Cloud Security Alliance News Clipping Site

Tag: Exploitation

  • The Register: Why the long name? Okta discloses auth bypass bug affecting 52-character usernames

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/11/04/why_the_long_name_okta/ Source: The Register Title: Why the long name? Okta discloses auth bypass bug affecting 52-character usernames Feedly Summary: Mondays are for checking months of logs, apparently, if MFA’s not enabled In potentially bad news for those with long names and/or employers with verbose domain names, Okta spotted a security hole that could…

  • Wired: Inside the Massive Crime Industry That’s Hacking Billion-Dollar Companies

    by

    system automation
    in

    Source URL: https://www.wired.com/story/inside-the-massive-crime-industry-thats-hacking-billion-dollar-companies/ Source: Wired Title: Inside the Massive Crime Industry That’s Hacking Billion-Dollar Companies Feedly Summary: When you download a piece of pirated software, you might also be getting a piece of infostealer malware, and entering a highly complex hacking ecosystem that’s fueling some of the biggest breaches on the planet. AI Summary and…

  • Hacker News: Coordinated Community Response Mitigates Fediverse Spam Attack

    by

    system automation
    in

    Source URL: https://about.iftas.org/2024/10/21/coordinated-community-response-mitigates-fediverse-spam-attack/ Source: Hacker News Title: Coordinated Community Response Mitigates Fediverse Spam Attack Feedly Summary: Comments AI Summary and Description: Yes Summary: The text details a recent incident of spam attacks on the Fediverse, particularly affecting platforms like Misskey and Mastodon. The community’s rapid response technology efficacy and collaboration highlight the importance of proactive…

  • Hacker News: Breaking CityHash64, MurmurHash2/3, wyhash, and more

    by

    system automation
    in

    Source URL: https://orlp.net/blog/breaking-hash-functions/ Source: Hacker News Title: Breaking CityHash64, MurmurHash2/3, wyhash, and more Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The text provides an extensive analysis of the security implications of various hash functions, focusing on their vulnerability to attacks. It discusses the mathematical foundations of hash functions, their roles in computer security,…

  • Hacker News: Okta – Username Above 52 Characters Security Advisory

    by

    system automation
    in

    Source URL: https://trust.okta.com/security-advisories/okta-ad-ldap-delegated-authentication-username/ Source: Hacker News Title: Okta – Username Above 52 Characters Security Advisory Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses a security vulnerability identified in Okta’s authentication process involving the DelAuth mechanism and the Bcrypt hashing algorithm. The significance lies in its implications for user authentication security and…

  • Hacker News: RCE Vulnerability in QBittorrent

    by

    system automation
    in

    Source URL: https://sharpsec.run/rce-vulnerability-in-qbittorrent/ Source: Hacker News Title: RCE Vulnerability in QBittorrent Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The text details significant security vulnerabilities present in the qBittorrent application, particularly involving SSL certificate validation and potential for remote code execution (RCE) through intentionally manipulated update processes. This information is highly relevant for professionals…

  • Hacker News: Using Large Language Models to Catch Vulnerabilities

    by

    system automation
    in

    Source URL: https://googleprojectzero.blogspot.com/2024/10/from-naptime-to-big-sleep.html Source: Hacker News Title: Using Large Language Models to Catch Vulnerabilities Feedly Summary: Comments AI Summary and Description: Yes Summary: The Big Sleep project, a collaboration between Google Project Zero and Google DeepMind, has successfully discovered a previously unknown exploitable memory-safety vulnerability in SQLite through AI-assisted analysis, marking a significant advancement in…

  • Microsoft Security Blog: Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network

    by

    system automation
    in

    Source URL: https://www.microsoft.com/en-us/security/blog/2024/10/31/chinese-threat-actor-storm-0940-uses-credentials-from-password-spray-attacks-from-a-covert-network/ Source: Microsoft Security Blog Title: Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network Feedly Summary: Since August 2023, Microsoft has observed intrusion activity targeting and successfully stealing credentials from multiple Microsoft customers that is enabled by highly evasive password spray attacks. Microsoft has linked the source…

  • Slashdot: Inside a Firewall Vendor’s 5-Year War With the Chinese Hackers Hijacking Its Devices

    by

    system automation
    in

    Source URL: https://it.slashdot.org/story/24/11/01/088213/inside-a-firewall-vendors-5-year-war-with-the-chinese-hackers-hijacking-its-devices?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Inside a Firewall Vendor’s 5-Year War With the Chinese Hackers Hijacking Its Devices Feedly Summary: AI Summary and Description: Yes Summary: The text discusses a significant cybersecurity battle undertaken by Sophos against Chinese hackers targeting firewall products. This situation has implications for information security, particularly concerning the risks associated…