❌ À propos de FreshRSS
Il y a de nouveaux articles disponibles, cliquez pour rafraîchir la page.
À partir d’avant-hierBleepingComputer

PyPI removes 'mitmproxy2' over code execution concerns

12 octobre 2021 à 19:50
Par : Ax Sharma
The PyPI repository has removed a Python package called 'mitmproxy2' that was an identical copy of the official "mitmproxy" library, but with an "artificially introduced" code execution vulnerability. The 'mitmproxy' Python package is a free and open-source interactive HTTPS proxy [...]

Photo editor Android app STILL sitting on Google Play store is malware

12 octobre 2021 à 10:13
Par : Ax Sharma
An Android app sitting on the Google Play store touts itself to be a photo editor app. But, it contains code that steals the user's Facebook credentials to potentially run ad campaigns on the user's behalf, with their payment information. The app has scored over 5K installs, with similar spyware apps having 500K+ installs. [...]

Actively exploited Apache 0-day also allows remote code execution

6 octobre 2021 à 17:29
Par : Ax Sharma
Proof-of-Concept (PoC) exploits for the Apache web server zero-day surfaced on the internet revealing that the vulnerability is far more critical than originally disclosed. These exploits show that the scope of the vulnerability transcends path traversal, allowing attackers remote code execution (RCE) abilities. [...]

Misconfigured Apache Airflow servers leak thousands of credentials

4 octobre 2021 à 16:00
Par : Ax Sharma
While investigating a misconfiguration flaw in Apache Airflow, researchers discovered many exposed instances over the web leaking sensitive information, including credentials, from well-known tech companies. Apache Airflow is a popular open-source workflow management platform for organizing and managing tasks. [...]

Ruby updates code of conduct to promote inclusion

2 octobre 2021 à 16:01
Par : Ax Sharma
Maintainers behind the Ruby programming language have revised the project's Code of Conduct on GitHub to remove tolerating opposing viewpoints as a prerequisite. The decision comes after a community member posted a joke that many deemed sexist. [...]

Crypto platform mistakenly gives $90M to users, asks for refund

1 octobre 2021 à 19:27
Par : Ax Sharma
In a major blunder, cryptocurrency platform Compound accidentally paid out $90 million among its users. Shortly after the mistake, the platform's founder began asking users to return the money—or else they would be reported to IRS, and possibly doxxed, threatened the founder. [...]