2013 and Authentication - Cyber Security Informer

The ticking time bomb of Microsoft Exchange Server 2013

DoublePulsar

DECEMBER 22, 2023

I’ve discovered two organisations with ransomware incidents, where the entry point appears to have been Exchange Server 2013 with Outlook Web Access enabled, where all available security updates were applied. But since there were a range of post authentication Exchange Server vulnerabilities this year ( link ), I doubt it is a zero day.

Ransomware

Ransomware Internet Internet Software

CISA Urges Exchange Online Authentication Update

eSecurity Planet

JUNE 30, 2022

CISA noted that Basic authentication is simple and pretty convenient but unsecured by design. And it’s incompatible with multi-factor authentication (MFA) systems , so admins might be discouraged from enabling it. or Microsoft Active Directory Authentication Library uses tokens that expire quickly and cannot be reused elsewhere.

Authentication

Authentication Government Passwords Cybersecurity

SHARED INTEL: Coming very soon — ‘passwordless authentication’ as a de facto security practice

The Last Watchdog

NOVEMBER 11, 2020

As a tradeoff for enjoying our digital lives, we’ve learned to live with password overload and even tolerate two-factor authentication. I had a chance to discuss this seminal transition with George Avetisov, co-founder and chief executive officer of HYPR , a Manhattan-based supplier of advanced authentication technologies.

Authentication

Authentication VPN Passwords Hacking

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Coverage Advisory for CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability

Security Boulevard

MARCH 17, 2023

Once Outlook receives this message it initiates a NTLM authentication with this SMB share server. The attacker can then use this connection's NTLM negotiation message and relay this authentication against other systems that support NTLM authentication. There is no user interaction required to trigger this vulnerability.

Authentication

Authentication Accountability

Auth0’s Matias Woloski on prioritizing the developer experience

CSO Magazine

JUNE 21, 2022

Auth0 is a cloud identity platform that helps developers deal with authentication and authorization. It was founded in 2013 by Woloski (CTO) and Eugenio Pace (CEO) via remote partnership while Woloski lived in Argentina and Pace in the US. He currently acts as its CTO, a role to which brings a forward-looking dynamism.

Authentication

Lab Walkthrough?—?Moodle SpellChecker Path Authenticated RCE [CVE-2021–21809]

Pentester Academy

MARCH 23, 2023

Lab Walkthrough — Moodle SpellChecker Path Authenticated RCE [CVE-2021–21809] In our lab walkthrough series, we go through selected lab exercises on our INE Platform. Also, to access the upgrade.txt file, we do not need any authentication. This is extremely similar to CVE-2013–3630, just using a different variable. and 3.8.0.

Authentication

Authentication Mobile Passwords Penetration Testing

Vulnerabilities that (mostly) aren’t: LUCKY13

Pen Test Partners

MAY 2, 2024

The LUCKY13 attack was a vulnerability and tied attack identified in February 2013 by AlFardan and Paterson of the Royal Holloway, University of London and given CVE-2013-0169. This can cause a time difference between the various sizes of blocks due to the way that the Message Authentication Code (MAC) is calculated. What is it?

Risk

Risk Software Authentication Internet

Microsoft Exchange ProxyNotShell vulnerability explained and how to mitigate it

CSO Magazine

DECEMBER 15, 2022

Nearly a year later, Exchange Server admins are met with another threat: ProxyNotShell, which in fact is a vulnerability chain comprising two actively exploited flaws: CVE-2022-41040 is a server-side request forgery (SSRF) vulnerability that an authenticated attacker can exploit for privilege escalation.

InfoSec

InfoSec Authentication Internet Internet

PoC exploit code for ProxyNotShell Microsoft Exchange bugs released online

Security Affairs

NOVEMBER 20, 2022

they impact Exchange Server 2013, 2016, and 2019, an authenticated attacker can trigger them to elevate privileges to run PowerShell in the context of the system and gain arbitrary or remote code execution on vulnerable servers. It's perhaps just Exchange 2013 that requires a tweak. Can confirm.

Authentication

Authentication Hacking Cybersecurity Information Security

Microsoft Patch Tuesday, February 2022 Edition

Krebs on Security

FEBRUARY 8, 2022

Among those is CVE-2022-22005 , a weakness in Microsoft’s Sharepoint Server versions 2013-2019 that could be exploited by any authenticated user. “However, given the number of stolen credentials readily available on underground markets, getting authenticated could be trivial. .

Authentication

Authentication Internet Internet System Administration

Microsoft Patch Tuesday, March 2023 Edition

Krebs on Security

MARCH 15, 2023

The Outlook vulnerability ( CVE-2023-23397 ) affects all versions of Microsoft Outlook from 2013 to the newest. ” “The vulnerability effectively lets the attacker authenticate as a trusted individual without having to know the person’s password,” Breen said.

Passwords

Passwords Cyber threats Authentication Internet

Microsoft says to ditch passwords all together on World Password Day

CyberSecurity Insiders

MAY 6, 2022

World Password Day is celebrated in May every year and is being done since 2013 as a group of Cybersecurity Professionals declared the first Thursday of May every year as the day to celebrate as the security day of our online lives. But Microsoft Authenticator app doesn’t offer such troubles. percent of accounts from being compromised.

Passwords

Passwords Authentication Accountability Password Management

CISA urges to fix actively exploited Firefox zero-days by March 21

Security Affairs

MARCH 8, 2022

CVE ID Vulnerability Name Due Date CVE-2022-26486 Mozilla Firefox Use-After-Free Vulnerability 03/21/22 CVE-2022-26485 Mozilla Firefox Use-After-Free Vulnerability 03/21/22 CVE-2021-21973 VMware vCenter Server, Cloud Foundation Server Side Request Forgery (SSRF) 03/21/22 CVE-2020-8218 Pulse Connect Secure Code Injection Vulnerability 09/07/22 CVE-2019-11581 (..)

Authentication

Authentication Hacking Cybersecurity Risk

Microsoft recommends Exchange admins to disable the SMBv1 protocol

Security Affairs

FEBRUARY 13, 2020

. “To make sure that your Exchange organization is better protected against the latest threats (for example Emotet, TrickBot or WannaCry to name a few) we recommend disabling SMBv1 if it’s enabled on your Exchange (2013/2016/2019) server.” It also provides an authenticated inter-process communication mechanism.

Authentication

Authentication Malware Advertising Hacking

Experian, You Have Some Explaining to Do

Krebs on Security

JULY 10, 2022

“I was able to answer the credit report questions successfully, which authenticated me to their system,” Turner said. That’s because Experian does not offer any type of multi-factor authentication options on consumer accounts. But now he’s wondering what else he could do to prevent another account compromise.

Accountability

Accountability Passwords Authentication Password Management

Microsoft: Chinese Cyberspies Used 4 Exchange Server Flaws to Plunder Emails

Krebs on Security

MARCH 2, 2021

The patches released today fix security problems in Microsoft Exchange Server 2013 , 2016 and 2019. The software giant typically releases security updates on the second Tuesday of each month, but it occasionally deviates from that schedule when addressing active attacks that target newly identified and serious vulnerabilities in its products.

Internet

Internet Internet Software Education

New Russia Malware targets firewall appliances

CyberSecurity Insiders

FEBRUARY 23, 2022

Keeping devices updated with the latest software, using multi-factor authentication, segregating management interfaces of network devices from the internet and changing passwords once or twice in a month is being advised by NCSC to safeguard their IT assets from being attacked by Cyclops Blink malware. Now some statistic facts about malware.

Firewall

Firewall Malware IoT Software

Microsoft Patch Tuesday, April 2021 Edition

Krebs on Security

APRIL 13, 2021

Microsoft released updates to fix four more flaws in Exchange Server versions 2013-2019 ( CVE-2021-28480 , CVE-2021-28481 , CVE-2021-28482 , CVE-2021-28483 ). Interestingly, all four were reported by the U.S. National Security Agency , although Microsoft says it also found two of the bugs internally.

Authentication

Authentication Backups Malware Engineering

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Krebs on Security

JANUARY 8, 2024

From January 2005 to April 2013, there were two primary administrators of the cybercrime forum Spamdot (a.k.a In December 2023, KrebsOnSecurity published new details about the identity of “Rescator,” a Russian cybercriminal who is thought to be closely connected to the 2013 data breach at Target.

Cybercrime

Cybercrime Banking Computers and Electronics DDOS

Twitter Fined $150 Million for Misuse of 2FA User Data

SecureWorld News

MAY 26, 2022

Starting in 2013, Twitter began asking users to provide a phone number or email address to improve their account security. This information would be used to help reset passwords or unlock accounts, as well as enabling two-factor authentication (2FA). Twitter sells 2FA information to advertisers.

Advertising

Advertising Media Accountability Account Security

Microsoft confirms Exchange zero-day flaws actively exploited in the wild

Security Affairs

OCTOBER 1, 2022

The IT giant has promptly started the investigation into the two zero-day vulnerabilities that impacts Microsoft Exchange Server 2013, 2016, and 2019. Successful exploitation of the CVE-2022-41040 can allow an authenticated attacker to remotely trigger CVE-2022-41082. . ” reads the advisory published by Microsoft.

Authentication

Authentication Hacking Cybersecurity Risk

Microsoft: Two New 0-Day Flaws in Exchange Server

Krebs on Security

OCTOBER 1, 2022

In customer guidance released Thursday, Microsoft said it is investigating two reported zero-day flaws affecting Microsoft Exchange Server 2013, 2016, and 2019.

Hacking

Hacking Passwords Internet Internet

Over 61% of Exchange servers vulnerable to CVE-2020-0688 attacks

Security Affairs

SEPTEMBER 30, 2020

Knowledge of a the validation key allows an authenticated user with a mailbox to pass arbitrary objects to be deserialized by the web application, which runs as SYSTEM.” A remote, authenticated attacker could exploit the CVE-2020-0688 vulnerability to execute arbitrary code with SYSTEM privileges on a server and take full control.

Advertising

Advertising Authentication Hacking Accountability

Ukraine Nabs Suspect in 773M Password ?Megabreach?

Krebs on Security

MAY 19, 2020

“In fact, large aggregations of stolen credentials have been around since 2013-2014. Finally, if you haven’t done so lately, mosey on over to twofactorauth.org and see if you are taking full advantage of the strongest available multi-factor authentication option at sites you trust with your data.

Passwords

Passwords Accountability Hacking Password Management

GUEST ESSAY: ‘World password day’ reminds us to embrace password security best practices

The Last Watchdog

MAY 26, 2021

Did you know that this unconventional celebration got its start in 2013, and that it’s now an official holiday on the annual calendar? Use multi-factor authentication. Multi-factor authentication (MFA) is the process of protecting your digital password with a physical form of identification.

Passwords

Passwords Password Management Accountability Authentication

Brilliant Advice From Abraham Lincoln About Internet News Reports

Joseph Steinberg

JUNE 30, 2022

Encrypted communications and site authentication cues can help shield against such attacks, but the vast majority of Internet activity presently leverages neither defense. Since then, I have seen many Internet memes circulate that appear to convey a similar message. Furthermore, the issues of accuracy of data are as pertinent as ever.

Internet

Internet Internet Artificial Intelligence Marketing

Most organizations have yet to fix CVE-2020-0688 Microsoft Exchange flaw

Security Affairs

MARCH 16, 2020

Knowledge of a the validation key allows an authenticated user with a mailbox to pass arbitrary objects to be deserialized by the web application, which runs as SYSTEM.” A remote, authenticated attacker could exploit the CVE-2020-0688 vulnerability to execute arbitrary code with SYSTEM privileges on a server and take full control.

Advertising

Advertising Authentication Internet Internet

Microsoft issues critical Exchange Server patches to thwart wave of targeted attacks

SC Magazine

MARCH 2, 2021

Vulnerable versions of Exchange Server include Microsoft Exchange Servers 2013, 2016 and 2019. The four vulnerabilities include CVE-2021-26855, a server-side request forgery vulnerability that allowed Hafnium to manipulate authentication. Microsoft suggests patching these immediately.

Media

Media Authentication Education Hacking

Microsoft Patch Tuesday, November 2021 Edition

Krebs on Security

NOVEMBER 9, 2021

Unlike the four zero-days involved in the mass compromise of Exchange Server systems earlier this year, CVE-2021-42321 requires the attacker to be already authenticated to the target’s system. As Exchange zero-days go, CVE-2021-42321 appears somewhat mild by comparison.

Backups

Backups Authentication Passwords Internet

Data belonging 44 Million Pakistani mobile users leaked online

Security Affairs

MAY 6, 2020

It seems that the huge trove of data was the result of a data breach that took place in 2017, the oldest entries are dated back as 2013. The dump was discovered by a Dubai-based cybersecurity firm Rewterz ( @rewterz ) that confirmed its authenticity and the Pakistan Telecommunication Authority (PTA) is investigating the matter.

Mobile

Mobile Telecommunications Data breaches Advertising

Microsoft Exchange zero-day and exploit could allow anyone to be an admin

Security Affairs

JANUARY 25, 2019

“Recently I came across a blog from the ZDI, in which they detail a way to let Exchange authenticate to attackers using NTLM over HTTP. Mollema demonstrated that it’s possible to transfer automatic Windows authentication by connecting a machine on the network to a machine under the control of the attacker.

Authentication

Authentication Advertising Passwords Hacking

Play ransomware attacks use a new exploit to bypass ProxyNotShell mitigations on Exchange servers

Security Affairs

DECEMBER 21, 2022

they impact Exchange Server 2013, 2016, and 2019, an authenticated attacker can trigger them to elevate privileges to run PowerShell in the context of the system and gain arbitrary or remote code execution on vulnerable servers. CVE-2022-41082 – Microsoft Exchange Server Remote Code Execution Vulnerability.

Ransomware

Ransomware Authentication Hacking Cybercrime

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Security Affairs

JULY 15, 2021

SonicWall also provides recommendations to customers that can’t update their installs, the vendor suggests disconnecting devices immediately and reset their access passwords, and enable account multi-factor authentication, if supported. The affected end-of-life devices with 8.x x firmware are past temporary mitigations. 34 or 9.0.0.10

Firmware

Firmware Ransomware Passwords Mobile

FBI Arrests Alleged Owner of Deer.io, a Top Broker of Stolen Accounts

Krebs on Security

MARCH 10, 2020

was responsible for $17 million worth of stolen credential sales since its inception in 2013. Firsov is slated to be arraigned later this week, when he will face two felony counts, specifically aiding and abetting the unauthorized solicitation of access devices, and aiding and abetting trafficking in “false authentication features.”

Accountability

Accountability Advertising Hacking Cybercrime

‘Snatch’ Ransom Group Exposes Visitor IP Addresses

Krebs on Security

SEPTEMBER 27, 2023

DomainTools says there are more than 1,300 current and former domain names registered to Mihail Kolesnikov between 2013 and July 2023. Either way, it’s clearly a pseudonym, but there are some other commonalities among these domains that may provide insight into how Snatch and other ransomware groups are sourcing their victims.

Ransomware

Ransomware Internet Internet Phishing

Data of more than 2M Toyota customers exposed in ten years-long data breach

Security Affairs

MAY 13, 2023

A data breach disclosed by Toyota Motor Corporation exposed info of more than 2 million customers for ten years Toyota Motor Corporation disclosed a data breach that exposed the car-location information of 2,150,000 customers between November 6, 2013, and April 17, 2023.

Data breaches

Data breaches Authentication Internet Internet

PgMiner botnet exploits disputed CVE to hack unsecured PostgreSQL DBs

Security Affairs

DECEMBER 13, 2020

The PGminer botnet targets Postgress that have default user “ postgres ”, and performs a brute-force attack iterating over a built-in list of popular passwords such as “ 112233 “ and “ 1q2w3e4r “ to bypass authentication. It is interesting to note that threat actors have started to weaponize disputed CVEs, not only confirmed ones.

Hacking

Hacking Cryptocurrency Authentication Passwords

ZoomEye IoT search engine cached login passwords for tens of thousands of Dahua DVRs

Security Affairs

JULY 16, 2018

Anubhav explained that the passwords are related to Dahua DVRs running very old firmware that is known to be affected by a five-year-old vulnerability tracked as CVE-2013-6117. The CVE-2013-6117 was discovered by the security expert Jake Reynolds and affects Dahua DVR 2.608.0000.0

IoT

IoT Engineering Passwords Firmware

World Password Day: Brushing up on the basics

Malwarebytes

MAY 5, 2022

in 2013 suffering 3 billion accounts becoming exposed to attackers, or LinkedIn discovering 117 million passwords up for sale in 2016, this can have a major impact on the users. Two-factor authentication (an additional level of security most commonly tied to your mobile device) is still not as widely adopted as it should be.

Passwords

Passwords Password Management Authentication Accountability

How to achieve financial inclusion with Open Banking

CyberSecurity Insiders

JUNE 28, 2021

In Europe, for example, Spain’s BBVA opened its APIs in 2013 with the goal to allows companies and businesses to better manage their operations. To try and reassure citizens on this point, EU regulators are insisting that strong two-factor authentication be enabled for all PSD2-related transactions.

Banking

Banking Financial Services Authentication Technology

The Origins and History of the Dark Web

Identity IQ

FEBRUARY 8, 2024

From 2011 to 2013, the Silk Road hosted 1.2 2013: The End of the Silk Road Authorities were able to trace the pseudonym back to Ulbricht thanks to the efforts of an IRS investigator who was working with the DEA on the Silk Road case in mid-2013. The FBI shut down the Silk Road in October 2013. billion in value.

Identity Theft

Identity Theft Cryptocurrency Government Engineering

Microsoft updated MSERT to detect web shells used in attacks against Microsoft Exchange installs

Security Affairs

MARCH 8, 2021

The first zero-day, tracked as CVE-2021-26855 , is a server-side request forgery (SSRF) vulnerability in Exchange that could be exploited by an attacker to authenticate as the Exchange server by sending arbitrary HTTP requests. The last flaw, tracked as CVE-2021-27065 , is a post-authentication arbitrary file write vulnerability in Exchange.

Authentication

Authentication Malware Accountability Hacking

5 pro-freedom technologies that could change the Internet

Malwarebytes

JULY 4, 2022

Passwordless authentication. Passwordless authentication could usher in a world where we no longer rely on passwords, and that could be an enormous, unabashed win for security and peace of mind. FIDO2 is a specification that uses public key encryption for authentication. It’s ascendancy seems assured.

Internet

Internet Internet Technology DNS

Hanging Up on Mobile in the Name of Security

Krebs on Security

AUGUST 16, 2018

The claims come in a lawsuit filed this week in Los Angeles on behalf of Michael Terpin , who co-founded the first angel investor group for bitcoin enthusiasts in 2013. ” AN ‘IDENTITY CRISIS’? In some cases, thieves executing SIM swaps have already phished or otherwise stolen a target’s bank or email password.

Mobile

Mobile Cryptocurrency Accountability Authentication

The ticking time bomb of Microsoft Exchange Server 2013

CISA Urges Exchange Online Authentication Update

Webinars

Trending Sources

SHARED INTEL: Coming very soon — ‘passwordless authentication’ as a de facto security practice

Webinars

Coverage Advisory for CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability

Auth0’s Matias Woloski on prioritizing the developer experience

Lab Walkthrough?—?Moodle SpellChecker Path Authenticated RCE [CVE-2021–21809]

Vulnerabilities that (mostly) aren’t: LUCKY13

Microsoft Exchange ProxyNotShell vulnerability explained and how to mitigate it

PoC exploit code for ProxyNotShell Microsoft Exchange bugs released online

Microsoft Patch Tuesday, February 2022 Edition

Microsoft Patch Tuesday, March 2023 Edition

Microsoft says to ditch passwords all together on World Password Day

CISA urges to fix actively exploited Firefox zero-days by March 21

Microsoft recommends Exchange admins to disable the SMBv1 protocol

Experian, You Have Some Explaining to Do

Microsoft: Chinese Cyberspies Used 4 Exchange Server Flaws to Plunder Emails

New Russia Malware targets firewall appliances

Microsoft Patch Tuesday, April 2021 Edition

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Twitter Fined $150 Million for Misuse of 2FA User Data

Microsoft confirms Exchange zero-day flaws actively exploited in the wild

Microsoft: Two New 0-Day Flaws in Exchange Server

Over 61% of Exchange servers vulnerable to CVE-2020-0688 attacks

Ukraine Nabs Suspect in 773M Password ?Megabreach?

GUEST ESSAY: ‘World password day’ reminds us to embrace password security best practices

Brilliant Advice From Abraham Lincoln About Internet News Reports

Most organizations have yet to fix CVE-2020-0688 Microsoft Exchange flaw

Microsoft issues critical Exchange Server patches to thwart wave of targeted attacks

Microsoft Patch Tuesday, November 2021 Edition

Data belonging 44 Million Pakistani mobile users leaked online

Microsoft Exchange zero-day and exploit could allow anyone to be an admin

Play ransomware attacks use a new exploit to bypass ProxyNotShell mitigations on Exchange servers

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

FBI Arrests Alleged Owner of Deer.io, a Top Broker of Stolen Accounts

‘Snatch’ Ransom Group Exposes Visitor IP Addresses

Data of more than 2M Toyota customers exposed in ten years-long data breach

PgMiner botnet exploits disputed CVE to hack unsecured PostgreSQL DBs

ZoomEye IoT search engine cached login passwords for tens of thousands of Dahua DVRs

World Password Day: Brushing up on the basics

How to achieve financial inclusion with Open Banking

The Origins and History of the Dark Web

Microsoft updated MSERT to detect web shells used in attacks against Microsoft Exchange installs

5 pro-freedom technologies that could change the Internet

Hanging Up on Mobile in the Name of Security

Stay Connected