Security
Headlines
HeadlinesLatestCVEs

Tag

#web

IdeaSoft To Launch an Innovative Perpetual DEX on INTMAX’s Open-source L2 Plasma Next

By Uzair Amir Building on Plasma Next would make the DEX as convenient as CEX for trading with low fees, slippage, and waiting period. This is a post from HackRead.com Read the original post: IdeaSoft To Launch an Innovative Perpetual DEX on INTMAX’s Open-source L2 Plasma Next

HackRead
#web#js#git#samba
The Power of ISP Proxies: Unlocking Local Content and Resources

By Owais Sultan Modern advancements have tilted the world into a tightly-knit web. Accessing localized content and resources can be hard… This is a post from HackRead.com Read the original post: The Power of ISP Proxies: Unlocking Local Content and Resources

Thread Hijacking: Phishes That Prey on Your Curiosity

Thread hijacking attacks. They happen when someone you know has their email account compromised, and you are suddenly dropped into an existing conversation between the sender and someone else. These missives draw on the recipient's natural curiosity about being copied on a private discussion, which is modified to include a malicious link or attachment. Here's the story of a recent thread hijacking attack in which a journalist was copied on a phishing email from the unwilling subject of a recent scoop.

New iMessage Phishing Campaign Targets Postal Service Users Globally

By Waqas Some of the known targets of this iMessage phishing campaign are USPS (the United States Postal Service), DHL, Evri, Australia Post, Bulgarian Posts, and Singapore Post. This is a post from HackRead.com Read the original post: New iMessage Phishing Campaign Targets Postal Service Users Globally

Stopping a K-12 cyberattack (SolarMarker) with ThreatDown MDR

How experts uncovered a years-long SolarMarker attack on a K-12 district

GHSA-r75m-26cq-mjxc: Serverpod improved security for stored password hashes

## Description ### Improved security for stored password hashes Serverpod now uses the OWASP, [source](https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#introduction), recommended Argon2Id password hash algorithm to store password hashes for the email authentication module. Starting from Serverpod `1.2.6` all users that either creates an account or authenticates with the server will have their password stored using the safer algorithm. No changes are required from the developer to start storing passwords using the safer algorithm. ### Why did we change how passwords are stored? An issue was identified with the old password hash algorithm that made it susceptible to rainbow attacks if the database was compromised. It is strongly recommended to migrate your existing password hashes. ### Migrate existing password hashes The email authentication module provides a helper method to migrate all the existing legacy password hashes in the database. Simply cal...

GHSA-h6x7-r5rg-x5fw: Serverpod client accepts any certificate

This bug bypassed the validation of TSL certificates on all none web HTTP clients in the `serverpod_client` package. Making them susceptible to a man in the middle attack against encrypted traffic between the client device and the server. An attacker would need to be able to intercept the traffic and highjack the connection to the server for this vulnerability to be used. ### Impact All versions of `serverpod_client` pre `1.2.6` ### Patches Upgrading to version `1.2.6` resolves this issue.

Wilder World Launches on Epic Games Store as The First ‘GTA of Web3’ Game

By Uzair Amir Wilder World, a massively multiplayer online metaverse, is now available for wishlisting on the Epic Games Store, a… This is a post from HackRead.com Read the original post: Wilder World Launches on Epic Games Store as The First ‘GTA of Web3’ Game

PyPI Suspends New Projects and Users Due to Malicious Packages

By Waqas Are you a Python developer? Here's what you need to know! This is a post from HackRead.com Read the original post: PyPI Suspends New Projects and Users Due to Malicious Packages

Facebook spied on Snapchat users to get analytics about the competition

Facebook is accused of using potentially criminal methods to spy on Snapchat users to gain a commercial advantage over its competition.