9 matches found
EUVD-2022-37455
Malicious code in bioql PyPI...
1 Million Third-Party Android Devices Have a Secret Backdoor for Scammers
New research shows at least a million inexpensive Android devices—from TV streaming boxes to car infotainment systems—are compromised to allow bad actors to commit ad fraud and other cybercrime...
PYSEC-2022-43056
The keep for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.2...
What is a Supply Chain Attack ❓
Presentation The Kaseya cyberattack disturbed more than 1,000 organizations over the Fourth of July weekend and may end up being perhaps the greatest hack ever. It’s additionally a typical case of an “Supply Chain” hack: a sort of cyberattack where hoodlums target programming merchants or IT...
How to protect your data from Magecart and other e-commerce attacks
In today's golden age of online shopping, consumers take to the Internet, punch in a few credit card details, and happily receive products at their doorstep, safe in the knowledge that their online vendor is well-known, vetted, and therefore their website has to be secure, right? Dut did you know...
WakaTime: Leaking password reset token via referrer from external Twitter share button
Hi Team, Description It has been identified that the application is leaking referrer token to third party sites. In this case it was found that the pasword reset token is being leaked to third party sites which is a issue knowing the fact that it can allow any malicious users to use the token and...
Missing Access Check in extension "Frontend User Registration" (sf_register)
It has been discovered that the extension "Frontend User Registration" sfregister lacks a proper access check. Release Date: May 24, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 6.2.7 and below Vulnerability...
Attackers Target Yahoo Mail Accounts in 'Coordinated Effort' to Own Users
After years of focusing their attention on Gmail, it seems that attackers have finally gotten around to expending some effort hacking Yahoo mail accounts. Yahoo officials said Thursday that they have reset the passwords on an unspecified number of mail accounts after detecting what they call a...
Дырка в WebSphere
Возможно компрометация 3й строной за счет URL содержащей javascript http://our.websphere.server/../scriptalert'helloworld'/script...