2014, Authentication and Information Security

Retail giant Home Depot agrees to a $17.5 million settlement over 2014 data breach

Security Affairs

NOVEMBER 25, 2020

million settlement in a multi-state investigation of the data breach that the company suffered in 2014. million settlement over the 2014 data breach. In 2014, Home Depot revealed that the data breach impacted 56 million customers across the US and Canada. Retail giant Home Depot has agreed to a $17.5 ” . .

Retail

Retail Data breaches Penetration Testing Password Management

5 Ways artificial intelligence Is Being Used to Keep Sensitive Information Secure

Security Affairs

FEBRUARY 19, 2020

Meanwhile, any hacker viewing the information will see random bits of text with no apparent meaning. Password Protection & Authentication. Apple’s iPhone X, for instance, uses a feature called Face ID, which scans your facial features with infrared sensors and turns that information into a password. Pierluigi Paganini.

Artificial Intelligence

Artificial Intelligence Information Security Passwords Encryption

Expert earns $100,000 for ‘Sign in with Apple’ authentication bypass bug

Security Affairs

JUNE 1, 2020

The expert Bhavuk Jain received an award of $100,000 for reporting a severe security issue in ‘Sign in with Apple’ authentication bypass bug that could allow the takeover of third-party user accounts. . The accounts are protected with two-factor authentication, and Apple does not track users’ activity in their app or website.

Authentication

Authentication Accountability Advertising Passwords

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

OpenBSD addresses authentication bypass, privilege escalation issues

Security Affairs

DECEMBER 5, 2019

Experts from Qualys Research Labs discovered four high-severity security flaws in OpenBSD, one of which is a type authentication bypass issue. Researchers from Qualys Research Labs discovered four high-severity security vulnerabilities in OpenBSD, a type authentication bypass issue and three privilege escalation bugs.

Authentication

Authentication Advertising Hacking Malware

WordPress Plugin Facebook Widget affected by authenticated XSS

Security Affairs

JULY 29, 2019

Security experts at Plugin Vulnerabilities have discovered an authenticated Persistent Cross-Site Scripting (XSS) flaw in Facebook Widget. Researchers at Plugin Vulnerabilities have discovered an authenticated Persistent Cross-Site Scripting (XSS) flaw in the Facebook Widget (Widget for Facebook Page Feeds). Pierluigi Paganini.

Authentication

Authentication Advertising Information Security Hacking

CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

MAY 17, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added the following D-Link router vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2014-100005 Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev.

Firmware

Firmware Authentication Passwords Hacking

Twitter allows users to use 2FA without a phone number

Security Affairs

NOVEMBER 24, 2019

Twitter announced that its users can protect their accounts with 2-Factor Authentication (2FA) even if they don’t have a phone number. Twitter is going to allow its users to protect their accounts with 2-Factor Authentication (2FA) even if they don’t have a phone number. Pierluigi Paganini.

Authentication

Authentication Mobile Advertising Accountability

Microsoft failed to fix LSASS elevation of privilege flaw

Security Affairs

AUGUST 13, 2020

Google Project Zero researcher who discovered the elevation of privilege flaw ( CVE-2020-1509 ) in the Windows Local Security Authority Subsystem Service (LSASS) warn that Microsoft did not properly address it. “If the target is a proxy then the authentication process is allowed, even if the Enterprise Auth Cap is not specified.

Authentication

Authentication Advertising Hacking Information Security

Hackers are using Zerologon exploits in attacks in the wild

Security Affairs

SEPTEMBER 24, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Security Intelligence

Security Intelligence Authentication Advertising Passwords

Cisco fixes critical and high-severity flaws in Data Center Network Manager

Security Affairs

JULY 31, 2020

One of the most security issues is a critical authentication bypass vulnerability, tracked as CVE-2020-3382. The vulnerability can allow a remote, unauthenticated attacker to bypass authentication and perform actions with admin privileges on the vulnerable device. ” reads the security advisory.

Authentication

Authentication Advertising Software Encryption

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Security Affairs

OCTOBER 10, 2020

TA505 hacking group has been active since 2014 focusing on Retail and banking sectors. The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. Pierluigi Paganini.

Cybercrime

Cybercrime Security Intelligence Authentication Banking

230k+ Indonesian COVID-19 patients’ records for sale in the Darkweb

Security Affairs

JUNE 21, 2020

Cyble has analyzed the data and confirmed its authenticity, it also indexed the record in its data breach monitoring and notification service AmiBreached.com. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Data breaches

Data breaches Mobile Advertising Authentication

TeamViewer flaw can allow hackers to steal System password

Security Affairs

AUGUST 11, 2020

The expert discovered that the issue could allow an attacker to force the software to relay an NTLM authentication request to the attacker’s system. This means that the SMB authentication process will leak the system’s username, and NTLMv2 hashed version of the password to the attackers. “An Pierluigi Paganini.

Passwords

Passwords Authentication Advertising Software

UberEats data leaked on the dark web

Security Affairs

AUGUST 4, 2020

UberEats is an American online food ordering and delivery platform launched by Uber in 2014. “During our research process, the Cyble Research Team got hold of some informative details related to this leak.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Banking

Banking Data breaches Mobile Advertising

Samba addresses the CVE-2020-1472 Zerologon Vulnerability

Security Affairs

SEPTEMBER 23, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. “An Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Vendors supporting Samba 4.7

Authentication

Authentication Advertising Architecture Passwords

Threat actors are actively exploiting Zerologon flaw, Microsoft warns

Security Affairs

OCTOBER 30, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Authentication

Authentication Advertising Architecture Cybercrime

Trend Micro addresses two issues exploited by hackers in the wild

Security Affairs

MARCH 18, 2020

It could be exploited by a remote, authenticated attacker to execute arbitrary code on vulnerable installs. An attempted attack requires user authentication.” The vulnerability could be exploited by an authenticated attacker to “manipulate certain agent client components.”. An attempted attack requires user authentication.”

Authentication

Authentication Advertising Antivirus Cybercrime

Microsoft recommends Exchange admins to disable the SMBv1 protocol

Security Affairs

FEBRUARY 13, 2020

It also provides an authenticated inter-process communication mechanism. Since 2016, Microsoft is urging admins to stop using SMBv1, later versions of the protocol implemented security enhancements, such as encryption, pre- authentication integrity checks to prevent man-in-the-middle (MiTM) attacks, and insecure guest authentication blocking.

Authentication

Authentication Malware Advertising Hacking

Cisco fixes 5 critical flaws that could allow router firewall takeover

Security Affairs

JULY 16, 2020

Cisco addresses a critical remote code execution (RCE), authentication bypass, and static default credential flaws that could lead to full router takeover. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Firewall

Firewall Small Business Wireless Authentication

Cisco fixes critical issue in Cisco Firepower Management Center

Security Affairs

JANUARY 24, 2020

Cisco addressed a critical issue in the Cisco Firepower Management Center (FMC) that could allow a remote attacker to bypass authentication and execute arbitrary actions. ” reads the security advisory published by Cisco. The External Authentication Object must be enabled for the FMC to be affected.” Iran, hacking).

Authentication

Authentication Advertising Software Hacking

Zero-day in Cisco AnyConnect Secure Mobility Client yet to be fixed

Security Affairs

NOVEMBER 4, 2020

The CVE-2020-3556 flaw resided in the interprocess communication (IPC) channel of Cisco AnyConnect Client, it can be exploited by authenticated and local attackers to execute malicious scripts via a targeted user. “The vulnerability is due to a lack of authentication to the IPC listener. . Pierluigi Paganini.

Mobile

Mobile Authentication Advertising Software

Twitter Fined $150 Million for Misuse of 2FA User Data

SecureWorld News

MAY 26, 2022

Starting in 2013, Twitter began asking users to provide a phone number or email address to improve their account security. This information would be used to help reset passwords or unlock accounts, as well as enabling two-factor authentication (2FA).

Advertising

Advertising Media Accountability Account Security

Palo Alto Networks addresses tens of serious issues in PAN-OS

Security Affairs

MAY 15, 2020

One of the most severe vulnerabilities, tracked as CVE-2020-2018 , is an authentication bypass vulnerability in the Panorama context switching feature. This vulnerability does not impact Panorama configured with custom certificates authentication for communication between Panorama and managed devices. The issue received a CVSSv3.1

Firewall

Firewall Authentication Advertising VPN

VMware addresses serious flaws in vRealize Operations for Horizon Adapter

Security Affairs

FEBRUARY 21, 2020

VMware has addressed serious vulnerabilities in vRealize Operations for Horizon Adapter, including remote code execution and authentication bypass flaws. “vRealize Operations for Horizon Adapter has an improper trust store configuration leading to authentication bypass. ” continues the advisory. x on Windows.

Authentication

Authentication Telecommunications Advertising Hacking

Netgear fixes a critical RCE that could allow to takeover Flagship Nighthawk routers

Security Affairs

MARCH 8, 2020

The vulnerability is a post-authentication command injection issue and impacts Nighthawk (R7800) routers running firmware prior to version 1.0.2.60. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Firmware

Firmware Wireless Advertising Authentication

New Cisco Webex Meetings flaw allows attackers to impersonate users

Security Affairs

JUNE 19, 2020

A flaw in Cisco Webex Meetings client for Windows could allow local authenticated attackers to gain access to sensitive information. A vulnerability in Cisco Webex Meetings client for Windows, tracked as CVE-2020-3347 , could be exploited by local authenticated attackers to gain access to sensitive information.

Authentication

Authentication Advertising Accountability Hacking

Experts demonstrate the PIN is useless in EMV contactless transactions

Security Affairs

AUGUST 29, 2020

Authentication to the terminal: All transactions accepted by the terminal are authenticated by the card and, if authorized online, the bank. Authentication to the bank: All the transactions accepted by the bank are authenticated by the card and the terminal. Pierluigi Paganini. SecurityAffairs – hacking, EMV).

Banking

Banking Computers and Electronics Authentication Mobile

Palo Alto Networks fixes a critical flaw in firewall PAN-OS

Security Affairs

JUNE 29, 2020

Palo Alto Networks addressed a critical flaw in the PAN-OS of its next-generation firewalls that could allow attackers to bypass authentication. OS ) that powers its next-generation firewalls that could allow unauthenticated network-based attackers to bypass authentication. x base score of 10. . x base score of 10. Pierluigi Paganini.

Firewall

Firewall Authentication VPN Advertising

MAGMI Magento plugin flaw allows remote code execution on a vulnerable site

Security Affairs

SEPTEMBER 2, 2020

An attacker can exploit the vulnerability to execute arbitrary code on servers running a website using the Magmi Magento plugin, he could trigger the flaw by tricking authenticated administrators into clicking a malicious link. “ CVE-2020-5777 is an authentication bypass vulnerability in MAGMI for Magento version 0.7.23

Authentication

Authentication Advertising Passwords Hacking

Cisco addresses 17 high-severity flaws in security appliances

Security Affairs

OCTOBER 22, 2020

The list of addressed vulnerabilities includes denial-of-service (DoS), CSRF, FMC authentication bypass, and MitM issues. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini. SecurityAffairs – hacking).

Advertising

Advertising Software Authentication Hacking

Home Depot Data Breach Settlement: 5 Things It Must Do Now

SecureWorld News

DECEMBER 1, 2020

The Home Depot recently reached a multi-state agreement which settles an investigation into a 2014 data breach. The data breach compromised payment card information of roughly 40 million customers. In 2014, hackers accessed the company's network and installed malware to the self-checkout point-of-sale system. million to 46 U.S.

Data breaches

Data breaches Penetration Testing Password Management Information Security

Expert discloses 4 zero-days in IBM Data Risk Manager

Security Affairs

APRIL 21, 2020

A security researcher disclosed details of four zero-day flaws impacting an IBM security product after the IT giant refused to address them. The IBM Data Risk Manager manages credentials to access other security tools used in the enterprise and information about security vulnerabilities that affect the organizations.

Risk

Risk Authentication InfoSec Advertising

VMware fixes CVE-2020-3956 Remote Code Execution issue in Cloud Director

Security Affairs

MAY 20, 2020

The vulnerability is a code injection issue that could be exploited by an authenticated attacker to send malicious traffic to Cloud Director, which could allow executing arbitrary code. ” reads the security advisory published by VMware. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Authentication

Authentication Advertising Hacking Risk

Cisco addresses multiple issues in its SD-WAN product

Security Affairs

MARCH 18, 2020

Three high-severity vulnerabilities, tracked as CVE-2020-3265, CVE-2020-3266, CVE-2020-3264, could be exploited by a local, authenticated attacker by sending specially crafted requests or specially crafted input to the targeted system. Both issues could be remotely exploited by an authenticated attacker. Pierluigi Paganini.

Advertising

Advertising Authentication Software Information Security

DHS CISA alert provides recommendations on securing Office 365 installs

Security Affairs

MAY 4, 2020

Please vote Security Affairs for European Cybersecurity Blogger Awards – VOTE FOR YOUR WINNERS [link]. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini. SecurityAffairs – Office 365, CISA).

Authentication

Authentication Advertising Cyber Attacks Cybersecurity

Unsecured AWS bucket exposes over 750,000 birth certificate applications

Security Affairs

DECEMBER 11, 2019

Penetration testing firm Fidus Information Security discovered over 752,000 birth certificate applications that have been exposed online due to an unsecured AWS bucket. . The applications dated back to late-2017, TechCrunch verified the authenticity of the data.

Penetration Testing

Penetration Testing Advertising Authentication Passwords

Records of 45 million+ travelers to Thailand and Malaysia surfaced in the darkweb

Security Affairs

JULY 13, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Mobile

Mobile InfoSec Data breaches Advertising

Hackers are targeting recently patched WebLogic security vulnerability

Security Affairs

MAY 1, 2020

The company is urging its customers to install the latest security updates released on April 14. “This Critical Patch Update contains 9 new security patches for the Oracle Database Server. Authentication is not required to exploit this vulnerability.” ” reads the advisory published by Oracle.

Authentication

Authentication Advertising Hacking Cybersecurity

Zerologon attack lets hackers to completely compromise a Windows domain

Security Affairs

SEPTEMBER 14, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. published a detailed analysis of the flaw.

Authentication

Authentication Passwords Advertising Architecture

129 million records of Russian car owners available on the dark web

Security Affairs

MAY 19, 2020

As a proof of the authenticity of the data, the hacker has leaked some anonymized data containing all the car details present in the traffic police registry. The authenticity of the information was confirmed by an employee of the car-sharing company, Vedomosti reports.” ” reads the website rbc.ru. Pierluigi Paganini.

Advertising

Advertising Authentication Media Hacking

Ransomware attack disabled Georgia County Election database

Security Affairs

OCTOBER 26, 2020

A ransomware attack hit a Georgia county government early this month and disabled a database used to verify voter signatures in the authentication of absentee ballots. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware

Ransomware Advertising Media Government

TheMoon bot infected 40,000 devices in January and February

Security Affairs

MARCH 26, 2024

The activity of the TheMoon botnet was first spotted in 2014, and since 2017 its operators added to the code of the bot at least 6 IoT device exploits. Once the rules have been created, a thread connects to an NTP server from a roster of authentic NTP servers.

IoT

IoT Cybercrime Internet Internet

Expert found multiple critical issues in MoFi routers

Security Affairs

SEPTEMBER 8, 2020

“The authentication function contains undocumented code which provides the ability to authenticate as root without having to know the actual root password. An adversary with the private key can remotely authenticate to the management interface as root.” ” reads the advisory published by the expert.

Firmware

Firmware Wireless Authentication Advertising

RDP brute-force attacks rocketed since beginning of COVID-19

Security Affairs

APRIL 30, 2020

Kaspersky recommends organizations to adopt the following security measures: At the very least, use strong passwords. Use Network Level Authentication (NLA). If possible, enable two-factor authentication. Use a reliable security solution. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Passwords

Passwords Advertising VPN Authentication

Retail giant Home Depot agrees to a $17.5 million settlement over 2014 data breach

5 Ways artificial intelligence Is Being Used to Keep Sensitive Information Secure

Webinars

Trending Sources

Expert earns $100,000 for ‘Sign in with Apple’ authentication bypass bug

Webinars

OpenBSD addresses authentication bypass, privilege escalation issues

WordPress Plugin Facebook Widget affected by authenticated XSS

CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog

Twitter allows users to use 2FA without a phone number

Microsoft failed to fix LSASS elevation of privilege flaw

Hackers are using Zerologon exploits in attacks in the wild

Cisco fixes critical and high-severity flaws in Data Center Network Manager

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

230k+ Indonesian COVID-19 patients’ records for sale in the Darkweb

TeamViewer flaw can allow hackers to steal System password

UberEats data leaked on the dark web

Samba addresses the CVE-2020-1472 Zerologon Vulnerability

Threat actors are actively exploiting Zerologon flaw, Microsoft warns

Trend Micro addresses two issues exploited by hackers in the wild

Microsoft recommends Exchange admins to disable the SMBv1 protocol

Cisco fixes 5 critical flaws that could allow router firewall takeover

Cisco fixes critical issue in Cisco Firepower Management Center

Zero-day in Cisco AnyConnect Secure Mobility Client yet to be fixed

Twitter Fined $150 Million for Misuse of 2FA User Data

Palo Alto Networks addresses tens of serious issues in PAN-OS

VMware addresses serious flaws in vRealize Operations for Horizon Adapter

Netgear fixes a critical RCE that could allow to takeover Flagship Nighthawk routers

New Cisco Webex Meetings flaw allows attackers to impersonate users

Experts demonstrate the PIN is useless in EMV contactless transactions

Palo Alto Networks fixes a critical flaw in firewall PAN-OS

MAGMI Magento plugin flaw allows remote code execution on a vulnerable site

Cisco addresses 17 high-severity flaws in security appliances

Home Depot Data Breach Settlement: 5 Things It Must Do Now

Expert discloses 4 zero-days in IBM Data Risk Manager

VMware fixes CVE-2020-3956 Remote Code Execution issue in Cloud Director

Cisco addresses multiple issues in its SD-WAN product

DHS CISA alert provides recommendations on securing Office 365 installs

Unsecured AWS bucket exposes over 750,000 birth certificate applications

Records of 45 million+ travelers to Thailand and Malaysia surfaced in the darkweb

Hackers are targeting recently patched WebLogic security vulnerability

Zerologon attack lets hackers to completely compromise a Windows domain

129 million records of Russian car owners available on the dark web

Ransomware attack disabled Georgia County Election database

TheMoon bot infected 40,000 devices in January and February

Expert found multiple critical issues in MoFi routers

RDP brute-force attacks rocketed since beginning of COVID-19

Stay Connected