Security Affairs

FEBRUARY 10, 2022

The FBI reported that US citizens have lost more than $68 million to SIM swapping attacks in 2021, the number of complaints since 2018 and associated losses have increased almost fivefold. In 2021, IC3 received 1,611 SIM swapping complaints with adjusted losses of more than $68 million.”

Mobile 89

Mobile Cryptocurrency Authentication Accountability 89

Security Affairs

MAY 17, 2024

CVE-2021-40655 An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. CVE-2021-40655 An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT.

Firmware 77

Firmware Authentication Passwords Hacking 77

Security Affairs

OCTOBER 26, 2021

“Unknown cyber criminals using Ranzy Locker ransomware had compromised more than 30 US businesses as of July 2021. The victims include the construction subsector of the critical manufacturing sector, the academia subsector of the government facilities sector, the information technology sector, and the transportation sector.”

Ransomware 126

Ransomware Firmware Antivirus Accountability 126

Security Affairs

DECEMBER 13, 2022

Twitter confirmed that the recent leak of members’ profile information resulted from the 2021 data breach disclosed in August 2022. Twitter confirmed that the recent data leak of millions of profiles resulted from the 2021 data breach that the company disclosed in August 2022. ” the source told 9to5Mac.

Data breaches 93

Data breaches Accountability Media Hacking 93

Security Affairs

JULY 9, 2022

Four of the fixed issues have been rated as a “high” severity, they are CVE-2022-26117, CVE-2021-43072, CVE-2022-30302, and CVE-2021-41031.

Authentication 138

Authentication Passwords Hacking Accountability 138

Security Affairs

JANUARY 19, 2022

A vulnerability in the implementation of multi-factor authentication (MFA) for Box allowed threat actors to take over accounts. A vulnerability in the implementation of multi-factor authentication (MFA) for Box allowed attackers to take over accounts without having access to the victim’s phone, Varonis researchers reported.

Accountability 112

Accountability Authentication Passwords Data breaches 112

Security Affairs

JANUARY 12, 2024

In December, experts warned of an authentication bypass zero-day flaw that affects Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system. An attacker can trigger the vulnerability, tracked as CVE-2023-51467 , to bypass authentication to achieve a simple Server-Side Request Forgery (SSRF). in the Apache OfBiz.

Authentication 124

Authentication Software Passwords Hacking 124

CyberSecurity Insiders

MAY 22, 2021

NEW YORK–( BUSINESS WIRE )– Veridium , a leading developer of frictionless, passwordless authentication solutions, is proud to announce that it’s won the 2021 Global InfoSec Award in the category of Next-Gen in Passwordless Authentication. “We For more information, please visit www.veridiumid.com.

InfoSec 52

InfoSec B2C B2B Authentication 52

CyberSecurity Insiders

OCTOBER 1, 2021

SALT LAKE CITY–( BUSINESS WIRE )– Venafi , the inventor and leading provider of machine identity management, today announced that the company’s Trust Protection Platform won the “Identity Management Platform of the Year” award in the 2021 CyberSecurity Breakthrough Awards. For more information, visit: www.venafi.com.

Cybersecurity 52

Cybersecurity Digital transformation IoT Marketing 52

Security Affairs

MAY 25, 2021

Trend Micro fixed some flaws in Trend Micro Home Network Security devices that could be exploited to elevate privileges or achieve arbitrary authentication. Trend Micro fixed three vulnerabilities in Home Network Security devices that could be exploited to elevate privileges or achieve arbitrary authentication.

Network Security 116

Network Security Authentication Firmware Passwords 116

CyberSecurity Insiders

MARCH 25, 2021

This is why it is essential to your device performance to make sure any endpoints include flexible, secure, default-settings and, in particular, optional mechanisms like password complexity, password expiration, and account lock-out, which forces users to modify the default credentials when setting up the device.

IoT 100

IoT Authentication Passwords Data collection 100

Security Affairs

JULY 26, 2021

Microsoft published mitigations for the recently discovered PetitPotam attack that allows attackers to force remote Windows machines to share their password hashes. The NTLM authentication hash can be used to carry out a relay attack or can be lately cracked to obtain the victim’s password. are most exposed.

Authentication 118

Authentication Passwords Encryption Hacking 118

Security Affairs

JULY 26, 2023

A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface.” The CVE-2023-30799 flaw can be exploited by a remote and an authenticated attacker to escalate privileges from admin to ‘super-admin’ which allows it to get a root shell on the router.

Hacking 93

Hacking Passwords Authentication Encryption 93

Security Affairs

DECEMBER 28, 2021

Password manager app LastPass confirmed that threat actors have launched a credential stuffing attack against its users. “Someone just used your master password to try to log in to your account from a device or location we didn’t recognize,” reads the warnings. — Valcrist (@Valcristerra) December 28, 2021.

Password Management 104

Password Management Passwords Accountability Authentication 104

Security Affairs

DECEMBER 31, 2021

Below is the list of flaws discovered by the researchers: CVE-2021-20173 : Post Authentication Command Injection via SOAP Interface. CVE-2021-20174 : Default HTTP Communication (Web Interface). CVE-2021-20175 : Default HTTP Communication (SOAP Interface). CVE-2021-23147 : Insufficient UART Protection Mechanisms.

Firmware 122

Firmware Encryption Authentication Passwords 122

Security Affairs

JULY 17, 2021

The flaws were discovered by Cisco Talos researchers, the first one tracked as CVE-2021-21818 is hard-coded password vulnerability in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03, while the second one is a hard-coded password vulnerability exists in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03.

Firmware 117

Firmware Wireless Passwords Internet 117

Security Affairs

DECEMBER 14, 2022

Some of the most popular brands don’t enforce a strong password policy, meaning anyone can peer into their owners’ lives. million IP cameras exposed to the internet, signifying an eightfold increase since April 2021. The number of internet-facing cameras in the world is growing exponentially. Original post at [link].

Surveillance 126

Surveillance Manufacturing Passwords Internet 126

Security Affairs

OCTOBER 2, 2021

Threat actors stole funds from the accounts of more than 6,000 users of the crypto exchange Coinbase exploiting a flaw to bypass 2FA authentication. Threat actors have exploited a vulnerability in the SMS-based two-factor authentication (2FA) system implemented by the crypto exchange Coinbase to steal funds from more than 6,000 users.

Cryptocurrency 114

Cryptocurrency Data breaches Authentication Accountability 114

Security Affairs

NOVEMBER 10, 2022

The researchers initially discovered an authentication bypass issue, then explored the systems looking at functionalities available to authenticated users such as uploading and downloading configuration files. Then we changed the SSH configuration file to enable root to connect using password. ” concludes the advisory.

Firmware 128

Firmware Authentication Passwords Manufacturing 128

Security Affairs

JULY 22, 2021

Oracle released its Critical Patch Update for July 2021 , it fixes hundreds of flaws, including Critical Remotely Exploitable vulnerabilities in Weblogic Server. Oracle this week released its quarterly Critical Patch Update for July 2021 that contains 342 new security patches for multiple product families. and 11.2.5.0.

Authentication 128

Authentication Passwords Hacking Technology 128

Security Affairs

OCTOBER 11, 2021

DEV-0343: Iran-linked threat actors are targeting US and Israeli defense technology companies leveraging password spraying attacks. Threat actors are launching extensive password spraying attacks aimed at the target organizations, the malicious campaign was first spotted in July 2021.

Technology 86

Technology Passwords Accountability Authentication 86

Security Affairs

JANUARY 18, 2021

“Around 0400 GMT on 16 Jan 2021, an administrator account on the OpenWrt forum ( [link] ) was breached. It is not known how the account was accessed: the account had a good password, but did not have two-factor authentication enabled.” If users use Github login/OAuth key, they should reset/refresh it.

Hacking 129

Hacking Data breaches Passwords Accountability 129

Security Affairs

NOVEMBER 4, 2021

Cisco has released security updates to address two critical vulnerabilities that could have allowed unauthenticated attackers to log in to affected devices using hard-coded credentials or default SSH keys. The Telnet service is not enabled by default and the issue could be exploited only on devices configured to allow Telnet connections.

Authentication 143

Authentication Passwords Accountability Hacking 143

Security Affairs

JUNE 8, 2022

“Upon gaining an initial foothold into a telecommunications organization or network service provider, PRC state-sponsored cyber actors have identified critical users and infrastructure including systems critical to maintaining the security of authentication, authorization, and accounting.

Telecommunications 94

Telecommunications Authentication Passwords Accountability 94

Security Affairs

SEPTEMBER 3, 2021

.” The PIN provides a series of examples of ransomware attacks impacting food and agriculture sector businesses, such as an attack that took place in January 2021 against an identified US farm that resulted in losses of approximately $9 million due to the disruption of the farming operations. Implement network segmentation.

Ransomware 95

Ransomware Passwords Backups Firmware 95

Security Affairs

AUGUST 26, 2021

Threat actors are targeting Pulse Connect Secure VPN devices exploiting multiple flaws, including CVE-2021-22893 and CVE-2021-22937. CVE-2021-22893 is a buffer overflow issue in Pulse Connect Secure Collaboration Suite prior b9.1R11.4 One file is designed to intercept certificate-based multi-factor authentication.

Malware 129

Malware VPN Authentication Hacking 129

Security Affairs

DECEMBER 15, 2021

Once a user has successfully authenticated on the OWA authentication web page, the Owawa module captures its credential. The module was most likely compiled between late 2020 and April 2021. The module verifies the successful authentication by checking that the OWA application is sending an authentication token back to the user.

Encryption 100

Encryption Authentication Passwords Internet 100

Security Affairs

OCTOBER 9, 2021

American media conglomerate Cox Media Group (CMG) was hit by a ransomware attack that took down live TV and radio broadcast streams in June 2021. The American media conglomerate Cox Media Group (CMG) announced it was hit by a ransomware attack that caused the interruption of the live TV and radio broadcast streams in June 2021.

Media 97

Media Ransomware Identity Theft Insurance 97

ForAllSecure

MAY 25, 2021

Black Hat Briefings USA ( Jul 31, 2021 through Thu, Aug 5, 2021). BsidesLV (July 31 and August 1, 2021). BSidesLV will be entirely virtual in 2021. For example, FuzzCON 2021 will be hybrid, in person and virtual, the Thursday night between Black Hat and DEF CON. Two Factor Authentication is a must.

VPN 52

VPN Passwords Internet Internet 52

ForAllSecure

MAY 25, 2021

Black Hat Briefings USA ( Jul 31, 2021 through Thu, Aug 5, 2021). BsidesLV (July 31 and August 1, 2021). BSidesLV will be entirely virtual in 2021. For example, FuzzCON 2021 will be hybrid, in person and virtual, the Thursday night between Black Hat and DEF CON. Two Factor Authentication is a must.

VPN 52

VPN Passwords Internet Internet 52

Security Affairs

SEPTEMBER 6, 2021

Netgear has addressed three vulnerabilities tracked by the vendor as PSV-2021-0140, PSV-2021-0144, PSV-2021-0145 that received a CVSS score between 7.4 — Gynvael Coldwind (@gynvael) September 6, 2021. The researcher also published a PoC code that changes the password to “AlaMaKota1234.”

Firmware 102

Firmware Authentication Passwords Hacking 102

Security Affairs

JUNE 21, 2021

The group published the link to 13 password-protected archives, allegedly containing sensitive data stolen from the chipmaker. Attention Password for the Archives: XXXXXXXXXXX#1JLDiw8″ reads the post published by the group on its leak site. !!Inside Only use secure networks and avoid using public Wi-Fi networks.

Ransomware 137

Ransomware Passwords VPN Authentication 137

Security Affairs

AUGUST 31, 2022

According to the company, the attackers stole a 2021 database from its infrastructure and also shared a samples online to demonstrate the authenticity of the claims. The company added that browsing history or passwords were not included in the stolen database. millions of its users. “As follows from the leak, 24.6

Data breaches 80

Data breaches Passwords Banking Media 80

Security Affairs

MARCH 2, 2021

Microsoft released emergency out-of-band security updates for all supported Microsoft Exchange versions that fix four zero-day flaws. Patches available now, action required to apply* Full remote code execution, without authentication. link] — Kevin Beaumont (@GossiTheDog) March 2, 2021.

Authentication 99

Authentication Internet Internet Hacking 99

Security Affairs

JANUARY 14, 2021

This week Cisco released security updates to address 67 high-severity vulnerabilities, including issues affecting Cisco’s AnyConnect Secure Mobility Client and small business routers (i.e. out of 10, could be exploited by a remote authenticated attacker to change the password for any account user on affected systems.

Software 80

Software Small Business Mobile Authentication 80

CyberSecurity Insiders

MARCH 28, 2023

Understanding the FTC Safeguards Rule The FTC Safeguards Rule is a set of regulations that require covered financial institutions to develop, implement, and maintain an information security program designed to protect customer information. Implementation of multi-factor authentication.

Data breaches 125

Data breaches Authentication Risk Phishing 125

Security Affairs

MARCH 16, 2022

The nation-state actors gained access to the network by exploiting default MFA protocols and the Windows Print Spooler vulnerability, “PrintNightmare” ( CVE-2021-34527 ), reads the advisory. In order to compromise the target network, the attackers conducted a brute-force password guessing attack against an un-enrolled and inactive account.

Accountability 91

Accountability Passwords Authentication Firmware 91