Tag
American cybersecurity firm and Google Cloud subsidiary Mandiant had its X (formerly Twitter) account compromised for more than six hours by an unknown attacker to propagate a cryptocurrency scam. As of writing, the account has been restored on the social media platform. It's currently not clear how the account was breached. But the hacked Mandiant account was initially renamed to "@
minaliC version 2.0.0 suffers from a denial of service vulnerability.
By Deeba Ahmed Buy Your Verified Scam: Researchers Expose Twitter Gold Account Black Market. This is a post from HackRead.com Read the original post: Scammers Selling Twitter (X) Gold Accounts Fueling Disinfo, Phishing
Microsoft decided to disable App Installer links by default after it noticed several access brokers using the handler to spread malware.
By Waqas Despite Google's proactive removal of these apps, the threat persists through third-party markets, compromising over 327,000 devices globally. This is a post from HackRead.com Read the original post: New Xamalicious Backdoor Infects 25 Android Apps, Affects 327K Devices
Information stealing malware are actively taking advantage of an undocumented Google OAuth endpoint named MultiLogin to hijack user sessions and allow continuous access to Google services even after a password reset. According to CloudSEK, the critical exploit facilitates session persistence and cookie generation, enabling threat actors to maintain access to a valid session in an
By Deeba Ahmed An attacker with access to a Kubernetes cluster could chain two vulnerabilities in Google Kubernetes Engine (GKE) to escalate privileges and take over the cluster. This is a post from HackRead.com Read the original post: Google Kubernetes Engine Vulnerabilities Could Allow Cluster Takeover
### Impact All Hail Batch clusters are affected. An attacker is able to: 1. Create one or more accounts with Hail Batch without corresponding real accounts in the organization. For example, a user could create a Microsoft or Google account and then change their email to "inconspicuous@example.org". This Microsoft or Google account can then be used to create a Hail Batch account in Hail Batch clusters whose organization domain is "example.org". In Google, this attack is partially mitigated because Google requires users to verify ownership of their Google account. However, a valid user is able to create multiple distinct Hail Batch accounts by creating multiple distinct Google accounts using email addresses of the form "real_user_email_name+random_id@example.org". In Microsoft, this attack requires Azure AD Administrator access to an Azure AD Tenant. The Azure AD Administrator is permitted to change the email address of an account to any other email address without verification. An ...
By Waqas Snappfood has acknowledged the cyber attack, leading to a massive data breach. This is a post from HackRead.com Read the original post: Iranian Food Delivery Giant Snappfood Cyber Attack: 3TB of Data Stolen
FTPDMIN version 0.96 suffers from a denial of service vulnerability.