#web

Information stealing malware are actively taking advantage of an undocumented Google OAuth endpoint named MultiLogin to hijack user sessions and allow continuous access to Google services even after a password reset. According to CloudSEK, the critical exploit facilitates session persistence and cookie generation, enabling threat actors to maintain access to a valid session in an

The U.S. Department of Justice (DoJ) on Tuesday said it reached a settlement with VoIP service provider XCast over allegations that it facilitated illegal telemarketing campaigns since at least January 2018, in contravention of the Telemarketing Sales Rule (TSR). In addition to prohibiting the company from violating the law, the stipulated order requires it to meet other compliance measures,

Researchers have found a flaw in the Black Basta ransomware encryption algorithm, allowing decryption of some files.

Gentoo Linux Security Advisory 202401-1 - A vulnerability has been found in Joblib which allows for arbitrary code execution. Versions greater than or equal to 1.2.0 are affected.

This week on the Lock and Code podcast, we speak with Suzanne Bernstein about DNA privacy and protecting data from hackers.

By Waqas Snappfood has acknowledged the cyber attack, leading to a massive data breach. This is a post from HackRead.com Read the original post: Iranian Food Delivery Giant Snappfood Cyber Attack: 3TB of Data Stolen

Ubuntu Security Notice 6563-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. Marcus Brinkmann discovered that Thunderbird did not properly parse a PGP/MIME payload that contains digitally signed text. An attacker could potentially exploit this issue to spoof an email message.

Ubuntu Security Notice 6562-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. DoHyun Lee discovered that Firefox did not properly manage memory when used on systems with the Mesa VM driver. An attacker could potentially exploit this issue to execute arbitrary code.

Ultra Mini HTTPd version 1.21 suffers from a denial of service vulnerability.

Red Hat Security Advisory 2024-0025-03 - An update for firefox is now available for Red Hat Enterprise Linux 9. Issues addressed include buffer overflow and use-after-free vulnerabilities.