Google’s Advanced Protection for Vulnerable Users Comes to Android

A new extra-secure mode for Android 16 will let at-risk users lock their devices down...

Mozilla: Lack of Security Protections in Mental-Health Apps Is ‘Creepy’

While they have good intentions to foster mental health and spiritual wellness, the majority of mental-health and prayer apps can harm their users in other ways by exposing personal and intimate data due to a severe lack of security and privacy protections, researchers from Mozilla have found. Of...

CVE-2022-24765

Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder C:.git, which would be picked up by Git operation...

Facebook Will Force More At-Risk Accounts to Use Two-Factor

The platform joins Google and others in requiring stronger protections for its most vulnerable users...

Kerberoast - Kerberoast Attack -Pure Python-

Kerberos attack toolkit -pure python- Install pip3 install kerberoast Prereqirements Python 3.6 See requirements.txt For the impatient IMPORTANT: the accepted target url formats for LDAP and Kerberos are the following : +://:@/?= : +://:@/?= Steps -with SSPI-: kerberoast auto Steps -SSPI not...

Apple delays plans to search devices for child abuse imagery

After the uproar from users and privacy advocates about Apple’s controversial plans to scan users devices for photos and messages containing child abuse and exploitation media, the company has decided to put the brakes on the plan. If you may recall, Apple announced in early August that it would...

CVE-2020-14319

It was found that the AMQ Online console is vulnerable to a Cross-Site Request Forgery CSRF which is exploitable in cases where preflight checks are not instigated or bypassed. For example authorised users using an older browser with Adobe Flash are vulnerable when targeted by an attacker. This...

Page load short-circuit can lead to XSS — Mozilla

Security researchers Jordi Chancel and Eddy Bordi reported that they could short-circuit page loads to show the address of a different site than what is loaded in the window in the addressbar. Security researcher Chris McGowen independently reported the same flaw, and further demonstrated that th...

Microsoft Windows DNS Devolution Third-Level Domain Name Resolving Weakness (971888)

This host has Microsoft DNS Devolution and is prone to Third-Level Domain Name Resolving Weakness. OpenVAS Vulnerability Test $Id: secpodmsdnsdevolutionresolvingweakness.nasl 5363 2017-02-20 13:07:22Z cfi $ Microsoft Windows DNS Devolution Third-Level Domain Name Resolving Weakness 971888 Authors...