Security Affairs

DECEMBER 13, 2022

VMware fixed three flaws in multiple products, including a virtual machine escape issue exploited at the GeekPwn 2022 hacking competition. VMware addressed three vulnerabilities in multiple products, including a virtual machine escape flaw, tracked as CVE-2022-31705, that was exploited at the GeekPwn 2022 hacking competition.

Hacking 122

Hacking Authentication Information Security 122

Security Affairs

JANUARY 31, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Apple improper authentication bug to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added an Apple improper authentication bug, tracked as CVE-2022-48618 , to its Known Exploited Vulnerabilities (KEV) catalog.

Authentication 94

Authentication Cybersecurity Risk Information Security 94

Security Affairs

DECEMBER 15, 2022

Microsoft revised the severity rate for the CVE-2022-37958 flaw which was addressed with Patch Tuesday security updates for September 2022. The CVE-2022-37958 was originally classified as an information disclosure vulnerability that impacts the SPNEGO Extended Negotiation ( NEGOEX ) security mechanism.

Authentication 99

Authentication Internet Internet Hacking 99

Security Affairs

OCTOBER 18, 2022

Fortinet confirmed that many systems are still vulnerable to attacks exploiting the CVE-2022-40684 zero-day vulnerability. Fortinet is urging customers to address the recently discovered CVE-2022-40684 zero-day vulnerability. A proof-of-concept (PoC) exploit code for the CVE-2022-40684 flaw has been released online.

Authentication 129

Authentication Firewall Hacking Risk 129

Security Affairs

SEPTEMBER 8, 2022

The two issues have been tracked as CVE-2022-20696 (CVSS score: 7.5) and CVE-2022-28199 (CVSS score: 8.6) The CVE-2022-28199 flaw stems from a lack of proper error handling in DPDK’s network stack. Cisco also addressed a medium severity issue, tracked as CVE-2022-20863 (CVSS score: 4.3), in Cisco Webex Meetings App.

Authentication 132

Authentication Small Business Software Firewall 132

Security Affairs

DECEMBER 29, 2022

NCC Group’s Fox-IT research team warns of thousands of Citrix ADC and Gateway endpoints remain vulnerable to two critical vulnerabilities, tracked as CVE-2022-27510 and CVE-2022-27518 (CVSS scores: 9.8), that the company addressed in recent months. Citrix addressed the flaw on November 8, 2022. Pierluigi Paganini.

VPN 92

VPN Internet Internet Authentication 92

Security Affairs

NOVEMBER 8, 2022

Citrix released security updates to address a critical authentication bypass vulnerability in Citrix ADC and Citrix Gateway. Citrix is urging customers to install security updates to address a critical authentication bypass issue, tracked as CVE-2022-27510, in Citrix ADC and Citrix Gateway. Pierluigi Paganini.

Authentication 95

Authentication VPN Phishing Hacking 95

Security Affairs

MARCH 27, 2022

Sophos has addressed a critical vulnerability, tracked as CVE-2022-1040, in its Sophos Firewall that allows remote code execution (RCE). Sophos has fixed an authentication bypass vulnerability, tracked as CVE-2022-1040, that resides in the User Portal and Webadmin areas of Sophos Firewall. MR3 (18.5.3) and earlier. MR3 (18.5.3)

Firewall 81

Firewall Authentication VPN Hacking 81

Security Affairs

OCTOBER 10, 2022

Fortinet has confirmed that the recently disclosed critical authentication bypass issue (CVE-2022-40684) is being exploited in the wild. Last week, Fortinet addressed a critical authentication bypass flaw, tracked as CVE-2022-40684 , that impacted FortiGate firewalls and FortiProxy web proxies. Pierluigi Paganini.

Authentication 98

Authentication Firewall Hacking Risk 98

Security Affairs

AUGUST 10, 2022

VMware warns of the availability of a proof-of-concept exploit code for a critical authentication bypass flaw in multiple products. VMware warns its customers of the availability of a proof-of-concept exploit code for a critical authentication bypass flaw, tracked as CVE-2022-31656 , in multiple products. Pierluigi Paganini.

Authentication 100

Authentication Hacking Information Security 100

Security Affairs

JULY 4, 2022

US Critical Infrastructure Security Agency (CISA) adds CVE-2022-26925 Windows LSA flaw to its Known Exploited Vulnerabilities Catalog. The vulnerability can be exploited by an unauthenticated attacker to force a domain controller to authenticate against another server using NTLM. “An SecurityAffairs – hacking, CVE-2022-26925).

Authentication 87

Authentication Risk Hacking Accountability 87

Security Affairs

OCTOBER 14, 2022

Experts released the PoC exploit code for the authentication bypass flaw CVE-2022-40684 in FortiGate firewalls and FortiProxy web proxies. A proof-of-concept (PoC) exploit code for the authentication bypass vulnerability CVE-2022-40684 (CVSS score: 9.6) SecurityAffairs – hacking, CVE-2022-40684).

Authentication 113

Authentication Firewall Hacking Risk 113

Security Affairs

MAY 23, 2024

Below is the list of the addressed vulnerabilities: CVE Description CVSS Vector CVE-2024-29822 An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.

Authentication 92

Authentication Hacking Information Security 92

Security Affairs

APRIL 24, 2022

Atlassian fixed a critical flaw in its Jira software, tracked as CVE-2022-0540 , that could be exploited to bypass authentication. Atlassian has addressed a critical vulnerability in its Jira Seraph software, tracked as CVE-2022-0540 (CVSS score 9.9), that can be exploited by an unauthenticated attacker to bypass authentication.

Authentication 75

Authentication Software Hacking Risk 75

Security Affairs

MAY 11, 2023

Industrial and IoT cybersecurity firm Claroty disclosed technical details of five vulnerabilities that be exploited to hack some Netgear router models. “Team82 disclosed five vulnerabilities in NETGEAR’s Nighthawk RAX30 routers as part of its research and participation in last December’s Pwn2Own Toronto hacking competition.”

Hacking 92

Hacking Firmware Authentication DNS 92

Security Affairs

OCTOBER 7, 2022

Fortinet addressed a critical authentication bypass vulnerability that impacted FortiGate firewalls and FortiProxy web proxies. Fortinet addressed a critical authentication bypass flaw, tracked as CVE-2022-40684, that impacted FortiGate firewalls and FortiProxy web proxies. SecurityAffairs – hacking, authentication bypass).

Authentication 98

Authentication Firewall Hacking Risk 98

Security Affairs

AUGUST 3, 2023

CISA, the FBI, and NSA, along with Five Eyes cybersecurity agencies published a list of the 12 most exploited vulnerabilities of 2022. CISA, the NSA, and the FBI, in collaboration with cybersecurity authorities from Australia, Canada, New Zealand, and the United Kingdom, have published a list of the 12 most exploited vulnerabilities of 2022.

Authentication 78

Authentication VPN Internet Internet 78

Security Affairs

NOVEMBER 23, 2022

Microsoft released an out-of-band update to fix problems tied to a recent Windows security patch that caused Kerberos authentication issues. Microsoft released an out-of-band update to address issues caused by a recent Windows security patch that causes Kerberos authentication problems. ” continues the advisory.

Authentication 99

Authentication Encryption Hacking Accountability 99

Security Affairs

FEBRUARY 3, 2023

Atlassian has released security updates to address a critical vulnerability in Jira Service Management Server and Data Center, tracked as CVE-2023-22501 (CVSS score: 9.4), that could be exploited by an attacker to impersonate another user and gain unauthorized access to other Jira Service Management instances under certain circumstances.

Authentication 85

Authentication Software Hacking Accountability 85

Security Affairs

MARCH 11, 2022

Anonymous announced to have hacked the Russian Federal Service for Supervision of Communications, Information Technology and Mass Media, also known as Roskomnadzor. OpRussia [link] — Anonymous TV (@YourAnonTV) March 10, 2022. com/wiki/Roskomnadzor — Anonymous TV (@YourAnonTV) March 10, 2022. ddosecrets[.]com/wiki/Roskomnadzor

Hacking 108

Hacking Media Authentication Technology 108

Security Affairs

MARCH 5, 2022

Anonymous announced to have hacked more than 2,500 websites linked to the Russian and Belarusian governments, state-owned media outlets spreading disinformation, Russian private organizations, banks, hospitals, airports. FckPutin #FreeUkraine pic.twitter.com/NJZiLx5c0d — Anonymous TV (@YourAnonTV) March 3, 2022.

Hacking 143

Hacking Government Banking Media 143

Security Affairs

NOVEMBER 27, 2023

Ukraine’s intelligence service announced the hack of the Russian Federal Air Transport Agency, ‘Rosaviatsia.’ ’ Ukraine’s intelligence service announced they have hacked Russia’s Federal Air Transport Agency, ‘Rosaviatsia.’ In the same period in 2022, 50 such incidents were recorded.

Hacking 103

Hacking Engineering Manufacturing Government 103

Security Affairs

MAY 10, 2022

Microsoft Patch Tuesday security updates for May 2022 address three zero-day vulnerabilities, one of them actively exploited. Microsoft Patch Tuesday security updates for May 2022 addressed three zero-day vulnerabilities, one of which is under active attack. To nominate, please visit:? Pierluigi Paganini.

Authentication 107

Authentication Hacking Software Cybersecurity 107

Security Affairs

NOVEMBER 2, 2023

The attacks targeted IT service desk staff to trick them into resetting all multi-factor authentication (MFA) factors enrolled by highly privileged users. In December 2022, the American identity and access management giant revealed that its private GitHub repositories were hacked.

Data breaches 108

Data breaches Hacking Healthcare Social Engineering 108

Security Affairs

JANUARY 18, 2023

The vulnerabilities discovered in the Netcomm routers are a a stack based buffer overflow and an authentication bypass, respectively tracked as CVE-2022-4873 and CVE-2022-4874. CVE-2022-4874 – Authentication bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows an unauthenticated user to access content.

Hacking 82

Hacking Authentication Software Internet 82

Security Affairs

SEPTEMBER 18, 2022

The Password management solution LastPass revealed that the threat actors had access to its systems for four days during the August hack. Password management solution LastPass shared more details about the security breach that the company suffered in August 2022. had successfully authenticated using multi-factor authentication.”

Hacking 92

Hacking Password Management Passwords Authentication 92

Security Affairs

JUNE 29, 2022

The MITRE organization published the 2022 CWE Top 25 most dangerous software weaknesses. The MITRE shared the list of the 2022 top 25 most common and dangerous weaknesses, it could help organizations to assess internal infrastructure and determine their surface of attack. 2 -1 14 CWE-287 Improper Authentication 6.35

Software 96

Software Authentication Education Hacking 96

Security Affairs

JULY 25, 2022

The now patched vulnerabilities are an authentication bypass issue tracked as CVE-2022-34907 and a hardcoded cryptographic key tracked as CVE-2022-34906. A remote attacker can trigger the vulnerabilities to bypass authentication and gain full control over the MDM platform and its managed devices. x, prior to 14.7.2.

Hacking 87

Hacking Authentication Internet Internet 87

Security Affairs

JANUARY 31, 2023

Horizon3 security researchers released proof-of-concept (PoC) code for VMware vRealize Log Insight RCE vulnerability CVE-2022-31706. Last week, researchers from Horizon3’s Attack Team announced the release of PoC exploit code for remote code execution in VMware vRealize Log tracked as CVE-2022-31706 (CVSS base 9.8/10).

Engineering 84

Engineering Authentication Hacking Information Security 84

Security Affairs

JUNE 16, 2022

Cisco addressed a critical bypass authentication flaw in Cisco Email Security Appliance (ESA) and Secure Email and Web Manager. Cisco addressed a critical bypass authentication vulnerability affecting Email Security Appliance (ESA) and Secure Email and Web Manager. SecurityAffairs – hacking, Cisco ESA).

Authentication 84

Authentication Hacking Software Cybersecurity 84

SecureWorld News

FEBRUARY 23, 2023

It reported that hackers gained access to Activision's network by successfully phishing a privileged user on the network on December 4, 2022. vx-underground also reported that a hacker managed to break into an Activision Slack channel, post offensive messages, and steal information related to upcoming "Call of Duty" releases.

Hacking 77

Hacking Phishing Data breaches Information Security 77

Security Affairs

AUGUST 10, 2022

The user had enabled password syncing via Google Chrome and had stored their Cisco credentials in their browser, enabling that information to synchronize to their Google account.” cybersecurity #infosec #ransomware pic.twitter.com/kwrfjbwbkT — CyberKnow (@Cyberknow20) August 10, 2022. Pierluigi Paganini.

Ransomware 122

Ransomware Hacking VPN Phishing 122

Security Affairs

OCTOBER 15, 2022

Palo Alto Networks addressed a high-severity authentication bypass vulnerability affecting the PAN-OS 8.1 Palo Alto Networks released security patches to address a high-severity authentication bypass flaw, tracked as CVE-2022-0030 (CVSS score 8.1), impacting the PAN-OS 8.1 SecurityAffairs – hacking, CVE-2022-0030).

Firewall 145

Firewall Authentication Software Hacking 145

Security Affairs

FEBRUARY 14, 2022

Adobe addressed a critical vulnerability ( CVE-2022-24086 ) impacting Magento Open Source products that is being actively exploited in the wild. “Adobe is aware that CVE-2022-24086 has been exploited in the wild in very limited attacks targeting Adobe Commerce merchants.” The CVE-2022-24086 has received a CVSS score of 9.8

eCommerce 84

eCommerce Malware Authentication Hacking 84

Security Affairs

FEBRUARY 18, 2022

Researchers developed an exploit code for CVE-2022-24086 vulnerability affecting Adobe?Commerce Positive Technologies researchers have created a working PoC exploit for the recently patched CVE-2022-24086 vulnerability affecting its Commerce and Magento Open Source products. The CVE-2022-24086 has received a CVSS score of 9.8

Authentication 87

Authentication Hacking Technology Cybersecurity 87

Security Affairs

JANUARY 17, 2022

The pre-release announcement for Critical Patch Update (CPU) for January 2022 states that Oracle will fix 483 new flaws. This pre-release announcement for Critical Patch Update (CPU) for January 2022 confirms that Oracle security updates will address 483 new security patches. SecurityAffairs – hacking, CPU).

Big data 98

Big data Financial Services Retail Insurance 98

Security Affairs

JULY 26, 2023

Experts warn of a severe privilege escalation, tracked as CVE-2023-30799 , in MikroTik RouterOS that can be exploited to hack vulnerable devices. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface.” “MikroTik RouterOS stable before 6.49.7

Hacking 91

Hacking Passwords Authentication Encryption 91