Security
Headlines
HeadlinesLatestCVEs

Tag

#web

Dropbox Sign customer data accessed in breach

After a breach in the Dropbox Sign environment, customer information may have been stolen and API users have restricted functionality

Malwarebytes
#web#git#oauth#auth
What can we learn from the passwords used in brute-force attacks?

There are some classics on this list — the ever-present “Password” password, Passw0rd (with a zero, not an “O”) and “123456.”

GHSA-rcm2-22f3-pqv3: Firebase vulnerable to CRSF attack

This vulnerability was a potential CSRF attack. When running the Firebase emulator suite, there is an export endpoint that is used normally to export data from running emulators. If a user was running the emulator and navigated to a malicious website with the exploit on a browser that allowed calls to localhost (ie Chrome before v94), the website could exfiltrate emulator data. We recommend upgrading past version 13.6.0 or [commit 068a2b08dc308c7ab4b569617f5fc8821237e3a0](https://github.com/firebase/firebase-tools/commit/068a2b08dc308c7ab4b569617f5fc8821237e3a0).

The Breach of a Face Recognition Firm Reveals a Hidden Danger of Biometrics

Outabox, an Australian firm that scanned faces for bars and clubs, suffered a breach that shows the problems with giving companies your biometric data.

Watch out for tech support scams lurking in sponsored search results

Our researchers found fake sponsored search results that lead consumers to a typical fake Microsoft alert site set up by tech support scammers.

Ubuntu Security Notice USN-6747-2

Ubuntu Security Notice 6747-2 - USN-6747-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Bartek Nowotarski discovered that Firefox did not properly limit HTTP/2 CONTINUATION frames. An attacker could potentially exploit this issue to cause a denial of service. Gary Kwong discovered that Firefox did not properly manage memory when running garbage collection during realm initialization. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. Lukas Bernhard discovered that Firefox did not properly manage memory during JIT optimizations, leading to an out-of-bounds read vulnerability. An attacker could possibly use...

htmlLawed 1.2.5 Remote Command Execution

htmlLawed versions 1.2.5 and below proof of concept remote command execution exploit.

Psychotherapy practice hacker gets jail time after extorting patients, publishing personal therapy notes online

The hacker behind the extortion of mental health clinic Vastaamo and its clients has been convicted to over 6 years in jail.

LayerX Security Raises $24M for Browser Security: Empowering Secure Remote Work

By Cyber Newswire Early adoption by Fortune 100 companies worldwide, LayerX already secures more users than any other browser security solution and enables unmatched security, performance and experience   This is a post from HackRead.com Read the original post: LayerX Security Raises $24M for Browser Security: Empowering Secure Remote Work

CyberPower PowerPanel

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/Low attack complexity Vendor: CyberPower Equipment: PowerPanel Vulnerabilities: Use of Hard-coded Password, Relative Path Traversal, Use of Hard-coded Credentials, Active Debug Code, Storing Passwords in a Recoverable Format, Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), Use of Hard-coded Cryptographic Key, Improper Authorization 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in an attacker bypassing authentication and gaining administrator privileges, forging JWT tokens to bypass authentication, writing arbitrary files to the server and achieving code execution, gaining access to services with the privileges of a PowerPanel application, gaining access to the testing or production server, learning passwords and authenticating with user or administrator privileges, injecting SQL syntax, writing arbitrary files to the system, executing remot...