Hundreds of millions of users of Grammarly, Vidio, and the Indonesian e-commerce giant Bukalapak are at risk for financial fraud and credential theft due to OAuth misfires — and other online services likely have the same problems.
...moreSummary
Total Articles Found: 8
Top sources:
Top Keywords:
Top Authors
Top Articles:
- 'Log in with...' Feature Allows Full Online Account Takeover for Millions
- Spell-Checking in Google Chrome, Microsoft Edge Browsers Leaks Passwords
- Report: Air-Gapped Networks Vulnerable to DNS Attacks
- Critical Open Source vm2 Sandbox Escape Bug Affects Millions
- Microsoft Patches 'Dangerous' RCE Flaw in Azure Cloud Service
- Phishing Campaign Targets PyPI Users to Distribute Malicious Code
- Booking.com's OAuth Implementation Allows Full Account Takeover
- Android Leaks Wi-Fi Traffic Even When VPN Protection Features Are On
'Log in with...' Feature Allows Full Online Account Takeover for Millions
Published: 2023-10-24 13:00:00
Popularity: 285
Author: Elizabeth Montalbano, Contributor, Dark Reading
Microsoft Patches 'Dangerous' RCE Flaw in Azure Cloud Service
Published: 2023-03-30 18:58:13
Popularity: 50
Author: Elizabeth Montalbano, Contributor, Dark Reading
The vulnerability would have allowed an unauthenticated attacker to execute code on a container hosted on one of the platform's nodes.
...moreBooking.com's OAuth Implementation Allows Full Account Takeover
Published: 2023-03-02 16:16:00
Popularity: 15
Author: Elizabeth Montalbano, Contributor, Dark Reading
Researchers exploited issues in the authentication protocol to force an open redirection from the popular hotel reservations site when users used Facebook to log in to accounts.
...moreReport: Air-Gapped Networks Vulnerable to DNS Attacks
Published: 2022-12-08 14:12:04
Popularity: 119
Author: Elizabeth Montalbano, Contributor, Dark Reading
Common mistakes in network configuration can jeopardize the security of highly protected assets and allow attackers to steal critical data from the enterprise.
...moreCritical Open Source vm2 Sandbox Escape Bug Affects Millions
Published: 2022-10-11 14:23:07
Popularity: 56
Author: Elizabeth Montalbano, Contributor, Dark Reading
Attackers could exploit the "Sandbreak" security bug, which has earned a 10 out of 10 on the CVSS scale, to execute a sandbox escape, achieve RCE, and run shell commands on a hosting machine.
...moreAndroid Leaks Wi-Fi Traffic Even When VPN Protection Features Are On
Published: 2022-10-12 16:20:35
Popularity: 14
Author: Elizabeth Montalbano, Contributor, Dark Reading
The platform lets network connectivity data escape outside of the secure tunnel when connected to a public network, posing a "privacy concern" for users with "certain threat models," researchers said.
...moreSpell-Checking in Google Chrome, Microsoft Edge Browsers Leaks Passwords
Published: 2022-09-20 17:37:16
Popularity: 131
Author: Elizabeth Montalbano, Contributor, Dark Reading
It's called "spell-jacking": Both browsers have spell-check features that send data to Microsoft and Google when users fill out forms for websites or Web services.
...morePhishing Campaign Targets PyPI Users to Distribute Malicious Code
Published: 2022-08-30 14:16:23
Popularity: 35
Author: Elizabeth Montalbano, Contributor, Dark Reading
The first-of-its-kind campaign threatens to remove code packages if developers don’t submit their code to a "validation" process.
...more