auth

Blog
digitpatrox3 days ago
10

Malicious PyPi package steals Discord auth tokens from devs

A malicious package named ‘pycord-self’ on the Python package index (PyPI) targets Discord developers to steal authentication tokens and plant a backdoor for remote control over the system. The package mimics the highly popular ‘discord.py-self,’ which has nearly 28 million downloads, and even offers the functionality of the legitimate project. The official package is a Python library that allows communication with Discord’s…
Read More »
Blog
digitpatroxDecember 11, 2024
52

Ivanti warns of maximum severity CSA auth bypass vulnerability

Today, Ivanti warned customers about a new maximum-severity authentication bypass vulnerability in its Cloud Services Appliance (CSA) solution. The security flaw (tracked as CVE-2024-11639 and reported by CrowdStrike’s Advanced Research Team) enables remote attackers to gain administrative privileges on vulnerable appliances running Ivanti CSA 5.0.2 or earlier without requiring authentication or user interaction by circumventing authentication using an alternate path…
Read More »
Blog
digitpatroxOctober 23, 2024
81

AWS, Azure auth keys found in Android and iOS apps used by millions

Multiple popular mobile applications for iOS and Android come with hardcoded, unencrypted credentials for cloud services like Amazon Web Services (AWS) and Microsoft Azure Blob Storage, exposing user data and source code to security breaches. Exposing this type of credentials can easily lead to unauthorized access to storage buckets and databases with sensitive user data. Apart from this, an attacker could use…
Read More »
Blog
digitpatroxAugust 15, 2024
147

GitHub Actions artifacts found leaking auth tokens in popular projects

Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD workflows. Attackers stealing these tokens could gain unauthorized access to private repositories, steal source code, or inject malicious code into projects. The discovery by Palo Alto Networks’ Unit 42 prompted action by owners of…
Read More »

auth

Malicious PyPi package steals Discord auth tokens from devs

Ivanti warns of maximum severity CSA auth bypass vulnerability

AWS, Azure auth keys found in Android and iOS apps used by millions

GitHub Actions artifacts found leaking auth tokens in popular projects

How to Follow a Training Program for a Marathon or Half Marathon, Even When Nothing Is Going Right

7 Best Ways to Keep Your Memory Sharp

Samsung Care+ Now Offers Free Galaxy Screen Repairs

Apple’s movie theater beef with Hollywood is getting worse

Microsoft and Nvidia are teaming up to support UK AI startups – and they want to attract firms outside of London and the South East

AI coding tools aren’t the solution to the unfolding ‘developer crisis’ – teams think they can boost productivity and delivery times, but end up bogged down by manual remediation and unsafe code

Today’s Wordle Hints, Answer for #1312 on January 21, 2025

The Best New Movies to Stream This Week

Should You Lower Tire Pressure to Gain Traction in Snow?

Texas Board of Physical Therapy Examiners breached, SSNs and other info compromised

These Are the Budget Earbuds to Care About

How to enable Do Not Track on your web browser for Windows