openSUSE Security Update : alpine (openSUSE-2021-675)

This update for alpine fixes the following issues : Update to release 2.24 - A few crash fixes - Implementation of XOAUTH2 for Yahoo! Mail. Update to release 2.23.2 - Expansion of the configuration screen for XOAUTH2 to include username, and tenant. - Alpine uses the domain in the From: header of...

Security update for alpine (moderate)

openSUSE Security Update: Security update for alpine Announcement ID: openSUSE-SU-2021:0695-1 Rating: moderate References: 1173281 Cross-References: CVE-2020-14929 CVSS scores: CVE-2020-14929 NVD : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-14929 SUSE: 7.5...

Sifchain: No Valid SPF Records at sifchain.finance

Hello, There is any issue No valid SPF Records Desciprition : There is a email spoofing vulnerability.Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source. Email spoofing is a tactic used in phishing...

OPENSUSE-SU-2021:0675-1 Security update for alpine

This update for alpine fixes the following issues: Update to release 2.24 A few crash fixes Implementation of XOAUTH2 for Yahoo! Mail. Update to release 2.23.2 Expansion of the configuration screen for XOAUTH2 to include username, and tenant. Alpine uses the domain in the From: header of a messag...

Security update for alpine (moderate)

openSUSE Security Update: Security update for alpine Announcement ID: openSUSE-SU-2021:0675-1 Rating: moderate References: 1173281 Cross-References: CVE-2020-14929 CVSS scores: CVE-2020-14929 NVD : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-14929 SUSE: 7.5...

Hackers using malicious Firefox extension to phish Gmail credentials

By Waqas The malicious Firefox extension is called FriarFox which is also being used by Chinese hackers to spy on Tibetan activists. This is a post from HackRead.com Read the original post: Hackers using malicious Firefox extension to phish Gmail credentials...

Malicious Mozilla Firefox Extension Allows Gmail Takeover

A newly uncovered cyberattack is taking control of victims’ Gmail accounts, by using a customized, malicious Mozilla Firefox browser extension called FriarFox. Researchers say the threat campaign, observed in January and February, targeted Tibetan organizations and was tied to TA413, a known...

Chinese Hackers Using Firefox Extension to Spy On Tibetan Organizations

Cybersecurity researchers today unwrapped a new campaign aimed at spying on vulnerable Tibetan communities globally by deploying a malicious Firefox extension on target systems. "Threat actors aligned with the Chinese Communist Party's state interests delivered a customized malicious Mozilla...

Chinese Hackers Using Firefox Extension to Spy On Tibetan Organizations

Cybersecurity researchers today unwrapped a new campaign aimed at spying on vulnerable Tibetan communities globally by deploying a malicious Firefox extension on target systems. "Threat actors aligned with the Chinese Communist Party's state interests delivered a customized malicious Mozilla...

Hybrid, Older Users Most-Targeted by Gmail Attackers

Users whose personal details have been exposed by a third-party breach, Australians, older folks and those who use both desktops and mobile devices are at the highest risk of becoming the victim of a malicious email attack, according to Google and researchers from Stanford, who teamed up to...

Google, YouTube, Gmail service suffered major outage worldwide

By Deeba Ahmed Google states that the problem is fixed now, and all services are back online for most users. Let us know if these services are back in your area. This is a post from HackRead.com Read the original post: Google, YouTube, Gmail service suffered major outage worldwide...

Moriarty-Project - This Tool Gives Information About The Phone Number That You Entered

What IS Moriarty? Advanced Information Gathering And Osint Tool Moriarty is a tool that tries to find good information about the phone number that you provieded; -Tries To Find Owner Of The Number -Tries To Find Risk Level Of The Number -Tries To Find Location,Time Zone Of The Number,Carrier -Tri...

GHSA-C7PP-G2V2-2766 DOM-based XSS in gmail-js

Affected versions of gmail-js are vulnerable to cross-site scripting in the tools.parseresponse, helper.get.visibleemailspost, and helper.get.emaildatapost functions, which pass user input directly into the Function constructor. Recommendation Update to version 0.6.5 or later...

DOM-based XSS in gmail-js

Affected versions of gmail-js are vulnerable to cross-site scripting in the tools.parseresponse, helper.get.visibleemailspost, and helper.get.emaildatapost functions, which pass user input directly into the Function constructor. Recommendation Update to version 0.6.5 or later...

A Google Drive 'Feature' Could Let Attackers Trick You Into Installing Malware

An unpatched security weakness in Google Drive could be exploited by malware attackers to distribute malicious files disguised as legitimate documents or images, enabling bad actors to perform spear-phishing attacks comparatively with a high success rate. The latest security issue—of which Google...

Google vulnerability allowed sending spoofed emails with Gmail ID

By Sudais Asif Google fixed the vulnerability after the security researcher ended up disclosing its technical details online. This is a post from HackRead.com Read the original post: Google vulnerability allowed sending spoofed emails with Gmail ID...

Dropcontact: User registration using public domain email like gmail in place of professional email.

Like sais in the title, we were only checking and restricting professional email in frontend, which led to being able to register with an email which is not pro because we were not checking this info in the backend. User was able to register with public domain email like gmail by response...

How Thousands of Misplaced Emails Took Over This Engineer's Inbox

Kenton Varda gets dozens of messages a day from Spanish-speakers around the world, all thanks to a Gmail address he registered 16 years ago...

‘Hack-For-Hire’ Firms Spoof WHO To Target Google Credentials

“Hack-for-hire” organizations are the latest group of cybercriminals to take advantage of the ongoing coronavirus pandemic, using COVID-19 as a lure in phishing emails bent on stealing victims’ Google credentials. Researchers with Google’s Threat Analysis Group TAG warned that they’ve spotted a...

Turla APT Revamps One of Its Go-To Spy Tools

The Turla APT group has been spotted using an updated version of the ComRAT remote-access trojan RAT to attack governmental targets. Turla a.k.a. Snake, Venomous Bear, Waterbug or Uroboros, is a Russian-speaking threat actor known since 2014, but with roots that go back to 2004 and earlier,...