WordPress plugin Security Ninja 安全漏洞

WordPress Security Ninja is a plugin that focuses on website security protection, providing automated security scanning, login protection, IP blocking, and two-factor authentication to help users proactively identify security risks and prevent hacker attacks. WordPress Security Ninja has an...

Pterodactyl 安全漏洞

Pterodactyl is an open source game server administration panel built using PHP, Nodejs and Go. A security vulnerability exists in Pterodactyl versions prior to 1.11.8 that stems from passwords being recorded in plaintext in logs when a user disables two-step authentication; if a malicious user...

Rittal CMC III Access systems

1. EXECUTIVE SUMMARY CVSS v3 4.8 Vendor: Rittal Equipment: CMC III Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to open control cabinets secured with Rittal locks. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Rittal...

8 ways to improve security on smart home devices

Every so often, a news story breaks that hackers have made their way into a smart home device and stolen personal data. Or that vulnerabilities in smart tech have been discovered that allow their producers or other cybercriminals to spy on customers. We've seen it play out over and over with smar...

JVN#27137002: IIJ SmartKey App for Android vulnerable to authentication bypass

IIJ SmartKey App for Android provided by Internet Initiative Japan Inc. is an application that enables two-step authentication two-factor authentication for a website from an Android device. IIJ SmartKey App for Android contains an authentication bypass vulnerability CWE-287. Impact An attacker m...

Is Your Mobile Carrier Your Weakest Link?

More online services than ever now offer two-step authentication -- requiring customers to complete a login using their phone or other mobile device after supplying a username and password. But with so many services relying on your mobile for that second factor, there has never been more riding o...

Yahoo Deploys Passwordless Account Key Tool

In hopes of eliminating the password, at least on the company’s mobile apps, Yahoo on Friday deployed a stable version of its Account Key mechanism. The feature, essentially two-step authentication—without the first step—allows Yahoo users to log into the company’s Finance, Fantasy, Mail,...

Automattic: Verification code issues for Two-Step Authentication

Hi there, I noticed two issues regarding the verification code that is sent to the phone as Two-Step Authentication for Wordpress accounts. I found out that verification code sent as SMS while enabling Two-Step Authentication can be reused infinitely for login. Issue1 The application does not...

Iranian Gmail users targeted by politically motivated phishing attack

Google says tens of thousands of Gmail accounts belonging to Iranian users have been targeted in an politically motivated hacking campaign in the weeks leading up to the country's closely watched presidential elections. For the last three weeks, the search giant said it has "detected and disrupte...

SA-CONTRIB-2013-047 - Google Authenticator login - Access Bypass

This module will allow you to add Time-based One-time Password Algorithm also called "Two Step Authentication" or "Multi-Factor Authentication" support to user logins. It works with Google's Authenticator app system and support most if not all OATH based HOTP/TOTP systems. Accidental removal of...

Syrian Electronic Army Hijacks The Guardian's Twitter Accounts

The Guardian's Twitter accounts have been taken over by pro-Syrian government hackers 'Syrian Electronic Army' , who previously targeted the Associated Press BBC, al-Jazeera, the Qatari government and National Public Radio in the United States, as well as France 24 TV. "We are aware that a number...

Malware called 'Eurograbber' steals 36 million Euros

A new version of the Zeus botnet was used to steal about $47 million from European banking customers in the past year. This Zeus variant Trojan is blamed for attacks that stole more than 36 million Euros $47 million U.S. dollars from an estimated 30,000 consumer and corporate accounts at European...

Malware called 'Eurograbber' steals 36 million Euros

A new version of the Zeus botnet was used to steal about $47 million from European banking customers in the past year. This Zeus variant Trojan is blamed for attacks that stole more than 36 million Euros $47 million U.S. dollars from an estimated 30,000 consumer and corporate accounts at European...

Google Adds Two-Factor Verification to Gmail

Google has introduced a new two-step authentication feature for Gmail users that it says will significantly increase the security of the free mail service. The system enables users to set up a method for obtaining a secret code that will be required, along with a password, to access a Gmail...