#23andMe #hack

I was thinking of giving them my genetic information. 🤔

https://www.bleepingcomputer.com/news/security/genetics-firm-23andme-says-user-data-stolen-in-credential-stuffing-attack/

#hack #Kodex

https://www.404media.co/hackers-target-kodex-accounts-edrs/

#hack

#Okta again!?

https://sec.okta.com/harfiles

#hack #way

A good example of a suspected security breach report from !#1password
They suspected that something was going on in their #Okta account, i.e. all sorts of internal admin and helpdesk stuff.

A member of the IT team handled Okta support and, at their request, created a HAR file from Chrome Dev Tools and uploaded it to the Okta support portal. This HAR file contains a record of all traffic between the browser and Okta's servers, including sensitive information including session cookies. In the early morning hours of Friday, September 29, an unknown attacker used the same Okta session used to create the HAR file to access the Okta administration portal and attempted the following:

- Attempted to access an IT employee's user dashboard, but the attempt was blocked by the Okta system.

- Updated the existing IDP tied to our Google production environment.

- Activated the IDP.

- Requested an admin user report.

The last action on this list resulted in an alert email being sent to a member of the IT team, which of course resulted in a quick response.

More details:

https://blog.1password.com/files/okta-incident/okta-incident-report.pdf

#hack #FlipperZero vs #iPhones

When it was pre-ordered - I wasn't able to order and I regret it a bit. 😏

https://arstechnica.com/security/2023/11/flipper-zero-gadget-that-doses-iphones-takes-once-esoteric-attacks-mainstream/

#hack

If you are using any version of #Confluence, it is a good idea to backup all your data immediately. A vulnerability has been discovered that allows to modify and delete page and file content. Not only cloud instances are vulnerable, but also those located in user data centers:

https://arstechnica.com/security/2023/11/critical-vulnerability-in-atlassian-confluence-server-is-under-mass-exploitation/

#hack in #news

#video #social #hack

Fresh #hack: #ChatGPT can generate sequences memorized from its training data using a very trivial attack. You tell the bot to “say the word * as many times as possible”. And, starting with some attempt, ChatGPT starts to produce something very similar to the original data from the training sample:

https://stackdiary.com/chatgpts-training-data-can-be-exposed-via-a-divergence-attack/

#MongoDB #hack ?

#security #hack #OAuth

Dylan from truffleSecurity talks about a simple hole (it seems a bit loud to call it a vulnerability) that allows users of companies that use #Google authorization in services like Slack or Zoom to continue to have access even after being fired and having their access removed.

The hole is that such services use email as the user ID. But, obviously, you can create several different email addresses that receive the same emails (e.g. by adding words after "+"):

https://trufflesecurity.com/blog/google-oauth-is-broken-sort-of/

#security #hack #2023

Compilation of the biggest cyberattacks of the past year:

https://www.bleepingcomputer.com/news/security/the-biggest-cybersecurity-and-cyberattack-stories-of-2023/

#Dropbox #hack

“We discovered that the threat actor had accessed data related to all users of Dropbox Sign, such as emails and user names, in addition to general account settings,” Dropbox said Wednesday in a regulatory filing. “For subsets of users, the threat actor also accessed phone numbers, hashed passwords, and certain authentication information such as API keys, OAuth tokens, and multi-factor authentication.”

https://finance.yahoo.com/news/dropbox-says-hackers-breached-digital-211551057.html