#security-flaw

[ follow ]
#cybersecurity

Researchers crack Microsoft Azure MFA within an hour

Unauthorized access to Microsoft accounts via MFA flaw; 400M accounts exposed.
Researchers quickly bypassed MFA protection due to lack of rate limit on failed attempts.
Microsoft implemented stricter measures post-discovery to safeguard user accounts.

Researchers Sound Alarm on Active Attacks Exploiting Critical Zimbra Postjournal Flaw

Active exploitation of a severe flaw in Zimbra Collaboration has begun, emphasizing the need for prompt security updates to prevent unauthorized command execution.

Researchers crack Microsoft Azure MFA within an hour

Unauthorized access to Microsoft accounts via MFA flaw; 400M accounts exposed.
Researchers quickly bypassed MFA protection due to lack of rate limit on failed attempts.
Microsoft implemented stricter measures post-discovery to safeguard user accounts.

Researchers Sound Alarm on Active Attacks Exploiting Critical Zimbra Postjournal Flaw

Active exploitation of a severe flaw in Zimbra Collaboration has begun, emphasizing the need for prompt security updates to prevent unauthorized command execution.
morecybersecurity
#pixel-phones

That massive Pixel security flaw has been patched

The security flaw in Pixel phones was due to an app called showcase.apk, which had high privileges and could pose serious risks.
Google has rolled out an update to remove the vulnerable showcase.apk from affected Pixel phones. It had potential implications for user privacy and security.

That massive Pixel security flaw reported last month has been patched

Google's latest update eliminates a serious security flaw affecting Pixel phones due to a pre-installed application, showcasing proactive measures to safeguard user data.

That massive Pixel security flaw has been patched

The security flaw in Pixel phones was due to an app called showcase.apk, which had high privileges and could pose serious risks.
Google has rolled out an update to remove the vulnerable showcase.apk from affected Pixel phones. It had potential implications for user privacy and security.

That massive Pixel security flaw reported last month has been patched

Google's latest update eliminates a serious security flaw affecting Pixel phones due to a pre-installed application, showcasing proactive measures to safeguard user data.
morepixel-phones

New Windows vulnerability could repeatedly trigger the blue screen of death on millions of devices

A Windows vulnerability in CLFS.sys driver can crash systems, rated medium severity, requires low privilege but local access to exploit.
#vulnerability

Outdated AMD chips reportedly won't get a patch for the 'Sinkclose' security flaw

Not all AMD chips affected by Sinkclose flaw will receive updates; some older products are outside AMD's support window.

Chrome, Firefox, Safari patch 0.0.0.0 security hole

A major security flaw named 0.0.0.0 Day is present in various web browsers on macOS and Linux, allowing unauthorized access to local services.

Outdated AMD chips reportedly won't get a patch for the 'Sinkclose' security flaw

Not all AMD chips affected by Sinkclose flaw will receive updates; some older products are outside AMD's support window.

Chrome, Firefox, Safari patch 0.0.0.0 security hole

A major security flaw named 0.0.0.0 Day is present in various web browsers on macOS and Linux, allowing unauthorized access to local services.
morevulnerability
#data-breach

Hackers uncover new TheTruthSpy stalkerware victims: Is your Android device compromised? | TechCrunch

TheTruthSpy, a consumer-grade spyware operation, has a security flaw that allows for mass access to victims' stolen mobile device data.
Hacking groups SiegedSec and ByteMeCrew independently discovered and exploited the flaw, and they have not publicly released the breached data.

Rabbit R1 security issue allegedly leaves sensitive user data accessible to anybody

The team behind Rabbitude discovered critical security flaws in Rabbit R1's code, potentially compromising user data and device functionality.

Security flaws discovered in a popular web analytics provider

A security flaw in Hotjar highlighted by Salt Security reveals potential vulnerabilities with OAuth integration and XSS attacks.

Hackers uncover new TheTruthSpy stalkerware victims: Is your Android device compromised? | TechCrunch

TheTruthSpy, a consumer-grade spyware operation, has a security flaw that allows for mass access to victims' stolen mobile device data.
Hacking groups SiegedSec and ByteMeCrew independently discovered and exploited the flaw, and they have not publicly released the breached data.

Rabbit R1 security issue allegedly leaves sensitive user data accessible to anybody

The team behind Rabbitude discovered critical security flaws in Rabbit R1's code, potentially compromising user data and device functionality.

Security flaws discovered in a popular web analytics provider

A security flaw in Hotjar highlighted by Salt Security reveals potential vulnerabilities with OAuth integration and XSS attacks.
moredata-breach

Microsoft Defender Flaw Exploited to Deliver ACR, Lumma, and Meduza Stealers

A security flaw in Microsoft Defender SmartScreen was exploited to distribute information stealers like ACR Stealer, Lumma, and Meduza, targeting various countries.

GitHub Enterprise Server patches critical vulnerability

GitHub patched a severe security flaw affecting its Enterprise Server software, with a CVSS severity score of 10 out of 10.

Two students uncover security bug that could let millions do their laundry for free | TechCrunch

A university pair discovered a security flaw in internet-connected laundry machines allowing free cycles, vendor ignored requests for fixes.

AWS patches S3 storage flaw that racked up huge bills for customers

AWS fixed an S3 storage flaw resulting in unauthorized requests and high bills for customers.

GitLab Fixes Security Flaw That Lets Attackers Run Pipeline Jobs - DevOps.com

GitLab urges immediate upgrade to fix critical security flaw allowing malicious pipeline execution.
[ Load more ]