Skip to content

Gotham Security Daily Threat Alerts

by on May 7, 2014

May 6, Help Net Security – (International) Windows flaw allows access to data after accounts are revoked. Researchers at Aorato found that disabled, deleted, expired, or locked-out accounts in Microsoft Windows networks can remain valid for up to 10 hours after being revoked, potentially allowing attackers to use the accounts to gain access to company data. Source: http://www.net-security.org/secworld.php?id=16805

May 6, Softpedia – (International) DrawQuest shut down after hackers gain access to Amazon servers. DrawQuest shut down its free drawing community service following a compromise of its systems where attackers used the service’s Amazon account to order hundreds of expensive servers. There was no indication that users’ encrypted passwords were stolen, though users were advised to change their passwords as a precaution. Source: http://news.softpedia.com/news/DrawQuest-Shut-Down-After-Hackers-Gain-Access-to-Amazon-Servers-440758.shtml

May 5, Softpedia – (International) “Covert redirect” OAuth security flaw not as serious as it sounds, experts say. A researcher reported finding a vulnerability dubbed “covert redirect” in OAuth and OpenID that could allow an attacker to access users’ information. However, security researchers found that the vulnerability is only in certain implementations of OAuth and requires both user interaction and an open redirect to be present in a targeted application to be effective. Source: http://news.softpedia.com/news/Covert-Redirect-OAuth-Security-Flaw-Not-as-Serious-as-It-Sounds-Experts-Say-440575.shtml

 

From → Security

Comments are closed.

%d bloggers like this: