Security Affairs

AUGUST 7, 2021

Threat actors are actively exploiting a critical authentication bypass issue (CVE-2021-20090 ) affecting home routers with Arcadyan firmware. Threat actors actively exploit a critical authentication bypass vulnerability, tracked as CVE-2021-20090 , impacting home routers with Arcadyan firmware to deploy a Mirai bot.

IoT 144

IoT Firmware Authentication Wireless 144

Security Affairs

APRIL 1, 2021

VMware has addressed a critical authentication bypass vulnerability in the VMware Carbon Black Cloud Workload appliance. VMware has addressed a critical vulnerability, tracked as CVE-2021-21982 , in the VMware Carbon Black Cloud Workload appliance that could be exploited by attackers to bypass authentication. Pierluigi Paganini.

Authentication 105

Authentication Malware Hacking Technology 105

Security Affairs

JANUARY 19, 2024

China-linked group UNC3886 has been exploiting vCenter Server zero-day vulnerability CVE-2023-34048 since at least late 2021. Mandiant researchers reported that China-linked APT group UNC3886 has been exploiting vCenter Server zero-day vulnerability CVE-2023-34048 since at least late 2021. ” concludes the report.

Firewall 119

Firewall Accountability Malware Authentication 119

Security Affairs

APRIL 24, 2022

Atlassian fixed a critical flaw in its Jira software, tracked as CVE-2022-0540 , that could be exploited to bypass authentication. Atlassian has addressed a critical vulnerability in its Jira Seraph software, tracked as CVE-2022-0540 (CVSS score 9.9), that can be exploited by an unauthenticated attacker to bypass authentication.

Authentication 87

Authentication Software Hacking Risk 87

Security Affairs

JULY 12, 2022

Microsoft observed a large-scale phishing campaign that used adversary-in-the-middle (AiTM) phishing sites to steal passwords, hijack a user’s sign-in session, and bypass the authentication process even when the victim has enabled the MFA. and certificate-based authentication. appeared first on Security Affairs.

Phishing 135

Phishing Authentication Social Engineering Passwords 135

Security Affairs

JUNE 12, 2021

An authentication bypass flaw in the polkit auth system service used on most Linux distros can allow to get a root shell. An authentication bypass vulnerability in the polkit auth system service, tracked as CVE-2021-3560 , which is used on most Linux distros can allow an unprivileged attacker to get a root shell.

Authentication 138

Authentication Cyber Attacks Hacking Information Security 138

Security Affairs

NOVEMBER 23, 2021

The researcher Janggggg has published on Sunday a proof-of-concept exploit code for an actively exploited vulnerability, tracked as CVE-2021-42321 , in Microsoft Exchange servers. The CVE-2021-42321 is a high-severity remote code execution issue that occurs due to improper validation of cmdlet arguments. Pierluigi Paganini.

Authentication 122

Authentication Hacking Information Security 122

Security Affairs

JANUARY 17, 2022

Zoho addressed a new critical severity flaw (CVE-2021-44757) that affects its Desktop Central and Desktop Central MSP unified endpoint management (UEM) solutions. Zoho fixed a new critical severity flaw, tracked as CVE-2021-44757, that affects its Desktop Central and Desktop Central MSP unified endpoint management (UEM) solutions.

Authentication 107

Authentication Hacking Software Information Security 107

Security Affairs

FEBRUARY 4, 2022

billion Azure AD brute force authentication attacks and detected 35.7 billion phishing emails with Microsoft Defender for Office 365 in 2021. Enabling multi-factor authentication (MFA) and passwordless authentication would allow customers to protect their accounts from brute force attacks. ” states Microsoft.

Phishing 97

Phishing Authentication Cyber threats Education 97

Security Affairs

DECEMBER 20, 2021

The Federal Bureau of Investigation (FBI) revealed that the critical CVE-2021-44515 zero-day vulnerability in Zoho’s ManageEngine Desktop Central has been under active exploitation by nation-state actors since at least October. ” reads the flash alert published by the FBI. ” reads the flash alert published by the FBI.

Authentication 109

Authentication Engineering Hacking Software 109

Security Affairs

SEPTEMBER 3, 2021

USCYBERCOM is urging organizations to patch a critical CVE-2021-26084 flaw in Atlassian Confluence Server and Data Center, ahead of the Labor Day weekend. . US Cyber Command (USCYBERCOM) has issued an alert to warn US organizations to address Atlassian Confluence CVE-2021-26084 vulnerability immediately, ahead of the Labor Day weekend.

Authentication 106

Authentication Cryptocurrency Hacking Government 106

Security Affairs

SEPTEMBER 30, 2021

Threat actors are actively exploiting the recently disclosed CVE-2021-26084 RCE vulnerability in Atlassian Confluence deployments. At the end of August, Atlassian released security patches to address the critical CVE-2021-26084 flaw that affects the Confluence enterprise collaboration product. link] — U.S.

Cryptocurrency 101

Cryptocurrency Authentication Malware Marketing 101

Google Security

JUNE 3, 2022

Posted by Harshvardhan Sharma, Information Security Engineer, Google 2021 was another record-breaking year for our Vulnerability Rewards Program (VRP). 2021 saw some amazing work from the security research community. We paid a total of $8.7 million in rewards, our highest amount yet.

Engineering 132

Engineering Authentication Internet Internet 132

SC Magazine

APRIL 27, 2021

FireEye CEO Kevin Mandia testifies during a Senate Intelligence Committee hearing on Capitol Hill on February 23, 2021 in Washington, DC. AD FS servers provide an authentication service to allow unified log-ins for cloud and on-computer services – a Microsoft answer to products like Okta. Photo by Drew Angerer/Getty Images).

Authentication 105

Authentication Accountability Media Government 105

Security Affairs

JULY 6, 2021

Positive Technologies researcher Nikita Abramov has provided details about the CVE-2021-20026 command injection vulnerability that affects SonicWall’s Network Security Manager (NSM) product. The flaw could be exploited by an authenticated attacker to perform OS command injection using a crafted HTTP request. R6 and 2.2.1-R6

Authentication 113

Authentication Network Security VPN Firewall 113

Security Affairs

FEBRUARY 21, 2024

VMware urges customers to uninstall the deprecated Enhanced Authentication Plugin (EAP) after the disclosure of a critical flaw CVE-2024-22245. VMware is urging users to uninstall the deprecated Enhanced Authentication Plugin (EAP) after the discovery of an arbitrary authentication relay flaw CVE-2024-22245 (CVSS score: 9.6).

Authentication 125

Authentication Ransomware Software Information Security 125

Security Affairs

SEPTEMBER 17, 2021

Chipmaker AMD has addressed a vulnerability in PSP driver, tracked as CVE-2021-26333 , that could allow an attacker to obtain sensitive information from the targeted system. ” reads the advisory published by the security firm. SecurityAffairs – hacking, CVE-2021-26333). Pierluigi Paganini.

Architecture 120

Architecture Authentication Hacking Information Security 120

Security Affairs

MAY 5, 2021

Researchers found a critical vulnerability in HPE Edgeline Infrastructure Manager that could be exploited by a remote attacker to bypass authentication. “A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. . Pierluigi Paganini.

Authentication 100

Authentication Passwords Accountability System Administration 100

Security Affairs

JULY 28, 2022

ENISA published a report that includes anonymised and aggregated information about major telecom security incidents in 2021. ENISA published a report that provides anonymized and aggregated information about major telecom security incidents in 2021. SecurityAffairs – hacking, telecom security incidents).

Authentication 97

Authentication Hacking Accountability Information Security 97

Security Affairs

DECEMBER 13, 2022

Twitter confirmed that the recent leak of members’ profile information resulted from the 2021 data breach disclosed in August 2022. Twitter confirmed that the recent data leak of millions of profiles resulted from the 2021 data breach that the company disclosed in August 2022. ” the source told 9to5Mac.

Data breaches 100

Data breaches Accountability Media Hacking 100

Security Affairs

SEPTEMBER 2, 2021

Threat actors were spotted exploiting the CVE-2021-26084 vulnerability in Atlassian’s Confluence enterprise collaboration product a few days after it was patched by the vendor. Last week, Atlassian released security patches to address the critical CVE-2021-26084 flaw that affects the Confluence enterprise collaboration product.

Authentication 100

Authentication Internet Internet Hacking 100

Security Affairs

FEBRUARY 10, 2022

The FBI reported that US citizens have lost more than $68 million to SIM swapping attacks in 2021, the number of complaints since 2018 and associated losses have increased almost fivefold. In 2021, IC3 received 1,611 SIM swapping complaints with adjusted losses of more than $68 million.”

Mobile 97

Mobile Cryptocurrency Authentication Accountability 97

Security Affairs

NOVEMBER 9, 2021

Microsoft Patch Tuesday security updates for November 2021 address 55 vulnerabilities in multiple products and warn of two actively exploited issues. “We are aware of limited targeted attacks in the wild using one of vulnerabilities ( CVE-2021-42321 ), which is a post-authentication vulnerability in Exchange 2016 and 2019.

Authentication 95

Authentication Hacking Information Security 95

Security Affairs

OCTOBER 26, 2021

“Unknown cyber criminals using Ranzy Locker ransomware had compromised more than 30 US businesses as of July 2021. The victims include the construction subsector of the critical manufacturing sector, the academia subsector of the government facilities sector, the information technology sector, and the transportation sector.”

Ransomware 135

Ransomware Firmware Antivirus Accountability 135

Security Affairs

FEBRUARY 3, 2021

Recently Qualys researchers found a Sudo vulnerability, tracked as CVE-2021-3156 , that has allowed any local user to gain root privileges on Unix-like operating systems without authentication. News of the day is that the CVE-2021-3156 flaw also impacts the latest version of Apple macOS Big Sur, and Apple has yet to address it.

Authentication 131

Authentication Hacking Accountability Cybersecurity 131

Security Affairs

APRIL 7, 2021

The Pwn2Own 2021 hacking competition has begun and white hat hackers participants earned more than $500000 on the first day. The Pwn2Own 2021 has begun, this year the formula for the popular hacking competition sees the distribution of the participants amongst various locations. The overall payout pool for Pwn2Own 2021 exceeds $1.5

Authentication 64

Authentication Hacking Information Security Malware 64

Security Affairs

APRIL 9, 2021

The Pwn2Own 2021 hacking competition was concluded, participants earned more than $1.2 The Pwn2Own 2021 hacking competition reached the end, participants earned more than $1.2 Trend Micro’s Zero Day Initiative (ZDI), which is the organizer of the Pwn2Own 2021, confirmed that participants earned a total of $1,210,000 of the $1.5

Hacking 70

Hacking Authentication Ransomware Information Security 70

CyberSecurity Insiders

MAY 22, 2021

NEW YORK–( BUSINESS WIRE )– Veridium , a leading developer of frictionless, passwordless authentication solutions, is proud to announce that it’s won the 2021 Global InfoSec Award in the category of Next-Gen in Passwordless Authentication. “We For more information, please visit www.veridiumid.com.

InfoSec 52

InfoSec B2C B2B Authentication 52

CyberSecurity Insiders

OCTOBER 1, 2021

SALT LAKE CITY–( BUSINESS WIRE )– Venafi , the inventor and leading provider of machine identity management, today announced that the company’s Trust Protection Platform won the “Identity Management Platform of the Year” award in the 2021 CyberSecurity Breakthrough Awards. For more information, visit: www.venafi.com.

Cybersecurity 52

Cybersecurity Digital transformation IoT Marketing 52

Security Affairs

MARCH 30, 2024

The seller, who goes online with the moniker MajorNelson, claims that the data was obtained from an unnamed AT&T division by @ ShinyHunters in 2021. It should be noted before anyone hits us with an “aktschually” – the data was stolen in 2021. The archive contains 73.481.539 records. “It It was leaked online today.”

Data breaches 139

Data breaches Telecommunications Cybercrime Hacking 139

Security Affairs

JANUARY 13, 2021

Microsoft Patch Tuesday security updates for January 2021 address 83 vulnerabilities, including a critical flaw actively exploited in the wild. The IT giant has addressed a zero-day RCE flaw in Microsoft Defender, tracked as CVE-2021-1647 , that resides in the Malware Protection Engine component (mpengine.dll).

Engineering 69

Engineering Malware Authentication Hacking 69

Security Affairs

OCTOBER 20, 2023

US CISA added the vulnerability CVE-2021-1435 in Cisco IOS XE to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability CVE-2021-1435 in Cisco IOS XE. ” reads the report published by Cisco Talos.

Authentication 124

Authentication Hacking Accountability Software 124

Security Affairs

OCTOBER 7, 2021

A proof of concept exploit for two authentication bypass vulnerabilities in Dahua cameras is available online, users are recommended to immediately apply updates. “The identity authentication bypass vulnerability found in some Dahua products during the login process.

Authentication 134

Authentication Firmware Hacking Engineering 134

Veracode Security

FEBRUARY 17, 2022

In other words, an attacker can change a database query to: Read sensitive data Modify the database Execute other database functions Break authentication Lead to remote code execution Now with almost all web applications having integrations with databases in some way, this flaw has the potential to arise often.

Authentication 136

Authentication Information Security 136

Krebs on Security

APRIL 27, 2023

Customers can access a Salesforce Community website in two ways: Authenticated access (requiring login), and guest user access (no login required). This misconfigured Salesforce Community site from the state of Vermont was leaking pandemic assistance loan application data, including names, SSNs, email address and bank account information.

Banking 285

Banking Government Information Security Authentication 285

Security Affairs

APRIL 4, 2023

Below is the list of flaws exploited by the ransomware gang’s affiliate: CVE-2021-27876 : The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. CVE-2021-27877 : An issue was discovered in Veritas Backup Exec before 21.2.

Backups 96

Backups Ransomware Authentication Penetration Testing 96

Security Affairs

JULY 9, 2022

Four of the fixed issues have been rated as a “high” severity, they are CVE-2022-26117, CVE-2021-43072, CVE-2022-30302, and CVE-2021-41031.

Authentication 140

Authentication Passwords Hacking Accountability 140