Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft

In this article 1. Attack chain overview 1. Technical analysis 2. How GitHub took action to prevent further harm 2. Mitigation and protection guidance 1. Microsoft Defender XDR Detections 2. Microsoft Defender XDR Threat analytics 3. Advanced hunting 4. Indicators of Compromise IOC 3. References ...

Security update for mozilla-nss

This update for mozilla-nss fixes the following issues: Move NSS DB password hash away from SHA-1 Update to NSS 3.112.2: Prevent leaks during pkcs12 decoding. SECASN1Decode should ensure it has read as many bytes as each length field indicates Update to NSS 3.112.1: restore support for finding...

EUVD-2013-6074

Malware in sbrugna...

AgileBits 1Password For Mac 安全漏洞

AgileBits 1Password For Mac is a password management software from AgileBits Canada. It is used to store a variety of different passwords. A security vulnerability exists in AgileBits 1Password For Mac prior to version 8.10.36, which stems from insufficient authentication of XPC inter-process...

CVE-2022-32550

An issue was discovered in AgileBits 1Password, involving the method various 1Password apps and integrations used to create connections to the 1Password service. In specific circumstances, this issue allowed a malicious server to convince a 1Password app or integration it is communicating with th...

PT-2022-21362 · Agilebits · 1Password

Name of the Vulnerable Software and Affected Versions: 1Password affected versions not specified Description: An issue was discovered in AgileBits 1Password, involving the method various 1Password apps and integrations used to create connections to the 1Password service. In specific circumstances...

AgileBits 1Password 安全漏洞

AgileBits 1Password For Mac is a password management software from AgileBits Canada. It is used to store a variety of different passwords. A security vulnerability exists in 1Password version 7.2.4 through versions prior to 7.9.3, which stems from the vulnerability of passwords to process...

Connor Hicks 1Password SCIM Bridge Authorization Issues Vulnerability

Connor Hicks 1Password SCIM Bridge is a password management system from the Connor Hicks organization in the United States. Provides a cross-domain identity management system SCIM protocol to connect 1Password to your existing identity provider e.g. Azure Active Directory, Okta, OneLogin or...

1Password application for Android denial of service vulnerability

1Password application for Android is an Android-based application for storing and managing personal passwords. A denial of service vulnerability exists in version 6.8 of the 1Password application for Android-based platforms. An attacker can exploit this vulnerability to cause a 1Password instance...

1Password for macOS Information Disclosure Vulnerability

1Password for macOS is a macOS-based application for storing and managing personal passwords. An information disclosure vulnerability exists in version 7.2.3.BETA prior to 1Password 7.2.3.BETA-3 for macOS-based platforms, which can be exploited by attackers to obtain sensitive information...

GE Healthcare Centricity PACS Workstation Built-in Account Vulnerability

GE Healthcare Centricity PACS Workstation is a General Electric image archiving and transfer system workstation for the healthcare industry. GE Healthcare Centricity PACS Workstation includes built-in accounts for Administrator users with the 'CANal1' password and IIS users with the 'iis '...

CVE-2013-6246

The Dell Quest One Password Manager, possibly 5.0, allows remote attackers to bypass CAPTCHA protections and obtain sensitive information user's full name by sending a login request with a valid domain and username but without the CaptchaType, UseCaptchaEveryTime, and CaptchaResponse parameters...