Security Affairs

SEPTEMBER 23, 2020

Samba team has released a security patch to address the Zerologon (CVE-2020-1472) issue in the Microsoft Windows Netlogon Remote Protocol (MS-NRPC). The CVE-2020-1472 flaw is an elevation of privilege that resides in the Netlogon. SecurityAffairs – hacking, ZeroLogon). Pierluigi Paganini.

Authentication 144

Authentication Advertising Architecture Passwords 144

Security Affairs

MARCH 9, 2020

Multiple state-sponsored hacking groups are attempting to exploit a vulnerability recently addressed in Microsoft Exchange email servers. Cybersecurity firm Volexity is warning that nation-state actors are attempting to exploit a vulnerability recently addressed in Microsoft Exchange email servers tracked as CVE-2020-0688.

Authentication 134

Authentication Advertising Hacking Malware 134

Security Affairs

DECEMBER 4, 2020

Hundreds of millions of Android users are potentially exposed to the risk of hack due to the use of Android Play Core Library versions vulnerable to CVE-2020-8913. The CVE-2020-8913 flaw is a local, arbitrary code execution vulnerability that resides exists in the SplitCompat.install endpoint in Android’s Play Core Library.

Hacking 109

Hacking Risk Mobile Banking 109

Security Affairs

NOVEMBER 24, 2020

Microsoft released an out-of-band update for Windows to address authentication flaws related to a recently patched Kerberos vulnerability. Microsoft released an out-of-band update to address authentication issues in Windows related to a recently patched Kerberos vulnerability tracked as CVE-2020-17049. “An Pierluigi Paganini.

Authentication 127

Authentication Hacking Information Security Malware 127

The Last Watchdog

JANUARY 25, 2021

Thanks to a couple of milestone hacks disclosed at the close of 2020 and start of 2021, they will forever be associated with putting supply-chain vulnerabilities on the map. Similarly, the SolarWinds and Mimecast hacks are precursors of increasingly clever and deeply-damaging hacks of the global supply chain sure to come.

Hacking 228

Hacking B2B Authentication Software 228

The Last Watchdog

APRIL 7, 2021

Passwordless authentication as a default parameter can’t arrive too soon. That’s the upshot of a new report, The State of Passwordless Security 2021 , put out by HYPR , a New York City-based supplier of advanced authentication systems. One recent hack highlights the scope and depth of these exposures.

Authentication 147

Authentication Digital transformation Passwords Password Management 147

Security Affairs

JUNE 25, 2021

Fortinet has recently addressed a high-severity vulnerability ( CVE-2021-22123 ) affecting its FortiWeb web application firewall (WAF), a remote, authenticated attacker can exploit it to execute arbitrary commands via the SAML server configuration page. SecurityAffairs – hacking, ransomware). The flaw received a CVSSv3 score of 7.4

Hacking 113

Hacking Firewall Authentication Technology 113

Krebs on Security

JUNE 27, 2023

Joseph James “PlugwalkJoe” O’Connor , a 24-year-old from the United Kingdom who earned his 15 minutes of fame by participating in the July 2020 hack of Twitter , has been sentenced to five years in a U.S. 02, 2020, pitching O’Connor as a cryptocurrency expert and advisor. They can come arrest me.

Cryptocurrency 223

Cryptocurrency Accountability Mobile Hacking 223

CyberSecurity Insiders

APRIL 19, 2022

And as per the published material, financial data of nearly 42 million Britons was hacked last year. Thus, financial institutions are being requested to bolster their IT infrastructure before it’s too late, as hacks on such companies have raised to a stunning 1,800 percent in between 2020-2021.

Hacking 123

Hacking Banking Authentication Government 123

Security Affairs

JULY 8, 2021

CVE Identifier CWE Identifier CVSS score (Severity) Remediation CVE-2020-7388 CWE-290 : Unauthenticated Command Execution Bypass by Spoofing in AdxAdmin 10.0 Critical) Update available CVE-2020-7387 CWE-200 : Exposure of Sensitive Information to an Unauthorized Actor in AdxAdmin 5.3 SecurityAffairs – hacking, SAGE).

Hacking 108

Hacking Authentication VPN Software 108

Security Affairs

OCTOBER 16, 2020

The Tripwire VERT security team spotted almost 800,000 SonicWall VPN appliances exposed online that are vulnerable to the CVE-2020-5135 RCE flaw. Security experts from the Tripwire VERT security team have discovered 795,357 SonicWall VPN appliances that were exposed online that are vulnerable to the CVE-2020-5135 RCE flaw.

VPN 124

VPN Firewall Advertising Internet 124

Security Affairs

SEPTEMBER 30, 2020

More than 247,000 Microsoft Exchange servers are still vulnerable to attacks exploiting the CVE-2020-0688 RCE issue impacting Exchange Server. The CVE-2020-0688 vulnerability resides in the Exchange Control Panel (ECP) component, the root cause of the problem is that Exchange servers fail to properly create unique keys at install time.

Advertising 103

Advertising Authentication Hacking Accountability 103

Security Affairs

MARCH 7, 2023

LastPass revealed that the home computer of one of its DevOp engineers was hacked as part of a sophisticated cyberattack. The attackers hacked the employee’s home computer by exploiting a deserialization of untrusted data in Plex Media Server on Windows.

Software 98

Software Hacking Data breaches Media 98

Security Affairs

MAY 20, 2020

VMware has addressed a high-severity remote code execution vulnerability, tracked as CVE-2020-3956, that affects its Cloud Director product. VMware has patched a high-severity remote code execution vulnerability, tracked as CVE-2020-3956, in its Cloud Director product. SecurityAffairs – CVE-2020-3956, hacking).

Authentication 92

Authentication Advertising Hacking Risk 92

CyberSecurity Insiders

FEBRUARY 16, 2021

SolarWinds hack seems to be a never-ending saga, as Microsoft President Brad Smith has made a new revelation yesterday stating over 1000 hackers could have been involved in the attack that questioned the security of the entire federal computer system by experts.

Hacking 138

Hacking Engineering Scams Cyber Attacks 138

Security Affairs

NOVEMBER 2, 2020

Oracle issued an out-of-band security update to address a critical remote code execution issue (CVE-2020-14750) impacting multiple Oracle WebLogic Server versions. The advisory states that this vulnerability is related to the CVE-2020-14882 flaw that was addressed in the October 2020 Critical Patch Update. . 12.2.1.4.0,

Advertising 102

Advertising Authentication Passwords Hacking 102

Security Affairs

OCTOBER 4, 2020

HP released a security advisory that includes details for three critical and high severity vulnerabilities, tracked as CVE-2020-6925, CVE-2020-6926, and CVE-2020-6927, that impact the HP Device Manager. Base Score CVE-2020-6925 Weak Cipher All versions of HP Device Manager 7.0

Hacking 132

Hacking Accountability Passwords InfoSec 132

Security Affairs

MAY 12, 2021

.” Summarizing, the design flaws discovered by the expert are: CVE-2020-24588 : aggregation attack (accepting non-SPP A-MSDU frames). CVE-2020-24587 : mixed key attack (reassembling fragments encrypted under different keys). CVE-2020-26140 : Accepting plaintext data frames in a protected network. Pierluigi Paganini.

Hacking 128

Hacking Encryption Authentication Internet 128

Krebs on Security

FEBRUARY 4, 2021

Facebook told KrebsOnSecurity it seized hundreds of accounts — mainly on Instagram — that have been stolen from legitimate users through a variety of intimidation and harassment tactics, including hacking, coercion, extortion, sextortion , SIM swapping , and swatting. THE MIDDLEMEN. WHAT YOU CAN DO.

Accountability 302

Accountability Hacking Media Mobile 302

Adam Levin

SEPTEMBER 1, 2020

voters have appeared on Russian hacking forums. Cybersecurity researchers have determined the records are authentic and current as of March 2020. Databases containing the personal information of millions of U.S. The post Personal Information of Millions of US Voters Available on Dark Web appeared first on Adam Levin.

Hacking 281

Hacking Cyber Attacks Authentication Government 281

Security Affairs

JULY 8, 2020

Early June, researchers at F5 Networks have addressed a critical remote code execution (RCE) vulnerability, tracked as CVE-2020-5902, that resides in undisclosed pages of Traffic Management User Interface (TMUI) of the BIG-IP product. The CVE-2020-5902 vulnerability received a CVSS score of 10, this means that is quite easy to exploit.

Advertising 120

Advertising InfoSec Government Healthcare 120

Security Affairs

MAY 4, 2021

This is not the first time that experts disclose vulnerabilities in EXIM software, in May 2020 the U.S. Experts announced they will not publish that exploits for now.

Hacking 112

Hacking Software Engineering Encryption 112

Security Affairs

MAY 4, 2020

Hackers are conducting a mass-scanning the Internet for vulnerable Salt installs that could allow them to hack the organizations, the last victim is the Ghost blogging platform. The two flaws, tracked as CVE-2020-11651 and CVE-2020-11652, are a directory traversal issue and an authentication bypass vulnerability respectively.

Internet 113

Internet Internet Hacking Advertising 113

Security Affairs

APRIL 20, 2021

According to coordinated reports published by FireEye and Pulse Secure , two hacking groups have exploited a new zero-day vulnerability in Pulse Secure VPN equipment to break into the networks of US defense contractors and government organizations worldwide. SecurityAffairs – hacking, China). ” continues the report.

VPN 115

VPN Hacking Authentication Government 115

Security Affairs

MAY 4, 2020

Around 8PM PST on May 2nd, 2020 an attacker used a CVE in our saltstack master to gain access to our infrastructure. — LineageOS (@LineageAndroid) May 3, 2020. The two flaws, tracked as CVE-2020-11651 and CVE-2020-11652, are a directory traversal issue and an authentication bypass vulnerability respectively.

Hacking 94

Hacking Advertising Authentication Mobile 94

Security Affairs

APRIL 14, 2020

The details of around four million users are now being shared for free on underground hacking forums, according to ZDNet that has obtained samples from different sources, exposed records include usernames, email addresses, and hashed account passwords (bcrypt hashing algorithm). . ” reads the post published Risk Based Security.

Accountability 139

Accountability Hacking Data breaches Passwords 139

Security Affairs

JULY 25, 2020

CISA is warning of the active exploitation of the unauthenticated remote code execution CVE-2020-5902 vulnerability affecting F5 Big-IP ADC devices. “This Alert also provides additional detection measures and mitigations for victim organizations to help recover from attacks resulting from CVE-2020-5902.

Advertising 107

Advertising Government Healthcare Education 107

Security Affairs

SEPTEMBER 21, 2020

Over 500,000 Activision accounts may have been hacked in a new data breach that the gaming firm suffered on September 20. “All Call of Duty players should be on notice after a major Activision hack has left millions of accounts in limbo.” Activision @ATVIAssist [link] — Okami (@Okami13_) September 21, 2020.

Hacking 108

Hacking Data breaches Accountability Passwords 108

Security Affairs

FEBRUARY 16, 2024

Cisco addressed the flaw in May 2020. For more information about Exchange Server’s support for Extended Protection for Authentication(EPA), please see Configure Windows Extended Protection in Exchange Server.” ” reads the advisory published by Microsoft.

Authentication 112

Authentication Hacking Cybersecurity Risk 112

Security Affairs

MAY 3, 2020

The hacker claims to have hacked the company in March 2020, it has stolen just a small part of the company database. – Database contains emails, password hashes, names pic.twitter.com/CZTYImj6jA — Under the Breach (@underthebreach) May 2, 2020. ZDNet confirmed the authenticity of the leaked data.

Accountability 114

Accountability Hacking Passwords Data breaches 114

Security Affairs

DECEMBER 7, 2020

The US National Security Agency has published a security alert warning that Russian state-sponsored hackers are exploiting the recently patched CVE-2020-4006 VMware flaw to steal sensitive information from their targets. SecurityAffairs – hacking, NSA). . SecurityAffairs – hacking, NSA). reads the CISA’s advisory. .

System Administration 103

System Administration Authentication Hacking Cybersecurity 103

Troy Hunt

OCTOBER 2, 2020

I asked for technical detail so I could validated the authenticity of his claim and the info duly arrived. — Troy Hunt (@troyhunt) October 1, 2020 I'm conscious that sending a tweet like that elicits all the sorts of responses that inevitably followed it and implies that something cyber is amiss with Grindr.

Accountability 363

Accountability Hacking Passwords InfoSec 363

Security Affairs

MARCH 16, 2020

Organizations are delaying in patching Microsoft Exchange Server flaw (CVE-2020-0688) that Microsoft fixed with February 2020 Patch Day updates. Organizations are delaying in patching Microsoft Exchange Server flaw ( CVE-2020-0688 ) that Microsoft fixed with February 2020 Patch Day updates. Pierluigi Paganini.

Advertising 96

Advertising Authentication Internet Internet 96

Security Affairs

JULY 2, 2020

Apache Guacamole allows users within an organization to remotely access their desktops simply using a web browser post an authentication process. In particular, all versions of Guacamole that were released before January 2020 are using vulnerable versions of FreeRDP.” SecurityAffairs – hacking, Apache Guacamole). .”

Hacking 126

Hacking Risk System Administration Authentication 126

Security Affairs

DECEMBER 8, 2020

Security researchers at Digital Defense discovered three vulnerabilities in D-Link VPN routers, including command injection flaws, and an authenticated crontab injection flaw. The third flaw is an Authenticated Crontab Injection that could allow an authenticated user to inject arbitrary CRON entries that will then be executed as root.

VPN 119

VPN Hacking Firmware Authentication 119

The Security Ledger

FEBRUARY 24, 2020

Small and medium-sized businesses find themselves in the cross hairs of sophisticated hacking groups. The post As Cyber Attacks Mount, Small Businesses seek Authentication. » Related Stories Opinion: AI and Machine Learning will power both Cyber Offense and Defense in 2020 Passwordless? . » But what do SMBs want?

Small Business 52

Small Business Authentication Cyber Attacks Cyber Risk 52

Security Affairs

JANUARY 22, 2021

Realmode Labs reported the flaws to Amazon on October 17 and the company released security updates to address them on December 10, 2020. The experts discovered that Amazon did not verify the authenticity of the email sender, this means that attackers can spoof an email address that is present in the list of approved addresses.

Hacking 136

Hacking Authentication Firmware Phishing 136