31 matches found
Bitter-Linked Hack-for-Hire Campaign Targets Journalists Across MENA Region
An apparent hack-for-hire campaign likely orchestrated by a threat actor with suspected ties to the Indian government targeted journalists, activists, and government officials across the Middle East and North Africa MENA, according to findings from Access Now, Lookout, and SMEX. Two of the target...
An AI plush toy exposed thousands of private chats with children
Bondu’s AI plush toy exposed a web console that let anyone with a Gmail account read about 50,000 private chats between children and their cuddly toys. Bondu's toy is marketed as: “A soft, cuddly toy powered by AI that can chat, teach, and play with your child.” What it doesn’t say is that anyone...
EUVD-2017-11853
Malware in sbrugna...
EUVD-2014-2334
Malware in sbrugna...
EUVD-2024-0822
Malicious code in bioql PyPI...
New VoidProxy Phishing Service Bypasses MFA on Microsoft and Google Accounts
Okta Threat Intelligence exposes VoidProxy, a new PhaaS platform. Learn how this advanced service uses the Adversary-in-the-Middle technique…...
GHSA-3PG4-QWC8-426R OpenRefine leaks Google API credentials in releases
Impact OpenRefine releases contain Google API authentication keys "client id" and "client secret" which can be extracted from released artifacts. For instance, download the package for OpenRefine 3.8.2 on linux. It contains the file...
Authentication Bypass
oauthenticator is vulnerable to Authentication Bypass. The vulnerability exists due to insufficient validation of Google accounts, which allowed access to accounts created by anyone with emails ending with a specified domain...
CVE-2024-29033
OAuthenticator provides plugins for JupyterHub to use common OAuth providers, as well as base classes for writing one's own Authenticators with any OAuth 2.0 provider. GoogleOAuthenticator.hosteddomain is used to restrict what Google accounts can be authorized access to a JupyterHub. The...
CVE-2024-29033 GoogleOAuthenticator.hosted_domain incorrectly verifies membership of an Google organization/workspace
OAuthenticator provides plugins for JupyterHub to use common OAuth providers, as well as base classes for writing one's own Authenticators with any OAuth 2.0 provider. GoogleOAuthenticator.hosteddomain is used to restrict what Google accounts can be authorized access to a JupyterHub. The...
GHSA-55M3-44XF-HG4H GoogleOAuthenticator.hosted_domain incorrectly verifies membership of an Google organization/workspace
Summary and impact GoogleOAuthenticator.hosteddomain is used to restrict what Google accounts can be authorized to access a JupyterHub. The restriction is intended to ensure Google accounts are part of one or more Google organizations/workspaces verified to control specified domains. The...
PT-2024-22686
Name of the Vulnerable Software and Affected Versions oauthenticator versions prior to 16.3.0 Description The issue is related to the GoogleOAuthenticator.hosted domain parameter, which is intended to restrict access to Google accounts that are part of one or more Google organizations verified to...
Google Introduces Passwordless Secure Sign-In with Passkeys for Google Accounts
Almost five months after Google added support for passkeys to its Chrome browser, the tech giant has begun rolling out the passwordless solution across Google Accounts on all platforms. Passkeys, backed by the FIDO Alliance, are a more secure way to sign in to apps and websites without having to...
German and South Korean Agencies Warn of Kimsuky's Expanding Cyber Attack Tactics
German and South Korean government agencies have warned about cyber attacks mounted by a threat actor tracked as Kimsuky using rogue browser extensions to steal users' Gmail inboxes. The joint advisory comes from Germany's domestic intelligence apparatus, the Federal Office for the Protection of...
Google Takes Down 50,000 Instances of Pro-Chinese DRAGONBRIDGE Influence Operation
Google on Thursday disclosed it took steps to dismantle over 50,000 instances of activity orchestrated by a pro-Chinese influence operation known as DRAGONBRIDGE in 2022. "Most DRAGONBRIDGE activity is low quality content without a political message, populated across many channels and blogs," the...
The vulnerability in the WebAuthentication browser implementation by Google Chrome, related to the use of memory after it is freed, allows a hacker to compromise the user’s rendering process.
The vulnerability of the WebAuthentication browser implementation by Google Chrome relates to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to compromise the rendering process of a user whose credit card is stored in their Google account...
GHunt - Investigate Google Accounts With Emai
GHunt is an OSINT tool to extract a lot of informations of someone's Google Account email. It can currently extract : Owner's name Last time the profile was edited Google ID If the account is an Hangouts Bot Activated Google services Youtube, Photos, Maps, News360, Hangouts, etc. Possible Youtube...
Exclusive: Any Chingari App (Indian TikTok Clone) Account Can Be Hacked Easily
Following vulnerability disclosure in the Mitron app, another viral TikTok clone in India has now been found vulnerable to a critical but easy-to-exploit authentication bypass vulnerability, allowing anyone to hijack any user account and tamper with their information, content, and even upload...
Use iPhone as Physical Security Key to Protect Your Google Accounts
Great news for iOS users! You can now use your iPhone or iPad, running iOS 10 or later, as a physical security key for securely logging into your Google account as part of the Advanced Protection Program for two-factor authentication. Android users have had this feature on their smartphones since...
XML External Entity (XXE)
Jasig CAS Client is vulnerable to XML External Entity XXE injection. The attacker can trigger the attack by sending malicious XML data because it does not prevent loading malicious XML data via java/org/jasig/cas/util/SamlUtils.java in Jasig CAS server when Google Accounts Integration is on...