Github Enterprise Default Session Secret And Deserialization

This Metasploit module exploits two security issues in Github Enterprise, version 2.8.0 – 2.8.6. The first is that the session management uses a hard-coded secret value, which can be abused to sign a serialized malicious Ruby object. The second problem is due to the use of unsafe deserialization, which allows the malicious Ruby object to […]

Experts Doubt Hackers Claim Of Millions Of Breached Apple Credentials

Security experts say they are skeptical that a group of hackers called Turkish Crime Family actually possess a cache of hundreds of millions of Apple iCloud account credentials. A more plausible explanation, they say, is that crooks used credential stuffing attacks to amass a limited number of valid Apple usernames and passwords in attempt to […]