Latest news with #OAuth
CNET
5 days ago
- Business
- CNET
You Can Now Stream All of Taylor Swift's Original Recordings Again Guilt Free
She read you should never leave a fight unresolved -- and so she only went and won it. Taylor Swift has purchased her masters outright, with "no strings attached, no partnership, with full autonomy," as she told fans in a letter published on her website on Friday. Following a lengthy battle during which Swift's original record label Big Machine sold the masters to Scooter Braun, the singer-songwriter has now acquired her first six albums, music videos, concert films, album art and photography, unreleased songs, her "entire life's work," from Shamrock Holdings. { "error": { "message": "Invalid OAuth access token - Cannot parse access token", "type": "OAuthException", "code": 190, "fbtrace_id": "AjlDANtSc8Yz3qKjes3FTx5" } } For fans like myself, this is an emotional moment. Swift was clearly bereft over losing the opportunity to own her masters, and has described her victory in owning her work outright as her "greatest dream come true." Her Eras Tour, which took place throughout 2023 and 2024, was a celebration of her musical legacy thus far, which allowed those of us lucky enough to attend the opportunity to revel in all of the music Swift has put out into the world -- whether she owned it at the time or not. In a bid to gain ownership of her masters, Swift rerecorded and released four out of her first six albums -- Fearless, Speak Now, Red and 1989 -- with the suffix "(Taylor's Version)" and previously unreleased songs, known as "Vault Tracks." In her letter on Friday, Swift revealed that she has also rerecorded her debut album, Taylor Swift, in full, but hasn't rerecorded her sixth album Reputation. She added that at some point, she may release the Reputation vault tracks, which she previously described as "fire," and debut (Taylor's Version), but had no plans to do so immediately. It's been tricky for Swifties to stream the original versions of Swift's records over the past few years, as the royalties have directly benefitted those who had purchased her masters without her consent. But now that Swift owns all of her music again, it's fair game to listen to the originals on Spotify, Apple Music or whichever streaming service you subscribe to. So even though Reputation (Taylor's Version) and Taylor Swift (Taylor's Version) will not be coming to streaming services anytime soon, I know what I'll be doing tonight. I'll be celebrating this victory by blasting I'm Only Me When I'm With You, and my other top tracks off Swift's criminally underrated first album on Spotify (while still crossing my fingers that one day I can do the same with unreleased vault track, I'd Lie).
Metro
21-05-2025
- Metro
Warning to 1,800,000,000 Gmail users over sophisticated scam
Gmail users have been warned about a highly convincing scam email thatappears to come from Google themselves. The email seems to come from no-reply@ which is the address that real security updates come from. It links to a webpage hosted by Google, too, which is another convincing sign. But the website was not made by them; it was made by scammers trying to trick you. The email claims that 'a subpoena was served on Google LLC requiring us to produce a copy of your Google Account content'. It links to a domain designed to look like Google's genuine support page. However, the real support webpage is on while the 'sites' domain is one that anyone can build a free webpage on. Ordinary users are unlikely to know or notice this, however, and could inadvertently grant scammers permissions that could allow them access, or target you with malware. Security software firm Kaspersky said that there are other clues, too. If you look closer at the email details, the to and mailed-by fields contain a jumble of letters of emails which have nothing to do with Google, showing me[@]googl-mail-smtp-out-198-142-125-38-prod[.]net and The scam was first revealed by tech developer Nick Johnson. The scammers used Google OAuth technology, which is what you see when you use your Google details to sign into a different app. Those who fell victim to the scam approved the permissions thinking they were giving Google themselves permission. It is not clear exactly what the scammers hoped to achieve by this, but could involve data theft or infecting the victim with malware. Kapersky said that when an OAuth app is registered, 'the web application administrator can manually enter completely arbitrary text in the App Name field – this is what the criminals apparently took advantage of.' The mechanism that attackers used to do this has now been shut down, which will prevent this method of attack from working in future. A Google spokesperson said: 'We're aware of this class of targeted attack from this threat actor and have rolled out protections to shut down this avenue for abuse. 'In the meantime, we encourage users to adopt two-factor authentication and passkeys, which provide strong protection against these kinds of phishing campaigns.' They recently issued guidance on spotting scams, saying they will not ask for any of your account credentials, including your password, one-time passwords, confirm push notifications, and will not call you. Get in touch with our news team by emailing us at webnews@ For more stories like this, check our news page. MORE: People are placing bets on which five escaped New Orleans prisoners will be caught last MORE: Stalker detective tried to 'destroy' ex's life by lying he was a paedophile MORE: School boys deny throwing massive seat over balcony at Westfield
Yahoo
17-05-2025
- Yahoo
Chrome patched this bug, but CISA says it's still actively exploited
When you buy through links on our articles, Future and its syndication partners may earn a commission. Google patched a new Chrome bug recently Now, CISA added that vulnerability to KEV, signaling abuse in the wild Federal agencies have three weeks to update Chrome The US Cybersecurity and Infrastructure Security Agency (CISA) added a new Chrome bug to its Known Exploited Vulnerabilities (KEV) catalog, signalling abuse in the wild, and giving Federal Civilian Executive Branch (FCEB) agencies a deadline to patch things up. The flaw is tracked as CVE-2025-4664. It was recently discovered by security researchers Solidlab, and is described as an 'insufficient policy enforcement in Loader in Google Chrome'. On NVD, it was explained that the bug allowed remote threat actors to leak cross-origin data via a crafted HTML page. "Query parameters can contain sensitive data - for example, in OAuth flows, this might lead to an Account Takeover. Developers rarely consider the possibility of stealing query parameters via an image from a 3rd-party resource,' researcher Vsevolod Kokorin, who was attributed with discovering the bug, explained. 60% off for Techradar readers With Aura's parental control software, you can filter, block, and monitor websites and apps, set screen time limits. Parents will also receive breach alerts, Dark Web monitoring, VPN protection, and antivirus. Preferred partner (What does this mean?)View Deal The flaw was first uncovered on May 5, with Google coming back with a patch on May 14. The browser giant did not discuss if the flaw was being exploited in real-life attacks, but it did state that it had a public exploit (which basically means the same thing). Now, with CISA adding the bug to KEV, FCEB agencies have until June 5 to patch their Chrome instances or stop using the browser altogether. The first clean versions are 136.0.7103.113 for Windows/Linux and 136.0.7103.114 for macOS. In many cases, Chrome would deploy the update automatically, so just double-check which version you're running. "These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise," CISA warned. Indeed, the web browser is one of the most frequently targeted programs, since it handles untrusted data from countless sources around the web. Cybercriminals are always looking for vulnerabilities in browser code, plugins, or poorly secured websites, in an attempt to grab login credentials, or other ways to compromise the wider network. Via BleepingComputer Solar grids could be hijacked and even potentially disabled by these security flaws Take a look at our guide to the best authenticator app We've rounded up the best password managers
Forbes
16-05-2025
- Forbes
Google Chrome Deadline—21 Days To Update Or Stop Using Your Browser
Update nbow warning for 2 billion Chrome users Google has warned that Chrome is open to attack, and has rushed out a fix for a vulnerability that enables a hacker to steal login credentials and bypass multi-factor authentication (MFA). It's a critical issue and it's imperative it's fixed immediately. Unsurprisingly, given the severity of the threat, America's cyber defense agency has mandated an update deadline. Users have until June 5 to 'apply mitigations per vendor instructions… or discontinue use of the product if mitigations are unavailable.' Put more simply. That means update inside the next 21 days or stop using your browser until you do. CISA's formal mandate only applies to federal employees, but its remit extends to all organizations, 'to help every them better manage vulnerabilities and keep pace with threat activity.' Given the nature of this threat, users should act now. As I warned yesterday, Google's fix for CVE-2025-4664 came with a warning'of reports that an exploit exists in the wild.' This was flagged on X by @slonser_, after discovering that 'a technique that's probably not widely known in the community' enabled a query parameter takeover that could exploit sensitive data included in the string. 'In OAuth flows, this might lead to an Account Takeover' if that query parameter is stolen. This means stealing the text string in Chrome's address bar that includes security session credentials after you've logged into a service. It enables an attacker to replicate the secure session on their own device. It's unclear whether the flagged exploit is the POC raised or there are actual attacks underway with bad actors having identified the vulnerability independently. It doesn't matter now. This is in the public domain. We're now in the period of maximum risk as attackers strike before browsers are patched. Check your Chrome browser for the notification an update has been downloaded and you need to relaunch to ensure it installs. You're looking for Chrome version 136.0.7103.113/.114. Do this as soon as you can — don't let dozens of open tabs holds you back. With this vulnerability, it is imperative to patch now.
Daily Mirror
16-05-2025
- Daily Mirror
Everyone using Chrome must check their web browser now - don't ignore new alert
Chrome users are being urged to check their browser immediately. Google has just released an urgent Chrome update, and it's definitely not something users of this popular web browser should ignore. It's been confirmed that the latest download from the US technology giant fixes a bug that's been found within the application. Although that may not sound like a reason to go dashing to the settings and installing a new version of Chrome there's an important reason why users must act as soon as possible. It's been revealed that the issue has been given the dreaded zero-day stamp. That basically means hackers are already aware of the flaw and have been actively exploiting it in the wild. This is why Google has rushed to fix things so quickly. "Google is aware of reports that an exploit for CVE-2025-4664 exists in the wild," Google said in a Wednesday security advisory. The gremlin was initially found by Solidlab security researcher Vsevolod Kokorin, who says the flaw could eventually lead to an account takeover by cyber thieves. "Query parameters can contain sensitive data - for example, in OAuth flows, this might lead to an Account Takeover. Developers rarely consider the possibility of stealing query parameters via an image from a 3rd-party resource," Kokorin explained. If you use Chrome, it's now vital to check you are running the very latest version. "The Stable channel has been updated to 136.0.7103.113/.114 for Windows, Mac and 136.0.7103.113 for Linux which will roll out over the coming days/weeks," Google confirmed. Most users are already seeing this update in their settings so check now and reboot your browser without delay.
