Security News

Subdominator: Open-source tool for detecting subdomain takeovers
2023-12-20 04:00

Subdominator is a dependable and fast open-source command-line interface tool to identify subdomain takeovers. It boasts superior accuracy and reliability, offering improvements compared to other tools.

Design flaw leaves Google Workspace vulnerable for takeover
2023-11-28 15:23

A design flaw in Google Workspace's domain-wide delegation feature, discovered by Hunters' Team Axon, can allow attackers to misuse existing delegations, enabling privilege escalation and unauthorized access to Workspace APIs without Super Admin privileges. Such exploitation could result in the theft of emails from Gmail, data exfiltration from Google Drive, or other unauthorized actions within Google Workspace APIs on all the identities in the target domain.

Researchers Find 34 Windows Drivers Vulnerable to Full Device Takeover
2023-11-02 08:59

As many as 34 unique vulnerable Windows Driver Model (WDM) and Windows Driver Frameworks (WDF) drivers could be exploited by non-privileged threat actors to gain full control of the devices and...

New Admin Takeover Vulnerability Exposed in Synology's DiskStation Manager
2023-10-18 06:48

A medium-severity flaw has been discovered in Synology's DiskStation Manager (DSM) that could be exploited to decipher an administrator's password and remotely hijack the account. "Under some rare...

Tech CEO admits role in tricking Qualcomm into $150M takeover
2023-08-15 10:27

The former chief executive of a company that was sold to Qualcomm for more than $150 million has pleaded guilty to one count of money laundering relating to a $1.5 million transaction involving proceeds from the deal. Sanjiv Taneja was CEO at startup Abreezio, for which Qualcomm agreed to pay roughly $180 million, $150 million of which was paid in cash in October 2015.

Mastodon Social Network Patches Critical Flaws Allowing Server Takeover
2023-07-07 12:55

Mastodon, a popular decentralized social network, has released a security update to fix critical vulnerabilities that could expose millions of users to potential attacks. Mastodon is known for its federated model, consisting of thousands of separate servers called "Instances," and it has over 14 million users across more than 20,000 instances.

Critical 'nOAuth' Flaw in Microsoft Azure AD Enabled Complete Account Takeover
2023-06-21 11:38

A security shortcoming in Microsoft Azure Active Directory Open Authorization process could have been exploited to achieve full account takeover, researchers said. "nOAuth is an authentication implementation flaw that can affect Microsoft Azure AD multi-tenant OAuth applications," Omer Cohen, chief security officer at Descope, said.

Microsoft fixes Azure AD auth flaw enabling account takeover
2023-06-20 16:38

Microsoft has addressed an Azure Active Directory authentication flaw that could allow threat actors to escalate privileges and potentially fully take over the target's account. This misconfiguration could be abused in account and privilege escalation attacks against Azure AD OAuth applications configured to use the email claim from access tokens for authorization.

Threat Group UNC3944 Abusing Azure Serial Console for Total VM Takeover
2023-05-17 11:52

A financially motivated cyber actor has been observed abusing Microsoft Azure Serial Console on virtual machines to install third-party remote management tools within compromised environments. "This method of attack was unique in that it avoided many of the traditional detection methods employed within Azure and provided the attacker with full administrative access to the VM," the threat intelligence firm said.

WhatsApp announces features to prevent account takeover
2023-04-14 12:35

WhatsApp will be rolling out three new security features in the coming months, to provide users with increased privacy and control over their messages and to help prevent unauthorized account access and takeover. WhatsApp's new check when moving account to another phone.