#auth

By Waqas The teasure trove of highly sentisive data is being sold for just $3,000 in Monero (XMR) cryptocurrency on Breach Forums. This is a post from HackRead.com Read the original post: Hacker Claims Breaching US Federal Contractor Acuity, Selling ICE, USCIS Data

Plus: An ex-Google engineer gets arrested for allegedly stealing trade secrets, hackers breach the top US cybersecurity agency, and X’s new feature exposes sensitive user data.

By Deeba Ahmed Major Retailers Selling Video Doorbells with Serious Security Flaws, Consumer Reports Warns. This is a post from HackRead.com Read the original post: Unsecured Video Doorbells Sold on Major Platforms: Millions at Risk of Hacking

Debian Linux Security Advisory 5637-1 - Several security vulnerabilities have been discovered in Squid, a full featured web proxy cache. Due to programming errors in Squid's HTTP request parsing, remote attackers may be able to execute a denial of service attack by sending large X-Forwarded-For header or trigger a stack buffer overflow while performing HTTP Digest authentication. Other issues facilitate request smuggling past a firewall or a denial of service against Squid's Helper process management.

MongoDB versions 2.0.1, 2.1.1, 2.1.4, and 2.1.5 appear to suffer from multiple localized password disclosure issues.

Ladder versions 0.0.1 through 0.0.21 fail to apply sufficient default restrictions on destination addresses, allowing an attacker to make GET requests to addresses that would typically not be accessible from an external context. An attacker can access private address ranges, locally listening services, and cloud instance metadata APIs.

By Deeba Ahmed Cisco announced patches for high-severity vulnerabilities on Wednesday, March 6, 2024. This is a post from HackRead.com Read the original post: Cisco Fixes High-Severity Code Execution and VPN Hijacking Flaws

If you live in the United States, the data broker Radaris likely knows a great deal about you, and they are happy to sell what they know to anyone. But how much do we know about Radaris? Publicly available data indicates that in addition to running a dizzying array of people-search websites, the co-founders of Radaris operate multiple Russian-language dating services and affiliate programs. It also appears many of their businesses have ties to a California marketing firm that works with a Russian state-run media conglomerate currently sanctioned by the U.S. government.

Users of JetBrains TeamCity on-prmises server need to deal with two serious vulnerabilities.

Cisco has released patches to address a high-severity security flaw impacting its Secure Client software that could be exploited by a threat actor to open a VPN session with that of a targeted user. The networking equipment company described the vulnerability, tracked as CVE-2024-20337 (CVSS score: 8.2), as allowing an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF