129 matches found
Big name TikTok accounts hijacked after opening DM
High profile TikTok accounts, including CNN, Sony, and—er—Paris Hilton have been targeted in a recent attack. CNN was the first account takeover that made the news, with Semafor reporting that the account was down for several days after the incident. According to Forbes, the attack happens witho...
Okta Verify 安全漏洞
Okta Verify is a lightweight application from Okta that allows you to securely access your application with two-step verification, ensuring that you and only you have access to your application account. A security vulnerability exists in Okta Verify versions prior to 4.10.7 that stems from the...
Exploit for Unrestricted Upload of File with Dangerous Type in F-Logic Datacube3
CVE-2024-25830 and CVE-2024-25832 - DataCube3 Improper Access...
Users are able to front-run settlements to avoid loss
Lines of code Vulnerability details Impact A user is able to front-run the call to settle function in to avoid paying the loss. settle is called by Admin which is a public function, When this functions is called the transaction will appear in the mem pool. A user may then call redeem from LP Vaul...
Google strengthens its Workplace suite protection
Google has announced the strengthening of safeguard measures for its Workspace customers. You may well be using Workspace without realising it. If youre using a Google product such as Gmail, Calendar, Drive, or Google Docs Editors Suite among other apps, then congratulations: you are fully inside...
Attackers demand ransoms for stolen LinkedIn accounts
An ongoing campaign targeting LinkedIn accounts has led to victims losing control of their accounts, or being locked out following repeated login attempts. Whether the attackers are using brute force methods or credential stuffing isn't known, but because some victims are being being locked out...
Two-step ownership transfer process in LSP0ERC725AccountCore can be bypassed
Lines of code Vulnerability details Bug Description To transfer ownership of the LSP0ERC725AccountCore contract, the owner has to call transferOwnership to nominate a pending owner. Afterwards, the pending owner must call acceptOwnership to become the new owner. When called by the owner,...
Insecure Ownership Management in DNSSECImpl.sol
Lines of code Vulnerability details Impact This finding highlights a potential security risk related to the lack of safeguards when changing ownership in the DNSSECImpl.sol contract. As it stands, the current implementation allows for the owner to be set to address0, which could result in the los...
Rittal CMC III Access systems
1. EXECUTIVE SUMMARY CVSS v3 4.8 Vendor: Rittal Equipment: CMC III Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to open control cabinets secured with Rittal locks. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Rittal...
WhatsApp hijackers take over your account while you sleep
Late last week, Twitter user Zuk @ihackbanme tweeted an issue about WhatsApp that has the potential to turn heads. The recent WhatsApp accounts takeover is simple and genius. This is how it works: You're sleeping. A "hacker" tries to login to your account via WhatsApp. You get a text message with...
CVE-2023-23566
A 2-Step Verification problem in Axigen 10.3.3.52 allows an attacker to access a mailbox by bypassing 2-Step Verification when they try to add an account to any third-party webmail service or add an account to Outlook or Gmail, etc. with IMAP or POP3 without any verification code...
PT-2023-19046 · Microsoft +1 · Outlook +1
Name of the Vulnerable Software and Affected Versions: Axigen version 10.3.3.52 Description: A 2-Step Verification issue allows an attacker to access a mailbox by bypassing 2-Step Verification when trying to add an account to any third-party webmail service with IMAP or POP3 without any...
Single-step process for critical ownership transfer/renounce is risky
Lines of code Vulnerability details Single-step process for critical ownership transfer/renounce is risky Impact The following contracts and functions, allow owners to interact with core functions such as: execute, rawExecute and setApproval in OwnableSmartWallet registerKnotsToSyndicate,...
Two-step change of privileged roles
Lines of code Vulnerability details Impact Lack of two-step procedure for critical operations is error-prone and can lead to irrevocable mistakes, might leave the system operationally with no/malicious privileged role. For example, when transfer admin role, in a single-step change, if the current...
Single-step ownership change for contracts is risky
Lines of code Vulnerability details Vulnerability details The owner addresses can be changed in a single-step in VotingEscrow. If set to the wrong address this could lead to loss/lock of funds or allow a malicious smart contract to interact with the protocol. When privileged roles are being...
Roblox breached: Internal documents posted online by unknown attackers
A data compromise situation has impacted Roblox Corporation, the developers of the massive smash-hit video game Roblox. An as-yet unknown attacker has breached an employee account, and is in the process of exposing the data theyve collected. Nobody knows if theyve exhausted their newly-plundered...
WhatsApp accounts hijacked by call forwarding
In a short post on LinkedIn Rahul Sasi, founder and CEO of CloudSEK, explains how WhatsApp account takeovers are possible. The methods consists of several steps and it takes some social engineering skills, but it’s good to be aware of the possibility and how it works. It starts with the threat...
CVE-2022-23034
A PV guest could DoS Xen while unmapping a grant To address XSA-380, reference counting was introduced for grant mappings for the case where a PV guest would have the IOMMU enabled. PV guests can request two forms of mappings. When both are in use for any individual mapping, unmapping of such a...
ALPINE-CVE-2022-23034
A PV guest could DoS Xen while unmapping a grant To address XSA-380, reference counting was introduced for grant mappings for the case where a PV guest would have the IOMMU enabled. PV guests can request two forms of mappings. When both are in use for any individual mapping, unmapping of such a...
‘Lone Wolf’ APT Uses Commodity RATs
An APT described as a “lone wolf” is exploiting a decades-old Microsoft Office flaw to deliver a barrage of commodity RATs to organizations in India and Afghanistan, researchers have found. Attackers use political and government-themed malicious domains as lures in the campaign, which targets...