XKCD Forum Hacked – Over 562,000 Users' Account Details Leaked

XKCD—one of the most popular webcomic platforms known for its geeky tech humor and other science-laden comic strips on romance, sarcasm, math, and language—has suffered a data breach exposing data of its forum users. The security breach occurred two months ago, according to security researcher Tr...

CVE-2019-13421

Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database...

Default credentials

Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database...

CVE-2019-13421

Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database...

Timing Attack

BCrypt.Net-Core is vulnerable to timing attacks. The library does not compare the password hash in constant time, allowing a malicious user to use the timing of the request to progressively identify a valid hash...

Timely Password-Change Call from Twitter, as Bugs Hit WebEx and GPON routers

The cyber security news cycle is always active, so to help you stay in the loop here’s a selection of incidents that caught our attention over the past week or so involving, among others, Twitter, Cisco and GPON routers. Twitter picks a good day for password-change call As “change your password”...

Change Your Twitter Password Immediately, Bug Exposes Passwords in Plaintext

Twitter is urging all of its 330 million users to change their passwords after a software glitch unintentionally exposed its users' passwords by storing them in readable text on its internal computer system. The social media network disclosed the issue in an official blog post and a series of...

Twitter Urges Users to Change Passwords Due to Glitch

Twitter said Thursday that a glitch caused account passwords to be stored in plain text on an internal log, sending users across the platform scrambling to change their passwords. The social media company said that it found and has fixed the glitch, and its investigation shows no indication of a...

CVE-2017-15536

An issue was discovered in Cloudera Data Science Workbench CDSW 1.x before 1.2.0. Several web application vulnerabilities allow malicious authenticated users of CDSW to escalate privileges in CDSW. CDSW users can exploit these vulnerabilities in combination to gain root access to CDSW nodes, gain...

Design/Logic Flaw

An issue was discovered in Cloudera Data Science Workbench CDSW 1.x before 1.2.0. Several web application vulnerabilities allow malicious authenticated users of CDSW to escalate privileges in CDSW. CDSW users can exploit these vulnerabilities in combination to gain root access to CDSW nodes, gain...

CVE-2017-15536

An issue was discovered in Cloudera Data Science Workbench CDSW 1.x before 1.2.0. Several web application vulnerabilities allow malicious authenticated users of CDSW to escalate privileges in CDSW. CDSW users can exploit these vulnerabilities in combination to gain root access to CDSW nodes, gain...

WordPress Apocalypse Meow plugin <=21.2.7 - BCrypt Authentication Bypass vulnerability

BCrypt Authentication Bypass vulnerability found by Steve Sc00bzT in WordPress Apocalypse Meow plugin versions =21.2.7. Solution Update the WordPress Apocalypse Meow plugin to the latest available version at least 21.2.8...

Apocalypse Meow 21.1.3-21.2.7 - BCrypt Authentication Bypass

Requires bcrypt to be enabled...

CVE-2015-3454

TelescopeJS before 0.15 leaks user bcrypt password hashes in websocket messages, which might allow remote attackers to obtain password hashes via a cross-site scripting attack...

CVE-2015-3454

TelescopeJS prior to version 0.15 leaks user bcrypt password hashes in websocket messages, which an attacker could obtain through a cross-site scripting attack. This is documented in CVE-2015-3454 (NVD). The available sources corroborate that the vulnerability involves leaking password hash data ...

Nextcloud: Android content provider exposes password-protected share password hashes

Summary Nextcloud Android client v1.4.3 has a globally available content provider which exposes the bcrypt password hashes for password protected shared files and folders. Description Android apps can use a content provider to handle storage and retrieval of data. Content providers that are...

Atlassian's HipChat Hacked — Users' Data May Have Been Compromised

Atlassian's group chat platform HipChat is notifying its users of a data breach after some unknown hacker or group of hackers broke into one of its servers over the weekend and stole a significant amount of data, including group chat logs. What Happened? According to a security notice published o...

DailyMotion Hack Leaks Emails, Passwords of 87M Users

DailyMotion, a popular video sharing website, said Tuesday it recently suffered an “external security problem” resulting in the compromise of an unspecified number of its users’ data. LeakedSource.com, a repository of breached data, added DailyMotion to its list of “Hacked Sites” on Monday. The...

DailyMotion Hacked — 85 Million User Accounts Stolen

Another day, another data breach. This time a popular video sharing platform DailyMotion has allegedly been hacked and tens of millions of users information have been stolen. Breach notification service LeakedSource announced the data breach on Monday after the company obtained 85.2 Million recor...

Cryptography API: Next Generation (CNG) vulnerable to denial-of-service (DoS)

Overview Cryptography API: Next Generation CNG contains an issue in BCryptDecrypt, which may result in a denial-of-service DoS. ASHINO, Yuki of NEC Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...