Security Affairs

FEBRUARY 27, 2021

A critical authentication bypass vulnerability could be exploited by remote attackers to Rockwell Automation programmable logic controllers (PLCs). “An attacker who is able to extract the secret key would be able to authenticate to any Rockwell Logix controller.” SecurityAffairs – hacking, PLC). Pierluigi Paganini.

Authentication 122

Authentication Software Engineering Manufacturing 122

Security Boulevard

MARCH 8, 2021

Interesting paper: “ Shadow Attacks: Hiding and Replacing Content in Signed PDFs “: Abstract: Digitally signed PDFs are used in contracts and invoices to guarantee the authenticity and integrity of their content. In 2019, Mladenov et al. In 2019, Mladenov et al.

Hacking 97

Hacking Authentication 97

Security Affairs

APRIL 2, 2019

The privilege escalation vulnerability ( CVE-2019-0211 ) affecting the Apache HTTP server could be exploited by users with the right to write and run scripts to gain root on Unix systems. — Mark J Cox (@iamamoose) April 2, 2019. The second one, tracked as CVE-2019-0215 , affects Apache 2.4.37 releases 2.4.17 and 2.4.38.

Advertising 104

Advertising Authentication Hacking Risk 104

SC Magazine

JULY 1, 2021

warns that Fancy Bear, a hacking group tied to Russia’s Main Intelligence Directorate (GRU), has been conducting a stealthy two-year espionage campaign that targets global enterprise and cloud environments with brute-force attacks. Adding multi-factor authentication will go a long way in remediating the threat.”.

Passwords 81

Passwords Authentication Media Hacking 81

Security Affairs

DECEMBER 13, 2020

In 2018, CVE-2019-9193 was linked to this feature, naming it as a “vulnerability.” The PGminer botnet targets Postgress that have default user “ postgres ”, and performs a brute-force attack iterating over a built-in list of popular passwords such as “ 112233 “ and “ 1q2w3e4r “ to bypass authentication. Pierluigi Paganini.

Hacking 133

Hacking Cryptocurrency Authentication Passwords 133

Security Affairs

APRIL 14, 2020

Quidd , an online marketplace for trading stickers, cards, toys, and other collectibles, discloses a data breach in has suffered in 2019. Quidd , the online marketplace for trading stickers, cards, toys, and other collectibles, discloses a data breach in has suffered in 2019, it is also recommending users to change their passwords.

Accountability 139

Accountability Hacking Data breaches Passwords 139

Security Affairs

APRIL 10, 2019

Microsoft has released its April 2019 Patch Tuesday updates that address over 70 vulnerabilities, including two Windows zero-day flaws. Microsoft has released the April 2019 Patch Tuesday updates that address 74 vulnerabilities, including two Windows zero-days under active attack. Pierluigi Paganini.

Advertising 87

Advertising Authentication Accountability Hacking 87

Security Affairs

MARCH 27, 2024

The Star Labs team demonstrated the vulnerability at the Pwn2Own Vancouver 2023 hacking competition. “In a network-based attack, an authenticated attacker as a Site Owner could execute code remotely on the SharePoint Server.” ” reads the advisory published by Microsoft.

Hacking 115

Hacking Authentication Cybersecurity Risk 115

Security Affairs

MAY 23, 2019

Several security experts have developed PoC exploits for wormable Windows RDS flaw tracked as CVE-2019-0708 and dubbed BlueKeep. Experts have developed several proof-of-concept (PoC) exploits for the recently patched Windows Remote Desktop Services (RDS) vulnerability tracked as CVE-2019-0708 and dubbed BlueKeep. Patch now or GFY!

Advertising 88

Advertising Malware Authentication Risk 88

Security Affairs

MARCH 15, 2019

Experts from Qihoo 360 disclosed technical details of the actively exploited Windows zero-day flaw CVE-2019-0808 recently patched by Microsoft. Researchers at the security firm Qihoo 360 disclosed technical details of the zero-day vulnerability CVE-2019-0808 that was recently patched by Microsoft. Pierluigi Paganini.

Advertising 89

Advertising Authentication Hacking 89

Security Affairs

JUNE 4, 2019

A security expert disclosed technical details of a new unpatched vulnerability (CVE-2019-9510) that affects Microsoft Windows Remote Desktop Protocol (RDP). The flaw, tracked as CVE-2019-9510, could be exploited by client-side attackers to bypass the lock screen on remote desktop (RD) sessions. Log out when done or away!

Authentication 86

Authentication Advertising Engineering Software 86

Security Affairs

DECEMBER 5, 2019

Experts from Qualys Research Labs discovered four high-severity security flaws in OpenBSD, one of which is a type authentication bypass issue. Researchers from Qualys Research Labs discovered four high-severity security vulnerabilities in OpenBSD, a type authentication bypass issue and three privilege escalation bugs.

Authentication 57

Authentication Advertising Hacking Malware 57

Security Affairs

AUGUST 8, 2020

Chinese researchers discovered tens of vulnerabilities in a Mercedes-Benz E-Class, including issues that can be exploited to remotely hack it. The research began in 2018 and in August 2019, the experts reported their findings to Daimler, which owns the Mercedes-Benz. SecurityAffairs – hacking, Mercedes). Pierluigi Paganini.

Hacking 145

Hacking Advertising Mobile Engineering 145

Security Affairs

OCTOBER 8, 2019

Microsoft October 2019 Patch Tuesday addressed a total of 59 vulnerabilities. Microsoft addressed two critical remote code execution flaws , tracked as CVE-2019-1238 and CVE-2019-1239, in the VBScript engine, both tie the way VBScript handles objects in memory. ” reads the security advisory for the CVE 2019-1166.

Engineering 57

Engineering Advertising Authentication Internet 57

Security Affairs

DECEMBER 21, 2018

2018 was the year of the Internet of Things (IoT), massive attacks and various botnets hit smart devices, These are 5 IoT Security Predictions for 2019. 2019 will continue these trends but at a faster pace. Upcoming government standardization efforts will continue to increase substantially in 2019.

IoT 89

IoT Manufacturing Internet Internet 89

Security Affairs

SEPTEMBER 2, 2022

Researchers discovered that the infrastructure used in Cisco hack was the same used to target a Workforce Management Solution firm. Researchers from cybersecurity firm eSentire discovered that the attack infrastructure used in recent Cisco hack was also used to attack a top Workforce Management corporation in in April 2022.

Hacking 98

Hacking VPN Ransomware Authentication 98

Security Affairs

SEPTEMBER 1, 2019

Cisco released security updates for Cisco IOS XE operating system to address a critical vulnerability that could be exploited by a remote attacker to bypass authentication. “An exploit could be used to bypass authentication on Cisco routers configured with the REST API support for Cisco IOS XE Software.” Pierluigi Paganini.

Authentication 85

Authentication Software Advertising Information Security 85

Security Affairs

JUNE 23, 2020

CLOP ransomware operators have allegedly hacked IndiaBulls Group , an Indian conglomerate headquartered in Gurgaon, India. CLOP ransomware operators have allegedly hacked the Indian conglomerate IndiaBulls Group , its primary businesses are housing finance, consumer finance, and wealth management. . Pierluigi Paganini.

Hacking 102

Hacking Ransomware Banking Mobile 102

Security Affairs

APRIL 20, 2021

According to coordinated reports published by FireEye and Pulse Secure , two hacking groups have exploited a new zero-day vulnerability in Pulse Secure VPN equipment to break into the networks of US defense contractors and government organizations worldwide. SecurityAffairs – hacking, China). ” continues the report.

VPN 114

VPN Hacking Authentication Government 114

Security Affairs

AUGUST 14, 2019

Microsoft Patches Over 90 Vulnerabilities With August 2019 Updates. Microsoft Patch Tuesday security updates for August 2019 address more than 90 flaws, including two new ‘ wormable ‘ issues in Windows Remote Desktop Services. The vulnerabilities are tracked as CVE-2019-1181, CVE-2019-1182, CVE-2019-1222 and CVE-2019-1226.

Authentication 84

Authentication Advertising Internet Internet 84

Security Affairs

JUNE 20, 2019

Microsoft has addressed an important vulnerability (CVE-2019-1105) in Outlook for Android, potentially affected over 100 million users. Microsoft has addressed an important flaw tracked as CVE-2019-1105 that affects versions of Outlook for Android app before 3.0.88. SecurityAffairs – Outlook for Android, hacking).

Advertising 78

Advertising Authentication Hacking Software 78

Security Affairs

NOVEMBER 15, 2021

Microsoft has released out-of-band security updates to address authentication issues affecting Windows Server. Microsoft has released out-of-band updates to fix authentication failures related to Kerberos delegation scenarios impacting Domain Controllers (DC) running Windows Server. SecurityAffairs – hacking, Operation Cyclone).

Authentication 118

Authentication Hacking Information Security 118

Security Affairs

APRIL 16, 2019

A recently fixed local privilege escalation flaw in windows (CVE-2019-0803) had been exploited by bad actors to deliver PowerShell Backdoor. The flaw could allow an authenticated attacker to execute arbitrary code in kernel mode. The CVE-2019-0859 was the fifth Windows zero-day discovered by Kaspersky experts in a few months.

Advertising 88

Advertising Authentication Technology Hacking 88

Security Affairs

OCTOBER 10, 2019

SAP addressed two critical vulnerabilities (Hot News) as part of the October 2019 Security Patch Day. SAP has released its October 2019 Security Patch Day updates that also address two critical vulnerabilities (Hot News) with CVSS scores of 9.3 ” reads the analysis published by security firm Onapsis. the flaw affects version 3.0

B2B 58

B2B Authentication Advertising Hacking 58

Security Affairs

JANUARY 25, 2020

Chinese hackers have exploited a zero-day vulnerability the Trend Micro OfficeScan antivirus in the recently disclosed hack of Mitsubishi Electric. The intrusion took place on June 28, 2019, and the company launched an investigation in September 2019. ” reads the security advisory published by Trend Micro in October 2019.

Antivirus 128

Antivirus Hacking Advertising Media 128

Security Affairs

MAY 4, 2021

National Security Agency (NSA) warned that Russia-linked APT group tracked Sandworm Team were exploiting a critical vulnerability ( CVE-2019-10149 ) in the Exim mail transfer agent (MTA) software since at least August 2019. In September 2019 , Exim maintainers released an urgent security update, Exim version 4.92.3,

Hacking 112

Hacking Software Engineering Encryption 112

Security Affairs

JUNE 12, 2019

Microsoft releases Patch Tuesday security updates for June 2019 that address 88 vulnerabilities in Windows OS and other products. The flaws were disclosed by the researcher SandboxEscaper over the past weeks, below the list of the issue: CVE-2019-0973 CVE-2019-1053 CVE-2019-1064 CVE-2019-1069. Pierluigi Paganini.

Advertising 64

Advertising Authentication Encryption Internet 64

Troy Hunt

JANUARY 8, 2019

I just went and looked at the pastes HIBP has collected since the clock ticked over to 2019 and found 20 of them already: Digging further, I found over a thousand pastes with "Spotify" in the title. And why would someone "hack" (I use the term loosely because they literally logged in with the correct username and password) Spotify accounts?

Hacking 224

Hacking Passwords Accountability Data breaches 224

The Last Watchdog

AUGUST 29, 2023

The threat of bad actors hacking into airplane systems mid-flight has become a major concern for airlines and operators worldwide. Back in 2015, a security researcher decided to make that very point when he claimed to have hacked a plane , accessed the thrust system, and made it fly higher than intended.

Software 264

Software Risk Artificial Intelligence Engineering 264

Security Affairs

DECEMBER 5, 2019

Researchers discovered a vulnerability tracked as CVE-2019-14899 that can be exploited to hijack active TCP connections in a VPN tunnel. The CVE-2019-14899 vulnerability affects many Linux distros and Unix operating systems (i.e. SecurityAffairs – CVE-2019-14899 , hacking). Pierluigi Paganini.

VPN 71

VPN Encryption Advertising Authentication 71

Krebs on Security

JUNE 27, 2023

Joseph James “PlugwalkJoe” O’Connor , a 24-year-old from the United Kingdom who earned his 15 minutes of fame by participating in the July 2020 hack of Twitter , has been sentenced to five years in a U.S. Not long after the Twitter hack, O’Connor was quoted in The New York Times denying any involvement. “I

Cryptocurrency 231

Cryptocurrency Accountability Mobile Hacking 231

Security Affairs

AUGUST 3, 2019

Dragonblood researchers found two new weaknesses in WPA3 protocol that could be exploited to hack WPA3 protected WiFi passwords. A group of researchers known as Dragonblood (Mathy Vanhoef and Eyal Ronen ) devised new methods to hack WPA3 protected WiFi passwords by exploiting two new vulnerabilities dubbed Dragonblood flaws.

Passwords 94

Passwords Hacking Wireless Authentication 94

Security Affairs

APRIL 5, 2020

OGUsers, one of the most popular hacking forums, was hacked again, it is the second security breach it has suffered in a year. The popular hacking forum OGUsers was hacked again, it is the second security breach it has suffered in a year, the news was first reported by ZDNet. SecurityAffairs – OGUsers forum, hacking).

Hacking 104

Hacking Data breaches Advertising Backups 104

Security Affairs

MAY 12, 2019

“We develop our own iris recognition algorithm so that no one can hack your USB drive even [if] they have your iris pattern. The first tests he made attempted to bypass the biometric authentication using a photo, but it did work. ” Londge pointed out that when the use r authenticates to the USB stick.

Hacking 97

Hacking Passwords Authentication Advertising 97

Security Affairs

NOVEMBER 27, 2019

Another South Korean cryptocurrency exchange was hacked, this time the victim is Upbit that lost $48.5 “At 1:06 PM on November 27, 2019, 342,000 ETH (approximately 58 billion won) were transferred from the Upbeat Ethereum Hot Wallet to an unknown wallet. SecurityAffairs – Upbit exchange, hacking). Pierluigi Paganini.

Cryptocurrency 98

Cryptocurrency Hacking Scams Data breaches 98

Security Affairs

JANUARY 9, 2019

Microsoft has released the January 2019 Patch Tuesday updates that address 51 vulnerabilities in Windows OSs and other products. A close look at the list of issues addressed with the Microsoft January 2019 Patch Tuesday reveals that 7 flaws are rated critical, none was exploited in attacks in the wild.

Engineering 76

Engineering Advertising Internet Internet 76

McAfee

DECEMBER 23, 2019

According to the World Economic Forum’s (WEF) 2019 Executive Opinion Survey , it’s cyberattacks. When reflecting on 2019, it’s clear why that is. Below, I’ll recap notable incidents from 2019, expand upon their commonalities, and explore a few lessons to learn as we enter a new year. What keeps executives up at night?

Healthcare 54

Healthcare Insurance Artificial Intelligence Authentication 54