#git

Low-code/no-code (LCNC) and robotic process automation (RPA) technologies allow companies to speed up development processes and reduce costs, but security is often overlooked. When this happens, the risks can outweigh the benefits.

Fortinet uncovers a new PayPal phishing scam exploiting legitimate platform features. Learn how this sophisticated attack works and how to protect yourself from falling victim.

SUMMARY Cybersecurity researchers at Group-IB have discovered a sophisticated refund scam where scammers are using remote access tools…

Insufficient Session Expiration vulnerability in Apache Airflow Fab Provider. This issue affects Apache Airflow Fab Provider: before 1.5.2. When user password has been changed with admin CLI, the sessions for that user have not been cleared, leading to insufficient session expiration, thus logged users could continue to be logged in even after the password was changed. This only happened when the password was changed with CLI. The problem does not happen in case change was done with webserver thus this is different from [CVE-2023-40273](https://github.com/advisories/GHSA-pm87-24wq-r8w9) which was addressed in Apache-Airflow 2.7.0 Users are recommended to upgrade to version 1.5.2, which fixes the issue.

The southern African telco is the latest entity on the continent to have its critical infrastructure hacked, and attackers release sensitive info online when Telecom Namibia refuses to negotiate.

Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. However, new details about the internal operations of a prolific voice phishing gang show the group routinely abuses legitimate services at Apple and Google to force a variety of outbound communications to their users, including emails, automated phone calls and system-level messages sent to all signed-in devices.

### Details Persistent XSS vulnerability in image link handling of PHP-Textile versions 4.1.2 and older, when running the parser in restricted mode. In restricted mode it is expected that the input would be sanitized, allowing user-input (such as user comments) to be parsed and handled safely by the PHP-Textile library. In restricted mode, the version 4.1.2 of the library does not sanitize or validate user-controllable href input in image links, but allows any link protocol or JavaScriptt links to be used. The vulnerability allows an attacker to add malicious JavaScript code to the page which is then executed when an unexpecting user clicks the link. In non-restricted mode, the library allows mixed HTML input, and any link protocol by design. In restricted mode, text links were already handled correctly and the vulnerability only affects image links. ### Resolution This issue was fixed in PHP-Textile version 4.1.3. Version 4.1.3 disallows use of JavaScript in image links when the ...

The malware, found on a Russian cybercriminal site, impersonates e-commerce payment-processing services such as Stripe to steal user payment data from legitimate websites.

### Impact Users of WireGuard Portal v2 who have OAuth (or OIDC) authentication backends enabled can be affected by an Account Takeover vulnerability if they visit a malicious website. ### Patches The problem was fixed in the latest alpha release, v2.0.0-alpha.3. The [docker images](https://hub.docker.com/r/wgportal/wg-portal) for the tag 'latest' built from the master branch also include the fix.

### Impact Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptographic identity has changed from a verified to an unverified one, which could cause client applications relying on the SDK to overlook such changes. ### Patches matrix-sdk-crypto 0.8.0 adds a new `VerificationLevel::VerificationViolation` enum variant which indicates that a previously verified identity has been changed. ### Workarounds N/A ### References - Patch: https://github.com/matrix-org/matrix-rust-sdk/pull/3795