14 matches found
Fedora 41 : gopass-hibp (2025-b3bd444d1f)
The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-b3bd444d1f advisory. Update to 1.16.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...
Fedora 41 : gopass-hibp (2024-40c0ff79e8)
The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-40c0ff79e8 advisory. Automatic update for gopass-hibp-1.15.13-1.fc41. Changelog Tue Jul 9 2024 Mikel Olasagasti Uranga - 1.15.13-1 - Update to 1.15.13 - Closes rhbz2159125...
Qakbot botnet infrastructure suffers major takedown
The Qakbot botnet has suffered a major setback after its infrastructure was heavily disrupted by US and European law enforcement agencies. Operation DuckHunt, as it was codenamed, is possibly the largest US-led financial and technical disruption of a botnet infrastructure. Not only did the agenci...
2.6 million DuoLingo users have scraped data released
An unknown party has released the scraped data of 2.6 million DuoLingo users on a hacking forum. While they offered the data set for sale in January for $1,500, it's now been released on a new version of the Breached hacking forum for 8 site credits, worth only $2.13. DuoLingo is an educational...
Fedora: Security Advisory for gopass-hibp (FEDORA-2022-fae3ecee19)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Half-Billion Compromised Credentials Lurking on Open Cloud Server
According to the National Crime Agency’s National Cyber Crime Unit in the U.K., nearly 586 million sets of credentials had been collected in a compromised cloud storage facility, free for the taking by any cybercrime yahoo who happened to stop by. The credentials were a mixed bag in terms of...
HashCheck - Tool To Assist In The Search For Leaked Passwords
This project aims to assist in the search for leaked passwords while maintaining a high level of privacy using the k-anonymity method. To achieve this, the APIs of different services are used, sending only a part of the Hash of the password we want to check, for example, the first 5 characters...
Nextcloud: Password policy changes not enforced for existing passwords
So this is two reports in one. Sort of. But they are the same issue, or at least related. 1. When you setup your nextcloud there is no password policy at all. There is the strength indicator. I get the password policy app is not yet active at that point. But a minimum length would not be that...
PwnedPasswordsChecker - Search (Offline) If Your Password (NTLM Or SHA1 Format) Has Been Leaked (HIBP Passwords List V5)
PwnedPasswordsChecker is a tool that checks if the hash of a known password in SHA1 or NTLM format is present in the list of I Have Been Pwned leaks and the number of occurrences. You can download the hash-coded version for SHA1 here or the hash-coded version for NTLM here Once the list is...
Google Adds Password Checkup Feature to Chrome Browser
Google will soon alert Chrome browser users of weak or compromised passwords. The checks will be in real time as Chrome users visit a password protected website. Bad passwords will trigger a red dialogue box alerting users to take action to better protect their account. The move integrates a...
WhatBreach - OSINT Tool To Find Breached Emails And Databases
WhatBreach is a tool to search for breached emails and their corresponding database. It takes either a single email or a list of emails and searches them leveraging haveibeenpwned.com's API, from there if there are any breaches it will search for the query link on Dehashed pertaining to the...
Troy Hunt Looks to Sell Have I Been Pwned
Citing overwhelming demands on his time, Troy Hunt is looking for a buyer for his site, Have I Been Pwned HIBP. HIBP offers a free service for consumers wanting to know if their user names and passwords have been compromised in a data breach; it also offers commercial services that include alerts...
Web Reconnaissance Framework: Recon-ng
Recon-ng is a full-featured Web Reconnaissance framework written in Python. Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion, Recon-ng provides a powerful environment in which open source web-based reconnaissance can...
pwned - A command-line tool for querying the 'Have I been pwned?' service
A command-line tool for querying Troy Hunt 's Have I been pwned? service using the hibp Node.js module. Installation npm install pwned -g Usage Usage: pwned option | command Commands: ba options get all breaches for an account username or email address breaches options get all breaches in the...