Security
Headlines
HeadlinesLatestCVEs

Tag

#web

How Blockchain Games Ensure Transparency and Fairness

The advancement of technology has also impacted sectors like gaming. Blockchain technology has surfaced as an asset that…

HackRead
Open in Source
#web#git#auth
Macs targeted by infostealers in new era of cyberthreats

Info stealers are thriving on Mac, with one specific variant accounting for 70% of all info stealer detections at the end of 2024.

Xerox Versalink Printers Vulnerabilities Could Let Hackers Steal Credentials

Xerox Versalink printers are vulnerable to pass-back attacks. Rapid7 discovers LDAP & SMB flaws (CVE-2024-12510 & CVE-2024-12511). Update…

$10 Infostealers Are Breaching Critical US Security: Military and Even the FBI Hit

A new report reveals how cheap Infostealer malware is exposing US military and defense data, putting national security at risk. Hackers exploit human error to gain access.

Xerox Printer Vulnerabilities Enable Credential Capture

Attackers are using patched bugs to potentially gain unfettered access to an organization's Windows environment under certain conditions.

China-Linked Threat Group Targets Japanese Orgs' Servers

Winnti once used a variety of malware but is now focused on SQL vulnerabilities and obfuscation, updated encryption, and new evasion methods to gain access.

GHSA-vq63-8f72-f486: AspNetCore Remote Authenticator for CIE3.0 Allows SAML Response Signature Verification Bypass

### Description Authentication using Spid and CIE is based on the SAML2 standard which provides for two entities: Identity Provider (IdP): the system that authenticates users and provides identity information ( SAML assertions ) to the Service Provider, essentially, it is responsible for managing user credentials and identity; Service Provider (SP): The system that provides a service to the user and relies on the Identity Provider to authenticate the user, receives SAML assertions from the IdP to grant access to resources. The library `cie-aspnetcorerefers` to the second entity, i.e. the SP, and implements the validation logic of the SAML assertions present within the SAML response . The following is a summary diagram of an authentication flow via SAML: ![](https://github.com/user-attachments/assets/5b10c8f8-5121-446f-95f8-c0355daa5959) As shown in the diagram, the IdP, after verifying the user's credentials, generates a signed SAML response, this is propagated to the SP by the use...

GHSA-36h8-r92j-w9vw: The AspNetCore Remote Authenticator for SPID Allows SAML Response Signature Verification Bypass

### Description Authentication using Spid and CIE is based on the SAML2 standard which provides for two entities: Identity Provider (IdP): the system that authenticates users and provides identity information ( SAML assertions ) to the Service Provider, essentially, it is responsible for managing user credentials and identity; Service Provider (SP): The system that provides a service to the user and relies on the Identity Provider to authenticate the user, receives SAML assertions from the IdP to grant access to resources. The library `spid-aspnetcorerefers` to the second entity, i.e. the SP, and implements the validation logic of the SAML assertions present within the SAML response . The following is a summary diagram of an authentication flow via SAML: ![](https://github.com/user-attachments/assets/5b10c8f8-5121-446f-95f8-c0355daa5959) As shown in the diagram, the IdP, after verifying the user's credentials, generates a signed SAML response, this is propagated to the SP by the us...

Microsoft: New Variant of macOS Threat XCSSET Spotted in the Wild

Microsoft is warning the modular and potentially wormable Apple-focused infostealer boasts new capabilities for obfuscation, persistence, and infection, and could lead to a supply chain attack.