credentials – Page 44 – WindowsTechs.com

Intelligence data, security credentials found exposed in the Amazon cloud

Posted on June 1, 2017 by Zeljka Zorz

A data cache containing highly sensitive US military data has inadvertently been exposed online, UpGuard cyber risk analyst Chris Vickery has discovered last week. After downloading and analyzing the data, he tied it to the US National Geospatial-Intelligence Agency (NGA), and guessed that it likely belonged to private intelligence contractor Booz Allen Hamilton. The contents of the cache Located on an unsecured, publicly accessible Amazon server, the repository included some 60,000 files that, among other … More → Continue reading Intelligence data, security credentials found exposed in the Amazon cloud→

1 Million Gmail Users Impacted by Google Docs Phishing Attack

Posted on May 4, 2017 by Michael Mimoso

Researchers said good social engineering and users’ trust in the convenience afforded by the OAUTH mechanism guaranteed Wednesday’s Google Docs phishing attacks would spread quickly. Continue reading 1 Million Gmail Users Impacted by Google Docs Phishing Attack→

1 Million Gmail Users Impacted by Google Docs Phishing Attack

Posted on May 4, 2017 by Michael Mimoso

Flickr Vulnerability Worth $7K Bounty to Researcher

Posted on May 1, 2017 by Michael Mimoso

Yahoo has patched an account takeover vulnerability on its Flickr image-hosting service that earned an independent security researcher a $7,000 bounty. Continue reading Flickr Vulnerability Worth $7K Bounty to Researcher→

Flashlight app on Google Play delivered highly adaptable banking Trojan

Posted on April 20, 2017 by Zeljka Zorz

A modified version of the Charger mobile ransomware has been downloaded from Google Play by up to 5,000 users. This new variant of the malware was shipped inside a legitimate-looking flashlight app called “Flashlight LED Widget” and, unlike its predecessor, locking the device and demanding a ransom from the user in order to unlock it is not its main goal. Charger.B: A highly flexible credential stealer The threat was spotted by ESET researchers, who notified … More → Continue reading Flashlight app on Google Play delivered highly adaptable banking Trojan→

The D-Link DIR-130 and DIR-330 are vulnerable to authentication bypass of the remote login page,and do not sufficiently protect administrator credentials. Continue reading VU#553503: D-Link DIR-130 and DIR-330 are vulnerable to authentication bypass and do not protect credentials→

Is it OK to pass credentials to the client to allow it to upload files to Amazon S3?

Posted on March 6, 2017 by Samir Sabri

Our mobile app will be uploading images to AWS S3. The question is whether to do one of the following options:

Upload the image to our APIs server, then our APIs server uploads the image to S3
Pros: More secure, as the S3 c… Continue reading Is it OK to pass credentials to the client to allow it to upload files to Amazon S3?→

How to cache auth credentials to speed up authentication

Posted on February 21, 2017 by EsseTi

I’m developing some REST API that requires a HTTP basic auth to access. The APIs are written in Django, and the auth is based on Django auth middleware that is: it checks against the DB, the username and password. The passwor… Continue reading How to cache auth credentials to speed up authentication→

Category Archives: credentials

Intelligence data, security credentials found exposed in the Amazon cloud

1 Million Gmail Users Impacted by Google Docs Phishing Attack

1 Million Gmail Users Impacted by Google Docs Phishing Attack

Flickr Vulnerability Worth $7K Bounty to Researcher

Flashlight app on Google Play delivered highly adaptable banking Trojan

WiFi-enabled adult toy comes up short on security

WiFi-enabled adult toy comes up short on security

VU#553503: D-Link DIR-130 and DIR-330 are vulnerable to authentication bypass and do not protect credentials

Is it OK to pass credentials to the client to allow it to upload files to Amazon S3?

How to cache auth credentials to speed up authentication