Tag: credentials

Source URL: https://blog.cloudflare.com/https-only-for-cloudflare-apis-shutting-the-door-on-cleartext-traffic/ Source: The Cloudflare Blog Title: HTTPS-only for Cloudflare APIs: shutting the door on cleartext traffic Feedly Summary: We are closing the cleartext HTTP ports entirely for Cloudflare API traffic. This prevents the risk of clients unintentionally leaking their secret API keys in cleartext during the initial request. AI Summary and Description: Yes…

Hacker News: CVE-2024-9956 – PassKey Account Takeover in All Mobile Browsers

Mar 19, 2025

—

by

Source URL: https://mastersplinter.work/research/passkey/ Source: Hacker News Title: CVE-2024-9956 – PassKey Account Takeover in All Mobile Browsers Feedly Summary: Comments AI Summary and Description: Yes Summary: The provided text discusses a significant vulnerability found in major mobile browsers that enables an attacker within Bluetooth range to exploit FIDO URIs, undermining the security assumptions around PassKeys authentication.…

Unit 42: Threat Assessment: GitHub Actions Supply Chain Attack: The Compromise of tj-actions/changed-files

Mar 18, 2025

—

by

Source URL: https://unit42.paloaltonetworks.com/github-actions-supply-chain-attack/ Source: Unit 42 Title: Threat Assessment: GitHub Actions Supply Chain Attack: The Compromise of tj-actions/changed-files Feedly Summary: A compromise of the GitHub action tj-actions/changed-files highlights how attackers could exploit vulnerabilities in third-party actions to compromise supply chains. The post Threat Assessment: GitHub Actions Supply Chain Attack: The Compromise of tj-actions/changed-files appeared first…

The Cloudflare Blog: Extending Cloudflare Radar’s security insights with new DDoS, leaked credentials, and bots datasets

Mar 18, 2025

—

by

Source URL: https://blog.cloudflare.com/cloudflare-radar-ddos-leaked-credentials-bots/ Source: The Cloudflare Blog Title: Extending Cloudflare Radar’s security insights with new DDoS, leaked credentials, and bots datasets Feedly Summary: For Security Week 2025, we are adding several new DDoS-focused graphs, new insights into leaked credential trends, and a new Bots page to Cloudflare Radar. AI Summary and Description: Yes Summary: The…

Hacker News: Password reuse is rampant: nearly half of observed user logins are compromised

Mar 18, 2025

—

by

Source URL: https://blog.cloudflare.com/password-reuse-rampant-half-user-logins-compromised/ Source: Hacker News Title: Password reuse is rampant: nearly half of observed user logins are compromised Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses the pervasive issue of password reuse and its significant impact on online security, particularly regarding content management systems like WordPress. It highlights alarming statistics…

Microsoft Security Blog: StilachiRAT analysis: From system reconnaissance to cryptocurrency theft

—

by

Source URL: https://www.microsoft.com/en-us/security/blog/2025/03/17/stilachirat-analysis-from-system-reconnaissance-to-cryptocurrency-theft/ Source: Microsoft Security Blog Title: StilachiRAT analysis: From system reconnaissance to cryptocurrency theft Feedly Summary: Microsoft Incident Response uncovered a novel remote access trojan (RAT) named StilachiRAT, which demonstrates sophisticated techniques to evade detection, persist in the target environment, and exfiltrate sensitive data. This blog primarily focuses on analysis of the WWStartupCtrl64.dll…

Bulletins: Vulnerability Summary for the Week of March 10, 2025

—

by

Source URL: https://www.cisa.gov/news-events/bulletins/sb25-076 Source: Bulletins Title: Vulnerability Summary for the Week of March 10, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1E–1E Client Improper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local unprivileged…

Cloud Blog: BitM Up! Session Stealing in Seconds Using the Browser-in-the-Middle Technique

—

by

Source URL: https://cloud.google.com/blog/topics/threat-intelligence/session-stealing-browser-in-the-middle/ Source: Cloud Blog Title: BitM Up! Session Stealing in Seconds Using the Browser-in-the-Middle Technique Feedly Summary: Written by: Truman Brown, Emily Astranova, Steven Karschnia, Jacob Paullus, Nick McClendon, Chris Higgins Executive Summary The Rise of Browser in the Middle (BitM): BitM attacks offer a streamlined approach, allowing attackers to quickly compromise sessions…

The Cloudflare Blog: Advancing account security as part of Cloudflare’s commitment to CISA’s Secure by Design pledge

—

by