Bleeping Computer

Instructure confirms hackers used Canvas flaw to deface portals

Education technology giant Instructure has confirmed that a security vulnerability allowed hackers to modify Canvas login portals and leave an extortion message. BleepingComputer has learned that both ...
KSL

New scam spreads 'far and wide' to target Utahns

TAYLORSVILLE – The Utah Department of Public Safety is warning about a new scam that hit the phones of Utahns on Thursday. The message contained what purported to be a "final court-ordered mandatory ...
GitHub

Logging Alert Plugin for Graylog

The alert notification generate a log message when an alert is triggered. Perfect for example to record alerts as internal log messages in Graylog itself using the Internal Logs Input Plugin for ...
Microsoft

Weaponizing cross site scripting: When one bug isn’t enough

Cross-Site Scripting (XSS) is often underestimated as a minor vulnerability. In reality, XSS can open the door to more severe attacks when combined with other vulnerabilities. This post is the second ...
WeLiveSecurity

Winter Vivern exploits zero-day vulnerability in Roundcube Webmail servers

ESET Research has been closely tracking the cyberespionage operations of Winter Vivern for more than a year and, during our routine monitoring, we found that the group began exploiting a zero-day XSS ...
GitHub

Airthings Wave Plus Bridge to Wifi/LAN and MQTT

Presentation of the Wave Plus sensor data as HTML web page Exposure of the sensor data via a JSON API One or multiple Airthings Wave Plus devices A Raspberry PI that supports Bluetooth Low Energy (BLE ...
The Hacker News

Worst Day for eBAY, Multiple Flaws leave Millions of Users vulnerable to Hackers

It's not been more than 36 hours since eBay revealed it was hacked and we just come to know about three more critical vulnerabilities in eBay website that could allow an attacker to compromise users' ...