![]() |
Description: Russian internet service provider Nodex confirmed on Tuesday that its network was "destroyed" in a cyberattack claimed by Ukrainian hacktivists part of the Ukrainian Cyber Alliance [...]
January 8th, 2025 (6 months ago)
|
![]() |
Description: viceCoolMan Claims to have Leaked the Data of Everyday Health
January 8th, 2025 (6 months ago)
|
![]() |
Description: Cybersecurity researchers have found that bad actors are continuing to have success by spoofing sender email addresses as part of various malspam campaigns.
Faking the sender address of an email is widely seen as an attempt to make the digital missive more legitimate and get past security mechanisms that could otherwise flag it as malicious.
While there are safeguards such as DomainKeys
January 8th, 2025 (6 months ago)
|
![]() |
Description: LordVoldemort Claims to have Leaked the Data of Hollywood Hair
January 8th, 2025 (6 months ago)
|
![]() |
Description: [Darknetlive Archive] Man Sentenced in SLO Murder-for-Hire Case
January 8th, 2025 (6 months ago)
|
![]() |
Description: "Where Warlocks Stay Up Late" project speaks to hackers who have played pivotal roles in shaping the field of cybersecurity. The video interviews are complemented by an encyclopedia and an anthropological map.
January 8th, 2025 (6 months ago)
|
![]() |
Description: ​Medusind, a leading billing provider for healthcare organizations, is notifying hundreds of thousands of individuals of a data breach that exposed their personal and health information more than a year ago, in December 2023. [...]
January 8th, 2025 (6 months ago)
|
![]() |
Description: Over 4,000 abandoned but still active web backdoors were hijacked and their communication infrastructure sinkholed after researchers registered expired domains used for commanding them. [...]
January 8th, 2025 (6 months ago)
|
![]() |
Description: Albanian Hacking Tool: Ethical Hacking, Social Media Hacks, Phone Info, and More
January 8th, 2025 (6 months ago)
|
CVE-2023-40273 |
Description: Insufficient Session Expiration vulnerability in Apache Airflow Fab Provider.
This issue affects Apache Airflow Fab Provider: before 1.5.2.
When user password has been changed with admin CLI, the sessions for that user have not been cleared, leading to insufficient session expiration, thus logged users could continue to be logged in even after the password was changed. This only happened when the password was changed with CLI. The problem does not happen in case change was done with webserver thus this is different from CVE-2023-40273 which was addressed in Apache-Airflow 2.7.0
Users are recommended to upgrade to version 1.5.2, which fixes the issue.
References
https://nvd.nist.gov/vuln/detail/CVE-2024-45033
https://github.com/apache/airflow/pull/45139
https://lists.apache.org/thread/yw535346rk766ybzpqtvrl36sjj789st
https://github.com/advisories/GHSA-8863-4qmg-fr45
January 8th, 2025 (6 months ago)
|