147 matches found
23andMe to pay $30 million in settlement over 2023 data breach
Genetic testing company 23andMe will pay $30 million to settle a class action lawsuit over a 2023 data breach which ended in some customers having information like names, birth years, and ancestry information exposed. In October 2023, we reported on how information belonging to as many as seven...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a possible overflow of a variable in a compensation function due to a displacement operation...
Infosys Data Breach Impacts 57,000 Bank of America Customers
By Waqas Bank of America customers participating in deferred compensation plans are the main victims of this data breach. This is a post from HackRead.com Read the original post: Infosys Data Breach Impacts 57,000 Bank of America Customers...
5 Surprising facts from the Cloud Security Salary Guide
Wiz is releasing a new report providing insight into various jobs in the field of cloud security and compensation packages they offer; here are 5 key facts from our data...
Major Cyber Attack Paralyzes Kyivstar - Ukraine's Largest Telecom Operator
Ukraine's biggest telecom operator Kyivstar has become the victim of a "powerful hacker attack," disrupting customer access to mobile and internet services. "The cyberattack on Ukraine's Kyivstar telecoms operator has impacted all regions of the country with high impact to the capital, metrics...
US Facebook users can now claim Cambridge Analytica settlement cash
US-based Facebook users can now claim a piece of the enormous settlement payment by Meta, Facebook's parent company, over the Cambridge Analytica scandal. This news follows Meta agreeing to pay $725 million in December 2022 to settle the longstanding class action lawsuit filed by Lauren Price in...
Uber data theft: Driver info stolen after law firm breached
Uber, yet again, has become a victim of data theft following a third-party breach. This time, threat actors have aimed at the company's law firm, Genova Burns. Data of Uber's drivers may have been swiped during the security incident. According to the letter sent to affected drivers, the firm beca...
Derivative Pool Issue can Lead to Loss User Funds when Unstaking
Lines of code Vulnerability details Impact In all withdraw functions of derivatives, there is no check for sending zero Ether back to the safEth contract. It is important to note that the addressmsg.sender.callvalue: 0"" function returns true even when transferring a zero value. On the other hand...
libde265 代码问题漏洞
Libde265 is a German h.265 video codec. A security vulnerability exists in libde265 version v1.0.10, which stems from a NULL pointer dereference issue found in the ffhevcputunweightedpred8sse method of the sse-motion.cc file...
SUSE CVE-2006-4924
sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service CPU consumption via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector...
Deficiency of slashed GGP amount should be made up from node operator's AVAX
Lines of code Vulnerability details Impact If staked GGP doesn't cover slash amount, slashing it all will not be fair to the liquid stakers. Slashing is rare, and that the current 14 day validation cycle which is typically 1/26 of the minimum amount of GGP staked is unlikely to bump into this...
I’m Now a Full-Time Professional Open Source Maintainer
or, "Holy shit, it works!" Last May I left my job on the Go team at Google to experiment with more sustainable paths for open-source maintainers. I held on to my various maintainer hats Go cryptography, transparency tooling, age, mkcert, yubikey-agent…, iterated on the model since September, and ...
New T-Mobile Breach Affects 37 Million Accounts
T-Mobile today disclosed a data breach affecting tens of millions of customer accounts, its second major data exposure in as many years. In a filing with federal regulators, T-Mobile said an investigation determined that someone abused its systems to harvest subscriber data tied to approximately ...
Users can avoid paying gas fees
Lines of code Vulnerability details Impact User can avoid paying gas fees by setting gasPrice to 1 wei and gasLimit to 0. Operators will not receive a gas compensation. Also, fallback operators won't be able to pick up such jobs. Proof of Concept 1. Bridging out is a public function that can be...
If user sets a low gasPrice the operator would have to choose between being locked out of the pod or executing the job anyway
Lines of code Vulnerability details During the beaming process the user compensates the operator for the gas he has to pay by sending some source-chain-native-tokens via hToken. The amount he has to pay is determined according to the gasPrice set by the user, which is supposed to be the maximum g...
Kim Kardashian gets huge fine for crypto ad
The Securities and Exchange Commission SEC announced in a recent press release that it's charging celebrity influencer Kim Kardashian for violating Section 17b of the Securities Act of 1933, or the anti-touting provision. Kardashian was paid to promote EthereumMax or EMAX, a crypto asset security...
IT security: An opportunity to raise corporate governance scores
What is a corporate governance score? Corporate governance scoring is increasingly important to boards of directors, executive leadership, and the investment community. If we want to enlist the support of a stakeholder, we have to talk about the things that are important to them. Sales revenue is...
IT security: An opportunity to raise corporate governance scores
What is a corporate governance score? Corporate governance scoring is increasingly important to boards of directors, executive leadership, and the investment community. If we want to enlist the support of a stakeholder, we have to talk about the things that are important to them. Sales revenue is...
Fake job offer leads to $600 million theft
Back in March, popular NFT battler Axie Infinity lay at the heart of a huge cryptocurrency theft inflicted on the Ronin network. From the Ronin newsletter: There has been a security breach on the Ronin Network. Earlier today, we discovered that on March 23rd, Sky Mavis’s Ronin validator nodes and...
Malicious Package
Overview compensation-calculator is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...