Signal to shield user phone numbers by default

Chat app Signal will shield user’s phone numbers by default from now on. And, it will no longer be necessary to exchange phone numbers when people want to connect through the app. In November, we reported that Signal was testing usernames to eliminate the need to share your phone number. Signal h...

Over 200 Malicious NPM Packages Caught Targeting Azure Developers

A new large scale supply chain attack has been observed targeting Azure developers with no less than 218 malicious NPM packages with the goal of stealing personal identifiable information. "After manually inspecting some of these packages, it became apparent that this was a targeted attack agains...

CMSLogik 1.2.1 User Enumeration Weakness

!/usr/bin/python CMSLogik 1.2.1 user param User Enumeration Weakness Vendor: ThemeLogik Product web page: http://www.themelogik.com/cmslogik Affected version: 1.2.1 and 1.2.0 Summary: CMSLogik is built on a solid & lightweight framework called CodeIgniter, and design powered by Bootstrap. This...

Debian Security Advisory DSA 2030-1 (mahara)

The remote host is missing an update to mahara announced via advisory DSA 2030-1. OpenVAS Vulnerability Test $Id: deb20301.nasl 6614 2017-07-07 12:09:12Z cfischer $ Description: Auto-generated from advisory DSA 2030-1 mahara Authors: Thomas Reinke Copyright: Copyright c 2010 E-Soft Inc...

Debian DSA-2030-1 : mahara - sql injection

It was discovered that mahara, an electronic portfolio, weblog, and resume builder is not properly escaping input when generating a unique username based on a remote user name from a single sign-on application. An attacker can use this to compromise the mahara database via crafted user names...