Collaborate Disseminate
Yahoo has patched an account takeover vulnerability on its Flickr image-hosting service that earned an independent security researcher a $7,000 bounty. Continue reading Flickr Vulnerability Worth $7K Bounty to Researcher
A modified version of the Charger mobile ransomware has been downloaded from Google Play by up to 5,000 users. This new variant of the malware was shipped inside a legitimate-looking flashlight app called “Flashlight LED Widget” and, unlike its predecessor, locking the device and demanding a ransom from the user in order to unlock it is not its main goal. Charger.B: A highly flexible credential stealer The threat was spotted by ESET researchers, who notified … More → Continue reading Flashlight app on Google Play delivered highly adaptable banking Trojan
You’d hope that the makers of connected adult devices might have learned something from the WeVibe debacle. Apparently not, if this latest example is anything to go by Continue reading WiFi-enabled adult toy comes up short on security
You’d hope that the makers of connected adult devices might have learned something from the WeVibe debacle. Apparently not, if this latest example is anything to go by Continue reading WiFi-enabled adult toy comes up short on security
The D-Link DIR-130 and DIR-330 are vulnerable to authentication bypass of the remote login page,and do not sufficiently protect administrator credentials. Continue reading VU#553503: D-Link DIR-130 and DIR-330 are vulnerable to authentication bypass and do not protect credentials
Our mobile app will be uploading images to AWS S3. The question is whether to do one of the following options:
Upload the image to our APIs server, then our APIs server uploads the image to S3
Pros: More secure, as the S3 c… Continue reading Is it OK to pass credentials to the client to allow it to upload files to Amazon S3?
I’m developing some REST API that requires a HTTP basic auth to access. The APIs are written in Django, and the auth is based on Django auth middleware that is: it checks against the DB, the username and password. The passwor… Continue reading How to cache auth credentials to speed up authentication
I’m developing some REST API that requires a HTTP basic auth to access. The APIs are written in Django, and the auth is based on Django auth middleware that is: it checks against the DB, the username and password. The passwor… Continue reading How to cache auth credentials to speed up authentication
At RSA Conference 2017, Bomgar introduced Bomgar Vault 17.1, the latest version of its enterprise password and credential management solution. Bomgar Vault helps organizations secure, manage, and administer shared and sensitive credentials for privileged users and IT vendors, and improve security, compliance, and productivity by enabling security professionals and IT administrators to quickly find and gain control of privileged credentials, manage and rotate passwords, and securely use shared accounts. Bomgar Vault 17.1 is the first … More → Continue reading Remote credential rotation for distributed environments
Several models of Hughes high-performance broadband satellite modems are potentially vulnerable to several issues if not appropriately configured. Continue reading VU#614751: Hughes satellite modems contain multiple vulnerabilities