a highly complex hacking ecosystem that’s fueling some of the biggest breaches on the planet.

Cyber Threats That Could Impact the Retail Industry This Holiday Season (and What to Do About It)

As the holiday season approaches, retail businesses are gearing up for their annual surge in online (and in-store) traffic. Unfortunately, this increase in activity also attracts cybercriminals looking to exploit vulnerabilities for their gain.  Imperva, a Thales company, recently published its annual holiday shopping cybersecurity guide. Data from the Imperva Threat Research team’s

NAKIVO Backup for MSP: Best Backup Solution for MSPs

Explore the features of the NAKIVO MSP backup solution. Choose the best MSP backup software to protect client…

Florida Man Accused of Hacking Disney World Menus, Changing Font to Wingdings

Plus: Cops take down a notorious infostealer, Strava leaks world leaders’ locations, and a hacking scandal is causing chaos in Italy.

Booking.com Phishers May Leave You With Reservations

A number of cybercriminal innovations are making it easier for scammers to cash in on your upcoming travel plans. This story examines a recent spear-phishing campaign that ensued when a California hotel had its booking.com credentials stolen. We'll also explore an array of cybercrime services aimed at phishers who target hotels that rely on the world's most visited travel website.

Azure AI Vulnerabilities Allowed Attacks to Bypass Moderation Safeguards

Mindgard researchers uncovered critical vulnerabilities in Microsoft’s Azure AI Content Safety service, allowing attackers to bypass its safeguards…

IT Security Centralization Makes the Use of Industrial Spies More Profitable

As organizations centralize IT security, the risk of espionage is silently becoming a more profitable threat.

Ping Identity PingIDM 7.5.0 Query Filter Injection

Ping Identity PingIDM versions 7.0.0 through 7.5.0 enabled an attacker with read access to the User collection, to abuse API query filters in order to obtain managed and/or internal user's passwords in either plaintext or encrypted variants, based on configuration. The API clearly prevents the password in either plaintext or encrypted to be retrieved by any other means, as this field is set as protected under the User object. However, by injecting a malicious query filter, using password as the field to be filtered, an attacker can perform a blind brute-force on any victim's user password details (encrypted object or plaintext string).

Debian Security Advisory 5801-1

Debian Linux Security Advisory 5801-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, cross-site scripting, spoofing or information disclosure.