Millions of cryptocurrency wallets created between 2011 and 2015 are potentially affected by an open source software vulnerability and might need to be regenerated, according to new research from Unciphered. While helping a customer regain access to a locked Bitcoin wallet last year, Unciphered discovered issues in the open source JavaScript Bitcoin library BitcoinJS that […]
Royal Mail jeopardizes users with open redirect flaw Pierluigi Paganini November 08, 2023 Royal Mail has left an open redirect vulnerability on one of its sites, exposing its customers to phishing attacks and malware infections. The centuries-old Royal Mail is the largest courier company in the UK, boasting twice the market share of Amazon. The […]
What is Open Shortest Path First (OSPF)? Open Shortest Path First (OSPF) is an IP routing protocol that uses a mathematical algorithm to calculate the most efficient path to direct traffic on IP networks. OSPF is an open standard and designated by the Internet Engineering Task Force (IETF) as one of several Interior Gateway Protocols […]
Oct 25, 2023Newsroom Critical security flaws have been disclosed in the Open Authorization (OAuth) implementation of popular online services such as Grammarly, Vidio, and Bukalapak, building upon previous shortcomings uncovered in Booking[.]com and Expo. The weaknesses, now addressed by the respective companies following responsible disclosure between February and April 2023, could have allowed malicious actors […]
Flaws in the implementation of the Open Authorization (OAuth) standard across three prominent online services could have allowed attackers to take over hundreds of millions of user accounts on dozens of websites, exposing people to credential theft, financial fraud, and other cybercriminal activity. Researchers from Salt Labs discovered critical API misconfigurations on the sites of […]
A recent phishing campaign targeting executives in senior roles has been exploiting an open redirection vulnerability in the Indeed website, cybersecurity firm Menlo Security warns. Headquartered in the US, Indeed is a popular worldwide job search platform, which claims to have more than 350 million unique visitors each month, and more than 14,000 employees globally. […]
A school district in Virginia has managed to keep classrooms open despite facing an attack from a notorious Russian ransomware gang. Fauquier County Public Schools runs 20 elementary, middle and high schools for more than 11,200 students. The county is about an hour from Washington D.C. A spokesperson for the district confirmed to Recorded Future […]
Two new high-severity Kubernetes vulnerabilities leave all Windows endpoints on an unpatched cluster open to remote code execution (RCE) with system privileges. Akamai has released a new report flagging the two Kubernetes vulnerabilities, and urged system administrators to take immediate steps to mitigate. The find was built on previous research into Windows nodes vulnerability CVE-2023-3676 […]
Multiple vulnerabilities in the Open Automation Software (OAS) Platform can be exploited to bypass authentication, leak sensitive information, and overwrite files, Cisco warns. Enabling communication and data transfer between servers, industrial control systems (ICS), IoT, and other types of devices, the OAS Platform is typically used in industrial operations and enterprise environments. It also supports […]