authorization

AppWizard
June 30, 2026
Jennifer Gibbons, Vice President of State Government Affairs at the Entertainment Software Association (ESA), stated during a California State Senate hearing that community servers for Minecraft and Call of Duty are "illegal" and equate to "piracy." She mentioned that the ESA has pending lawsuits against private servers and that the United States Trade Representative (USTR) has identified some private servers as notorious markets for piracy. Gibbons' comments were challenged by Assemblyman Chris Ward, who noted the existence of community servers for both games. An ESA representative later clarified that Gibbons was responding to a complex question and that private servers hosting copyrighted content without authorization infringe on the intellectual property rights of game publishers. The ESA reported a total revenue of ,614,556 in the fiscal year ending March 2025, with ,804,681 from member dues.
AppWizard
June 30, 2026
The California State Senate hearing on the Protect Our Games Act raised questions about the legality of private Minecraft servers. Assemblyman Chris Ward noted that games like Minecraft and Call of Duty have successfully used community servers, while Jennifer Gibbons from the ESA argued that these servers are illegal and unapproved by Microsoft, labeling them as piracy. Gibbons stated that the ESA has two lawsuits against private servers for infringing on intellectual property rights. In contrast, Minecraft's official stance encourages the creation of third-party servers, which are vetted for compliance with community standards. The ESA maintains that private servers infringe on publishers' rights. The USTR's Notorious Market Report referenced by Gibbons does not specifically target community servers for connecting friends but focuses on those bypassing subscription services. The Protect Our Games Act did not advance but will be reconsidered. An ESA representative later clarified that private servers hosting copyrighted content without authorization infringe on publishers' rights and highlighted concerns about safety standards on these platforms.
Tech Optimizer
June 23, 2026
A critical security vulnerability, SVD-2026-0603 (CVE-2026-20253), has been identified in Splunk Enterprise versions 10.0.0 through 10.0.6 and 10.2.0 through 10.2.3. This flaw allows unauthenticated, remote attackers to create or truncate arbitrary files on the host system by exploiting the PostgreSQL Sidecar Service endpoints. The vulnerability is actively exploited, with public proof-of-concept code available, and has been added to the CISA Known Exploited Vulnerabilities (KEV) list. Successful exploitation can lead to full remote code execution (RCE) as the Splunk user. The vulnerability arises from inadequate authentication controls on the PostgreSQL Sidecar Service endpoints, specifically /v1/postgres/recovery/backup and /v1/postgres/recovery/restore, which are accessible without authentication. It is classified under CWE-306: Missing Authentication for Critical Function and has a CVSS v3.1 base score of 9.8 (Critical). Attackers can exploit the vulnerability by sending crafted HTTP POST requests to the exposed endpoints, allowing them to create or truncate files and potentially execute malicious scripts. Indicators of compromise include unexpected files in directories such as /tmp/ or /opt/splunk/var/run/supervisor/pkg-run/, modified Splunk Python scripts, and unusual outbound connections from Splunk to unknown PostgreSQL servers. The vulnerability aligns with several MITRE ATT&CK techniques, including T1190 (Exploit Public-Facing Application) and T1059 (Command and Scripting Interpreter). Active exploitation of CVE-2026-20253 has been confirmed, and it is likely that both opportunistic cybercriminals and sophisticated threat actors will use this exploit. The affected versions of Splunk Enterprise are 10.2.0 through 10.2.3 and 10.0.0 through 10.0.6, with the issue resolved in versions 10.2.4 and 10.0.7. Organizations are advised to upgrade to fixed versions or disable the PostgreSQL Sidecar Service as a mitigation strategy.
Tech Optimizer
June 13, 2026
On June 10th, Splunk released an advisory for CVE-2026-20253, a high-severity vulnerability with a CVSS score of 9.8 that requires no authentication. The vulnerability is associated with the PostgreSQL Sidecar Service Endpoint and affects Splunk Enterprise versions 10 and above. In default installations, the service is not installed on Windows but is installed and enabled by default on AWS. The vulnerability allows unauthorized users to create and truncate arbitrary files through an API that lacks authentication controls. Additionally, it enables the execution of SQL commands via a backup and restore mechanism, potentially leading to remote code execution (RCE). A Detection Artefact Generator has been developed to help organizations assess their vulnerability to this issue.
AppWizard
June 2, 2026
Meta has launched 13+ Teen Accounts on Instagram, Facebook, and Messenger, aiming to create a safer online environment for younger users. The rollout includes default settings that resulted in a 68% reduction in mature content on Instagram compared to other platforms. Meta is collaborating with the trust and safety firm Alice to test these new settings and is exploring ways to limit specific content types, particularly related to nutrition and anxiety. A report by whistleblower Arturo Béjar raised concerns about the effectiveness of Meta's teen safety features, leading to an overhaul of Instagram Teen Accounts. Meta faced controversy for comparing its content restrictions to PG-13 guidelines without authorization from the MPAA, which resulted in a cease and desist order but ended in a resolution. Additionally, new features have been introduced, including enhanced parental supervision tools and global age detection capabilities.
AppWizard
May 27, 2026
Google has enhanced the Android checkout experience by integrating stored credentials from Google Wallet, allowing developers to offer a seamless payment process with the new Express checkout feature using Google Pay for Android native applications. Developers can implement dynamic callbacks in their applications for real-time updates on shipping options, taxes, and total prices during transactions, improving the checkout process without closing the payment interface. These dynamic callbacks, previously available on the web, are now fully supported in Android applications, streamlining the checkout funnel. This innovation reduces friction in payments, facilitates a one-click experience, and enhances accuracy and authorization feedback, ultimately driving higher conversion rates. Recent reports indicate that mobile wallets, including Google Pay, are becoming mainstream, with 31% of consumers using a mobile wallet in-store within the past week, and the number of users reporting Google Pay usage doubling year over year. Additionally, 84% of shoppers prioritize one-click options, and 80% utilize stored credentials, highlighting the importance of these features in reducing cart abandonment and enhancing conversion rates.
Tech Optimizer
May 21, 2026
PostgreSQL has released versions 18.4, 17.10, 16.14, 15.18, and 14.23 to address 11 security vulnerabilities and over 60 bugs. The vulnerabilities affect PostgreSQL versions 14 through 18 and include issues such as remote code execution, SQL injection, and denial-of-service risks. Specific vulnerabilities include: - CVE-2026-6472: Missing authorization in CREATE TYPE allows query hijacking. - CVE-2026-6473: Integer wraparound leads to out-of-bounds writes and server crashes. - CVE-2026-6474: Format string issue leaks server memory. - CVE-2026-6475: Symlink attack allows overwriting arbitrary files. - CVE-2026-6476: SQL injection allows execution of arbitrary SQL as superuser. - CVE-2026-6477: Memory buffer overwrite via libpq lo_* functions. - CVE-2026-6478: Timing attack exposes MD5-hashed passwords. - CVE-2026-6479: SSL/GSS recursion flaw allows denial-of-service. - CVE-2026-6575: Buffer over-read leaks memory data (PostgreSQL 18 only). - CVE-2026-6637: Refint module enables stack overflow and SQL injection, leading to possible RCE. - CVE-2026-6638: SQL injection in REFRESH PUBLICATION via table names. Organizations are advised to upgrade to the latest versions, avoid MD5 password authentication, restrict privileges, audit extensions, and monitor for abnormal activity. PostgreSQL 14 will reach its end-of-life on November 12, 2026.
Search