2021, Authentication, Information Security and Internet

The Consumer Authentication Strength Maturity Model (CASMM)

Daniel Miessler

MARCH 24, 2021

This post is an attempt to create an easy-to-use security model for the average internet user. Basically, how secure is someone’s current behavior with respect to passwords and authentication, and how can they improve? Mar 24, 2021 — Thanks to Andrew R. How to use this model.

Authentication

Authentication Passwords Internet Internet

Top 10 web application vulnerabilities in 2021–2023

SecureList

MARCH 12, 2024

Profile of participants and applications We collected the data from a sample of the application security assessment projects our team completed in 2021–2023. Broken Authentication 5. Broken Authentication 5. Mitigation: implement authentication and authorization controls according to the role-based access model.

Passwords

Passwords Authentication Architecture Risk

CVE-2021-20090 actively exploited to target millions of IoT devices worldwide

Security Affairs

AUGUST 7, 2021

Threat actors are actively exploiting a critical authentication bypass issue (CVE-2021-20090 ) affecting home routers with Arcadyan firmware. Threat actors actively exploit a critical authentication bypass vulnerability, tracked as CVE-2021-20090 , impacting home routers with Arcadyan firmware to deploy a Mirai bot.

IoT

IoT Firmware Authentication Wireless

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Announcing the winners of the 2021 GCP VRP Prize

Google Security

JUNE 3, 2022

Posted by Harshvardhan Sharma, Information Security Engineer, Google 2021 was another record-breaking year for our Vulnerability Rewards Program (VRP). 2021 saw some amazing work from the security research community. We paid a total of $8.7 million in rewards, our highest amount yet.

Engineering

Engineering Authentication Internet Internet

Attackers are attempting to exploit recently patched Atlassian Confluence CVE-2021-26084 RCE

Security Affairs

SEPTEMBER 2, 2021

Threat actors were spotted exploiting the CVE-2021-26084 vulnerability in Atlassian’s Confluence enterprise collaboration product a few days after it was patched by the vendor. Last week, Atlassian released security patches to address the critical CVE-2021-26084 flaw that affects the Confluence enterprise collaboration product.

Authentication

Authentication Internet Internet Hacking

US citizens lost more than $68M to SIM swap attacks in 2021, FBI warns

Security Affairs

FEBRUARY 10, 2022

The FBI reported that US citizens have lost more than $68 million to SIM swapping attacks in 2021, the number of complaints since 2018 and associated losses have increased almost fivefold. In 2021, IC3 received 1,611 SIM swapping complaints with adjusted losses of more than $68 million.”

Mobile

Mobile Cryptocurrency Authentication Accountability

AT&T confirmed that a data breach impacted 73 million customers

Security Affairs

MARCH 30, 2024

The seller, who goes online with the moniker MajorNelson, claims that the data was obtained from an unnamed AT&T division by @ ShinyHunters in 2021. It should be noted before anyone hits us with an “aktschually” – the data was stolen in 2021. The archive contains 73.481.539 records. “It It was leaked online today.”

Data breaches

Data breaches Telecommunications Cybercrime Hacking

ALPHV/BlackCat ransomware affiliate targets Veritas Backup solution bugs

Security Affairs

APRIL 4, 2023

Below is the list of flaws exploited by the ransomware gang’s affiliate: CVE-2021-27876 : The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. CVE-2021-27877 : An issue was discovered in Veritas Backup Exec before 21.2.

Backups

Backups Ransomware Authentication Penetration Testing

Venafi Wins 2021 CyberSecurity Breakthrough Awards

CyberSecurity Insiders

OCTOBER 1, 2021

SALT LAKE CITY–( BUSINESS WIRE )– Venafi , the inventor and leading provider of machine identity management, today announced that the company’s Trust Protection Platform won the “Identity Management Platform of the Year” award in the 2021 CyberSecurity Breakthrough Awards. For more information, visit: www.venafi.com.

Cybersecurity

Cybersecurity Digital transformation IoT Marketing

AT&T states that the data breach impacted 51 million former and current customers

Security Affairs

APRIL 10, 2024

The seller, who goes online with the moniker MajorNelson, claimed that the data was obtained from an unnamed AT&T division by @ ShinyHunters in 2021. It should be noted before anyone hits us with an “aktschually” – the data was stolen in 2021. The archive contains 73.481.539 records. “It It was leaked online today.”

Data breaches

Data breaches Telecommunications Identity Theft Hacking

CISA, FBI, and NSA published the list of 12 most exploited vulnerabilities of 2022

Security Affairs

AUGUST 3, 2023

” Government experts warn that in 2022, most of the exploited flaws were older software vulnerabilities and that threat actors targeted unpatched, internet-facing systems.

Authentication

Authentication VPN Internet Internet

Chinese cyberspies obtained Microsoft signing key from Windows crash dump due to a mistake

Security Affairs

SEPTEMBER 6, 2023

The attackers forged authentication tokens to access user email using an acquired Microsoft account (MSA) consumer signing key. Microsoft discovered that the MSA key was accidentally leaked into a crash dump after a consumer signing system crashed in April 2021.

Accountability

Accountability Government Authentication Engineering

3.5m IP cameras exposed, with US in the lead

Security Affairs

DECEMBER 14, 2022

The number of internet-facing cameras in the world is growing exponentially. Businesses and homeowners increasingly rely on internet protocol (IP) cameras for surveillance. New research by Cybernews shows an exponential rise in the uptake of internet-facing cameras. Surge in internet-facing cameras.

Surveillance

Surveillance Manufacturing Passwords Internet

PoC exploit for 2 flaws in Dahua cameras leaked online

Security Affairs

OCTOBER 7, 2021

A proof of concept exploit for two authentication bypass vulnerabilities in Dahua cameras is available online, users are recommended to immediately apply updates. “The identity authentication bypass vulnerability found in some Dahua products during the login process.

Authentication

Authentication Firmware Hacking Engineering

7 Top Tips for Accelerating your IoT Projects in 2021

CyberSecurity Insiders

MARCH 25, 2021

This is why it is essential to your device performance to make sure any endpoints include flexible, secure, default-settings and, in particular, optional mechanisms like password complexity, password expiration, and account lock-out, which forces users to modify the default credentials when setting up the device.

IoT

IoT Authentication Passwords Data collection

Fortinet FortiWeb OS Command Injection allows takeover servers remotely

Security Affairs

AUGUST 17, 2021

An authenticated attacker could execute arbitrary commands as the root user on the underlying system via the SAML server configuration page. Experts pointed out that the flaw could be chained with an authentication bypass flaw that could allow an attacker. The vulnerability impacts Fortinet FortiWeb versions 6.3.11

Authentication

Authentication VPN Internet Internet

B. Braun Infusomat pumps could be hacked to alter medication doses

Security Affairs

AUGUST 27, 2021

The five previously unreported vulnerabilities in the medical system are: CVE-2021-33886 – Use of Externally-Controlled Format String (CVSS 7.7) CVE-2021-33885 – Insufficient Verification of Data Authenticity (CVSS 9.7) CVE-2021-33882 – Missing Authentication for Critical Function (CVSS 8.2)

Hacking

Hacking Authentication Internet Internet

Cyber Security Roundup for February 2021

Security Boulevard

FEBRUARY 1, 2021

A roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, January 2021. Cyber Security Careers Advice. I also updated the Cyber Security Careers Advice page on The IT Security Expert website. Stay safe and secure.

Artificial Intelligence

Artificial Intelligence Ransomware Education Cybersecurity

Four zero-days in Microsoft Exchange actively exploited in the wild

Security Affairs

MARCH 2, 2021

Microsoft released emergency out-of-band security updates for all supported Microsoft Exchange versions that fix four zero-day flaws. Patches available now, action required to apply* Full remote code execution, without authentication. link] — Kevin Beaumont (@GossiTheDog) March 2, 2021. ” state Microsoft.

Authentication

Authentication Internet Internet Hacking

Flaws in FortiWeb WAF expose Fortinet devices to remote hack

Security Affairs

JUNE 25, 2021

Fortinet has recently addressed a high-severity vulnerability ( CVE-2021-22123 ) affecting its FortiWeb web application firewall (WAF), a remote, authenticated attacker can exploit it to execute arbitrary commands via the SAML server configuration page. ” reads the advisory published by the vendor.

Hacking

Hacking Firewall Authentication Technology

D-Link issues beta hotfix for multiple flaws in DIR-3040 routers

Security Affairs

JULY 17, 2021

Network equipment vendor D-Link has released a firmware hotfix to fix multiple vulnerabilities in the DIR-3040 AC3000-based wireless internet router. Network equipment vendor D-Link has released a firmware hotfix to address multiple vulnerabilities affecting the DIR-3040 AC3000-based wireless internet router. score of 7,5.

Firmware

Firmware Wireless Passwords Internet

Realtek SDK flaws exploited to deliver Mirai bot variant

Security Affairs

AUGUST 24, 2021

Just yesterday, only two days after the publication, our home security solution, Secure Home , detected attempts to exploit these vulnerabilities to spread a variant of a Mirai malware.” As of August 18th, we have identified attempts to exploit CVE-2021-35395 in the wild.” ” reported IoT Inspector.

IoT

IoT Firmware Internet Internet

Alert! Unpatched critical Atlassian Confluence Zero-Day RCE flaw actively exploited

Security Affairs

JUNE 3, 2022

Waiting for the fixes, Atlassian urges customers to restrict Confluence Server and Data Center instances from the internet or consider disabling Confluence Server and Data Center instances. The attackers targeted two Internet-facing web servers that were running Atlassian Confluence Server software. .”

Internet

Internet Internet Authentication Hacking

Flaws in the BIND software expose DNS servers to attacks

Security Affairs

MAY 1, 2021

The Internet Systems Consortium (ISC) released updates for the BIND DNS software to patch several denial-of-service (DoS) and potential RCE flaws. The most serious vulnerability, tracked as CVE-2021-25216 , is a buffer overflow issue that can lead to a server crash and under specific conditions to remote code execution. S1 -> 9.11.29-S1

DNS

DNS Software Internet Internet

Your Guide to Hacker Summer Camp 2021

ForAllSecure

MAY 25, 2021

Black Hat Briefings USA ( Jul 31, 2021 through Thu, Aug 5, 2021). BsidesLV (July 31 and August 1, 2021). BSidesLV will be entirely virtual in 2021. For example, FuzzCON 2021 will be hybrid, in person and virtual, the Thursday night between Black Hat and DEF CON. Two Factor Authentication is a must.

VPN

VPN Passwords Internet Internet

Your Guide to Hacker Summer Camp 2021

ForAllSecure

MAY 25, 2021

Black Hat Briefings USA ( Jul 31, 2021 through Thu, Aug 5, 2021). BsidesLV (July 31 and August 1, 2021). BSidesLV will be entirely virtual in 2021. For example, FuzzCON 2021 will be hybrid, in person and virtual, the Thursday night between Black Hat and DEF CON. Two Factor Authentication is a must.

VPN

VPN Passwords Internet Internet

Announcing the winners of the 2020 GCP VRP Prize

Google Security

MARCH 17, 2021

Posted by Harshvardhan Sharma, Information Security Engineer, Google We first announced the GCP VRP Prize in 2019 to encourage security researchers to focus on the security of Google Cloud Platform (GCP), in turn helping us make GCP more secure for our users, customers, and the internet at large.

Engineering

Engineering Authentication Accountability Internet

Over 500K MikroTik RouterOS systems potentially exposed to hacking due to critical flaw

Security Affairs

JULY 26, 2023

A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface.” The CVE-2023-30799 flaw can be exploited by a remote and an authenticated attacker to escalate privileges from admin to ‘super-admin’ which allows it to get a root shell on the router.

Hacking

Hacking Passwords Authentication Encryption

A server of the Jenkins project hacked by exploiting a Confluence flaw

Security Affairs

SEPTEMBER 7, 2021

The attackers breached a deprecated Confluence service used by the organization exploiting the Confluence CVE-2021-26084 vulnerability. In response to the incident, the Jenkins team took the affected server offline and launched an investigation into the security incident. Cyber Command (@US_CYBERCOM) September 3, 2021.

Hacking

Hacking Cryptocurrency Authentication Internet

Owowa, a malicious IIS Server module used to steal Microsoft Exchange credentials

Security Affairs

DECEMBER 15, 2021

Threat actors are using a malicious Internet Information Services (IIS) Server module, dubbed Owowa, to steal Microsoft Exchange credentials. Once a user has successfully authenticated on the OWA authentication web page, the Owawa module captures its credential. “Owowa is a C#-developed.NET v4.0

Encryption

Encryption Authentication Passwords Internet

Kaseya fixed two of the three Kaseya Unitrends zero-days found in July

Security Affairs

AUGUST 26, 2021

The experts from the DIVD privately reported two flaws to Kaseya in early July, the issues are respectively an authenticated remote code execution vulnerability and a privilege escalation flaw that could allow an attacker to change his role from read-only user to admin. On 12 August 2021 Kaseya released version 10.5.5-2

Backups

Backups Authentication Financial Services Firewall

Dark Mirai botnet spreads targeting RCE on TP-Link routers

Security Affairs

DECEMBER 9, 2021

Dark Mirai botnet spreads by exploiting a new vulnerability, tracked as CVE-2021-41653, affecting TP-Link TL-WR840N EU V5 home routers. ” reads the description for the CVE-2021-41653 flaw. TP-Link addressed the flaw on November 12, 2021 with the release of the firmware update TL-WR840N(EU)_V5_211109.

Firmware

Firmware Architecture Malware Hacking

Emsisoft releases free SynAck ransomware decryptor

Security Affairs

AUGUST 20, 2021

The master decryption keys work for victims that were infected between July 2017 and early 2021. The keys have been verified as authentic by Michael Gillespie , a malware analyst at security firm Emsisoft and the creator of the ID-Ransomware service.”. “The reads the post published by The Record website. Pierluigi Paganini.

Ransomware

Ransomware Encryption Authentication Internet

Experts found 15 flaws in Netgear JGS516PE switch, including a critical RCE

Security Affairs

MARCH 14, 2021

The CVE-2020-26919 resides in the switch internal management web application in firmware versions prior to 2.6.0.43, it could be exploited by unauthenticated attackers to bypass authentication and execute actions with administrator privileges. NCC Group was informed that there are no future plans to fix the other issues.

Firmware

Firmware Authentication Hacking Software

China-linked threat actors have breached telcos and network service providers

Security Affairs

JUNE 8, 2022

“Upon gaining an initial foothold into a telecommunications organization or network service provider, PRC state-sponsored cyber actors have identified critical users and infrastructure including systems critical to maintaining the security of authentication, authorization, and accounting.

Telecommunications

Telecommunications Authentication Passwords Accountability

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Security Affairs

JULY 3, 2023

Researchers reported that there are 490,000 Fortinet firewalls exposing SSL VPN interfaces on the internet, and roughly 69% of them are still vulnerable to CVE-2023-27997. The researcher describes the issue as a reachable pre-authentication that impacts every SSL VPN appliance. ” states the analysis published by Bishop Fox.

Firewall

Firewall VPN Firmware Internet

DIVD discloses three new unpatched Kaseya Unitrends zero-days

Security Affairs

JULY 27, 2021

Experts found three new zero-day flaws in the Kaseya Unitrends service and warn users to avoid exposing the service to the Internet. Security researchers warn of three new zero-day vulnerabilities in the Kaseya Unitrends service. DIVD discovered the flaws on July 2nd, 2021, and reported them to the software vendor on July 3rd.

Backups

Backups Financial Services Internet Internet

Telehealth: A New Frontier in Medicine—and Security

SecureList

FEBRUARY 1, 2022

Kaspersky’s own research found that as of 2021 91% of global medical providers had implemented telehealth capabilities. Now, more than two years since the start of the pandemic, some of the homebrew telehealth projects have since grown and become more stable and secure. In 2021, the situation did not improve.

Phishing

Phishing Healthcare IoT Authentication

GUEST ESSAY: A primer on content management systems (CMS) — and how to secure them

The Last Watchdog

MAY 19, 2022

Nearly all CMS platforms, whether traditional or headless, offer some level of built-in security to authenticate users who are allowed to view, add, remove, or change content. Best security practices. According to the IBM Data Breach Report 2021 , data breaches in the United States reached $4.24 What can you do about it?

Data breaches

Data breaches Encryption Mobile Technology

China-linked APT used Pulse Secure VPN zero-day to hack US defense contractors

Security Affairs

APRIL 20, 2021

However, based on analysis by Ivanti, we suspect some intrusions were due to the exploitation of previously disclosed Pulse Secure vulnerabilities from 2019 and 2020 while other intrusions were due to the exploitation of CVE-2021-22893.” “A vulnerability was discovered under Pulse Connect Secure (PCS). .

VPN

VPN Hacking Authentication Government

The new maxtrilha trojan is being disseminated and targeting several banks

Security Affairs

SEPTEMBER 12, 2021

After that, the malware creates persistence, disables Internet Explorer security settings to facilitate the download of the 2nd stage from the Internet. The 1st stage creates persistence on the infected machine, disables Internet Explorer security settings and accepted extensions to facilitate the download of the 2nd stage.

Banking

Banking Malware Internet Internet

Some Synology products impacted by recently disclosed OpenSSL flaws

Security Affairs

AUGUST 29, 2021

Taiwan vendor Synology announced that recently disclosed vulnerabilities (CVE-2021-3711 and CVE-2021-3712) in the OpenSSL impact some of its products. The CVE-2021-3711 is a high-severity buffer overflow flaw that could allow an attacker to change an application’s behavior or cause the app to crash. Important Ongoing DSM 6.2

VPN

VPN Encryption Authentication Hacking

FBI warns of ransomware attacks targeting the food and agriculture sector

Security Affairs

SEPTEMBER 3, 2021

. “Cyber criminal threat actors exploit network vulnerabilities to exfiltrate data and encrypt systems in a sector that is increasingly reliant on smart technologies, industrial control systems, and internet-based automation systems. Use multifactor authentication with strong pass phrases where possible.

Ransomware

Ransomware Passwords Backups Firmware

The dangers of “connected” healthcare: predictions for 2022

SecureList

NOVEMBER 23, 2021

Part of our predictions last year were based on the assumption that in 2021, the pandemic will continue for at least a few months and, because this assumption turned out to be accurate, so did many of our predictions. As we predicted, there was a significant increase in the number and size of medical data leaks. Predictions for the year 2022.

Healthcare

Healthcare Ransomware Cybercrime Scams

The Consumer Authentication Strength Maturity Model (CASMM)

Top 10 web application vulnerabilities in 2021–2023

Webinars

Trending Sources

CVE-2021-20090 actively exploited to target millions of IoT devices worldwide

Webinars

Announcing the winners of the 2021 GCP VRP Prize

Attackers are attempting to exploit recently patched Atlassian Confluence CVE-2021-26084 RCE

US citizens lost more than $68M to SIM swap attacks in 2021, FBI warns

AT&T confirmed that a data breach impacted 73 million customers

ALPHV/BlackCat ransomware affiliate targets Veritas Backup solution bugs

Venafi Wins 2021 CyberSecurity Breakthrough Awards

AT&T states that the data breach impacted 51 million former and current customers

CISA, FBI, and NSA published the list of 12 most exploited vulnerabilities of 2022

Chinese cyberspies obtained Microsoft signing key from Windows crash dump due to a mistake

3.5m IP cameras exposed, with US in the lead

PoC exploit for 2 flaws in Dahua cameras leaked online

7 Top Tips for Accelerating your IoT Projects in 2021

Fortinet FortiWeb OS Command Injection allows takeover servers remotely

B. Braun Infusomat pumps could be hacked to alter medication doses

Cyber Security Roundup for February 2021

Four zero-days in Microsoft Exchange actively exploited in the wild

Flaws in FortiWeb WAF expose Fortinet devices to remote hack

D-Link issues beta hotfix for multiple flaws in DIR-3040 routers

Realtek SDK flaws exploited to deliver Mirai bot variant

Alert! Unpatched critical Atlassian Confluence Zero-Day RCE flaw actively exploited

Flaws in the BIND software expose DNS servers to attacks

Your Guide to Hacker Summer Camp 2021

Your Guide to Hacker Summer Camp 2021

Announcing the winners of the 2020 GCP VRP Prize

Over 500K MikroTik RouterOS systems potentially exposed to hacking due to critical flaw

A server of the Jenkins project hacked by exploiting a Confluence flaw

Owowa, a malicious IIS Server module used to steal Microsoft Exchange credentials

Kaseya fixed two of the three Kaseya Unitrends zero-days found in July

Dark Mirai botnet spreads targeting RCE on TP-Link routers

Emsisoft releases free SynAck ransomware decryptor

Experts found 15 flaws in Netgear JGS516PE switch, including a critical RCE

China-linked threat actors have breached telcos and network service providers

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

DIVD discloses three new unpatched Kaseya Unitrends zero-days

Telehealth: A New Frontier in Medicine—and Security

GUEST ESSAY: A primer on content management systems (CMS) — and how to secure them

China-linked APT used Pulse Secure VPN zero-day to hack US defense contractors

The new maxtrilha trojan is being disseminated and targeting several banks

Some Synology products impacted by recently disclosed OpenSSL flaws

FBI warns of ransomware attacks targeting the food and agriculture sector

The dangers of “connected” healthcare: predictions for 2022

Stay Connected