FreshRSS

🔒
❌ À propos de FreshRSS
Il y a de nouveaux articles disponibles, cliquez pour rafraîchir la page.
À partir d’avant-hierBleepingComputer

PyPI removes 'mitmproxy2' over code execution concerns

12 octobre 2021 à 19:50
Par : Ax Sharma
The PyPI repository has removed a Python package called 'mitmproxy2' that was an identical copy of the official "mitmproxy" library, but with an "artificially introduced" code execution vulnerability. The 'mitmproxy' Python package is a free and open-source interactive HTTPS proxy [...]

Photo editor Android app STILL sitting on Google Play store is malware

12 octobre 2021 à 10:13
Par : Ax Sharma
An Android app sitting on the Google Play store touts itself to be a photo editor app. But, it contains code that steals the user's Facebook credentials to potentially run ad campaigns on the user's behalf, with their payment information. The app has scored over 5K installs, with similar spyware apps having 500K+ installs. [...]

Actively exploited Apache 0-day also allows remote code execution

6 octobre 2021 à 17:29
Par : Ax Sharma
Proof-of-Concept (PoC) exploits for the Apache web server zero-day surfaced on the internet revealing that the vulnerability is far more critical than originally disclosed. These exploits show that the scope of the vulnerability transcends path traversal, allowing attackers remote code execution (RCE) abilities. [...]

Misconfigured Apache Airflow servers leak thousands of credentials

4 octobre 2021 à 16:00
Par : Ax Sharma
While investigating a misconfiguration flaw in Apache Airflow, researchers discovered many exposed instances over the web leaking sensitive information, including credentials, from well-known tech companies. Apache Airflow is a popular open-source workflow management platform for organizing and managing tasks. [...]

Ruby updates code of conduct to promote inclusion

2 octobre 2021 à 16:01
Par : Ax Sharma
Maintainers behind the Ruby programming language have revised the project's Code of Conduct on GitHub to remove tolerating opposing viewpoints as a prerequisite. The decision comes after a community member posted a joke that many deemed sexist. [...]

Crypto platform mistakenly gives $90M to users, asks for refund

1 octobre 2021 à 19:27
Par : Ax Sharma
In a major blunder, cryptocurrency platform Compound accidentally paid out $90 million among its users. Shortly after the mistake, the platform's founder began asking users to return the money—or else they would be reported to IRS, and possibly doxxed, threatened the founder. [...]

Malicious 'Safepal Wallet' Firefox add-on stole cryptocurrency

27 septembre 2021 à 13:21
Par : Ax Sharma
A malicious Firefox add-on named "Safepal Wallet" lived on the Mozilla add-ons site for seven months and scammed users by emptying out their wallets. Safepal is a cryptocurrency wallet application capable of securely storing a variety of crypto assets, including Bitcoin, Ethereum, and Litecoin. [...]

Bitcoin.org hackers steal $17,000 in 'double your cash' scam

25 septembre 2021 à 16:00
Par : Ax Sharma
This week, threat actors hijacked Bitcoin.org, the authentic website of the Bitcoin project, and altered parts of the website to push a cryptocurrency giveaway scam that unfortunately some users fell for. Although the hack lasted for less than a day, hackers seem to have walked away with a little over $17,000. [...]

RaidForums data marketplace accidentally exposes private staff page

22 septembre 2021 à 14:05
Par : Ax Sharma
Underground marketplace and hacker forum, Raidforums, recently exposed internal pages from its website, meant for staff members only. Raidforums is a data breach marketplace where threat actors often sell or leak illicitly obtained data dumps. [...]

Atlassian Trello is down — second outage this week

21 septembre 2021 à 17:52
Par : Ax Sharma
Trello is down for many users around the world, second time this week. Trello is a web-based TODO list-style platform owned by Atlassian, makers of Jira and Confluence. [...]

US govt sites showing porn, viagra ads share a common software vendor

17 septembre 2021 à 12:11
Par : Ax Sharma
Multiple U.S. government sites using .gov and .mil domains have been seen hosting porn and spam content, such as Viagra ads, in the last year. A security researcher noticed all of these sites share a common software vendor, Laserfiche. [...]

GitHub finds 7 code execution vulnerabilities in 'tar' and npm CLI

9 septembre 2021 à 05:37
Par : Ax Sharma
GitHub security team has identified several high-severity vulnerabilities in npm packages, "tar" and "@npmcli/arborist," used by npm CLI. The tar package receives 20 million weekly downloads on average, whereas arborist gets downloaded over 300,000 times every week. [...]

Ransomware gang threatens to leak data if victim contacts FBI, police

7 septembre 2021 à 08:28
Par : Ax Sharma
The Ragnar Locker ransomware group is warning that they will leak stolen data from victims that contact law enforcement authorities, like the FBI. Ragnar Locker has previously hit prominent companies with ransomware attacks, demanding millions of dollars in ransom payments. [...]

Google's TensorFlow drops YAML support due to code execution flaw

5 septembre 2021 à 09:23
Par : Ax Sharma
TensorFlow, a popular Python-based machine learning and artificial intelligence project developed by Google has dropped support for YAML, to patch a critical code execution vulnerability. YAML is a convenient choice among developers looking for a human-readable data serialization language. [...]

Over 60,000 parked domains were vulnerable to AWS hijacking

3 septembre 2021 à 09:00
Par : Ax Sharma
Domain registrar MarkMonitor had left more than 60,000 parked domains vulnerable to domain hijacking. The parked domains were seen pointing to nonexistent Amazon S3 bucket addresses, hinting that there existed a domain takeover weakness. [...]

Canada accepted 7,300 more immigration applications due to technical bug

31 août 2021 à 06:02
Par : Ax Sharma
A bug in the Canadian immigration system led to the government accepting an additional 7,307 immigration applications, surpassing the imposed limit. This comprised files from international graduate stream applicants aspiring to change their temporary visa status to permanent residency. [...]

Ethereum urges Go devs to fix severe chain-split vulnerability

25 août 2021 à 17:02
Par : Ax Sharma
Ethreum project is urging developers to apply a hotfix to squash a high-severity vulnerability. The chain-split vulnerability tracked as CVE-2021-39137, impacts "Geth," the official Golang implementation of the Ethereum protocol. [...]
❌