Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

Malware Bypasses Microsoft Defender and 2FA to Steal $24K in Crypto

Malware bypasses Microsoft Defender and 2FA, stealing $24K in cryptocurrency via a fake NFT game app. Learn how…

HackRead
Open in Source
#vulnerability#web#windows#google#microsoft#auth#zero_day#chrome
Cross-Site Scripting Is 2024's Most Dangerous Software Weakness

MITRE and CISA's 2024 list of the 25 most dangerous software weaknesses exposes the need for organizations to continue to invest in secure code.

Microsoft Takes Action Against Phishing-as-a-Service Platform

The ONNX infrastructure has been servicing criminal actors as far back as 2017.

GHSA-rmxg-6qqf-x8mr: GeoNode Server Side Request forgery

### Summary A server side request forgery vuln was found within geonode when testing on a bug bounty program. Server side request forgery allows a user to request information on the internal service/services. ### Details The endpoint /proxy/?url= does not properly protect against SSRF. when using the following format you can request internal hosts and display data. /proxy/?url=http://169.254.169.254\@whitelistedIPhere. This will state wether the AWS internal IP is alive. If you get a 404, the host is alive. A non alive host will not display a response. To display metadata, use a hashfrag on the url /proxy/?url=http://169.254.169.254\@#whitelisteddomain.com or try /proxy/?url=http://169.254.169.254\@%23whitelisteddomain.com ### Impact Port scan internal hosts, and request information from internal hosts.

GHSA-5cph-wvm9-45gj: Flowise OverrideConfig security vulnerability

### Impact Flowise allows developers to inject configuration into the Chainflow during execution through the `overrideConfig` option. This is supported in both the frontend web integration and the backend Prediction API. This has a range of fundamental issues that are a **major** security vulnerability. While this feature is intentional, it should have strong protections added and be disabled by default. These issues include: 1. Remote code execution. While inside a sandbox this allows for 1. Sandbox escape 2. DoS by crashing the server 3. SSRF 2. Prompt Injection, both System and User 1. Full control over LLM prompts 2. Server variable and data exfiltration And many many more such as altering the flow of a conversation, prompt exfiltration via LLM proxying etc. These issues are self-targeted and do not persist to other users but do leave the server and business exposed. All issues are shown with the API but also work with the web embed. ### Workarounds - `overrideC...

Cloud Security Startup Wiz to Acquire Dazz in Risk Management Play

Dazz's remediation engine will boost risk management in Wiz's cloud security portfolio.

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. technology companies between 2021 and 2023, including LastPass, MailChimp, Okta, T-Mobile and Twilio.

Chinese APT Gelsemium Deploys 'Wolfsbane' Linux Variant

In a sign of the times, a backdoor malware whose ancestors date back to 2005 has morphed to target Linux systems.

Bidirectional communication via polyrhythms and shuffles: Without Jon the beat must go on

The Threat Source Newsletter is back! William Largent discusses bidirectional communication in the SOC, and highlights new Talos research including the discovery of PXA Stealers.