Security News

PyPI packages caught stealing credit card numbers, Discord tokens
2021-07-30 12:18

The Python Package Index registry has removed several Python packages this week aimed at stealing users' credit card numbers, Discord tokens, and granting code execution capabilities to attackers. Malware steals credit card numbers, browser files, Discord tokens.

NitroRansomware Asks for $9.99 Discord Gift Codes, Steals Access Tokens
2021-04-19 19:23

The NitroRansomware malware strain is shaking up the ransomware norm by demanding Discord Nitro gift codes from victims instead of actual money. According to an analysis by Bleeping Computer, the ransomware verifies that the provided Discord gift codes are valid, and decrypts the files using an embedded static decryption key.

Twitter Warns Developers of API Bug That Exposed App Keys, Tokens
2020-09-28 15:15

Twitter developers are being warned of a security bug that may have exposed their applications' credential information - including sensitive application keys and access tokens. These applications allow Twitter users to incorporate multiple platforms into their Twitter account - for instance, OutTwit, a Windows application, allows users to access Twitter via Outlook.

Twitter Warns Developers of API Bug That Exposed App Keys, Tokens
2020-09-28 15:15

Twitter developers are being warned of a security bug that may have exposed their applications' credential information - including sensitive application keys and access tokens. These applications allow Twitter users to incorporate multiple platforms into their Twitter account - for instance, OutTwit, a Windows application, allows users to access Twitter via Outlook.

Singapore government scraps physical 2FA tokens for government services
2020-04-01 03:26

Singapore will bin the physical tokens used to provide two-factor authentication for some digital government services. The city-state operates "SingPass", a government service that connects Singapore's residents with 200 government services.

Secret-sharing app Whisper shared secrets like last known location and actual password tokens in exposed database
2020-03-11 13:42

Whisper, a mobile app for sharing those thoughts you'd rather not make public, turns out to be better at sharing secrets than keeping them, spilling a whopping 90 metadata fields associated with users in an exposed database. In a phone interview with The Register, Dan Ehrlich, security consultant with Twelve Security, said colleague Matt Porter had spotted the unprotected Whisper ElasticSearch database.

OpenSSH eases admin hassles with FIDO U2F token support
2020-02-19 11:00

OpenSSH version 8.2 is out and the big news is that the world's most popular remote management software now supports authentication using any FIDO U2F hardware token. Adding support inside OpenSSH simply means that any U2F token can now be used, including older FIDO1 and more recent FIDO2 hardware.

YouTube ‘influencers’ get 2FA tokens phished
2019-09-24 14:50

100K or so creators in the YouTube car community were targeted by a phishing campaign that captured 2FA codes.

GitHub Now Scans Commits for Atlassian, Dropbox, Discord Tokens
2019-08-20 08:39

Microsoft-owned GitHub on Monday announced that its token scanning service will also check commits for Atlassian, Dropbox, Discord, Proctorio and Pulumi tokens that have been accidentally shared. read more

IOTA develops Trinity, a secure software wallet for IOTA tokens
2019-07-04 04:00

IOTA Foundation, a non-profit foundation focused on distributed ledger technology (DLT) and open-source ecosystem development, announced the release of Trinity, a secure software wallet for IOTA...