Malwarebytes

NOVEMBER 7, 2023

After 1Password, BeyondTrust, and Cloudflare detected unauthorized log-in attempts to their in-house Okta administrator accounts, they reported the incidents to Okta who started an investigation. To gain access to that service account, the attacker compromised an Okta employee. Enable two-factor authentication (2FA).

Accountability 122

Accountability Passwords Data breaches Phishing 122

Heimadal Security

DECEMBER 20, 2022

GitHub recently announced that it will require all users who contribute with code on the platform to enable two-factor authentification over the course of 2023. Two-factor authentication (2FA) makes accounts safer by adding an extra step that requires entering a one-time code during the login process.

Accountability 130

Accountability Authentication Cybersecurity 130

Security Affairs

OCTOBER 31, 2023

Researchers publicly released the exploit code for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198. ai publicly released the exploit code for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198. The attacker can then use that account to gain control of the affected system.”

Internet 126

Internet Internet Software Accountability 126

Security Affairs

NOVEMBER 29, 2023

Cloud identity and access management solutions provider Okta revealed additional threat actor activity linked to the October 2023 breach. Okta provided additional details about the October 2023 breach and revealed additional threat actor malicious activities. On Thursday, October 19, Okta advised customers of a security incident.

Social Engineering 107

Social Engineering Authentication Engineering Accountability 107

Bleeping Computer

OCTOBER 25, 2023

A proof-of-concept (PoC) exploit is released for the 'Citrix Bleed' vulnerability, tracked as CVE-2023-4966, that allows attackers to retrieve authentication session cookies from vulnerable Citrix NetScaler ADC and NetScaler Gateway appliances. [.]

Accountability 121

Accountability Authentication 121

Security Affairs

DECEMBER 5, 2023

Microsoft warns that the Russia-linked APT28 group is actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts. In March 2023, Microsoft published guidance for investigating attacks exploiting the patched Outlook vulnerability tracked as CVE-2023-23397.

Accountability 105

Accountability Government Phishing Authentication 105

Malwarebytes

OCTOBER 6, 2023

Recently, Amazon announced that it will require all privileged Amazon Web Services (AWS) accounts to use multi-factor authentication (MFA) , starting in mid-2024. Our regular readers will know that we feel that passwords alone are not adequate protection , especially not for your important accounts. Get a free trial below.

Authentication 124

Authentication Passwords Social Engineering Accountability 124

Security Affairs

OCTOBER 4, 2023

Software giant Atlassian released emergency security updates to address a critical zero-day vulnerability, tracked as CVE-2023-22515 (CVSS score 10), in its Confluence Data Center and Server software. The flaw CVE-2023-22515 is a privilege escalation vulnerability that affects Confluence Data Center and Server 8.0.0 and later.

Software 120

Software Accountability Authentication Internet 120

Duo's Security Blog

NOVEMBER 10, 2023

10 and over 250 reviews, Duo is honored to share that we won the 2023 TrustRadius Top Rated Award for Authentication. Duo’s Multi-Factor Authentication solution combines multiple authentication factors to provide simple ways to protect users. With a score of 9.3/10 My only issue is that we did not do it sooner.

Authentication 104

Authentication Education Accountability Technology 104

Krebs on Security

SEPTEMBER 13, 2023

11, 2023, USDoD resurfaced after a lengthy absence to leak sensitive employee data stolen from the aerospace giant Airbus , while promising to visit the same treatment on top U.S. By stealing these tokens, attackers can often reuse them in their own web browser, and bypass any authentication normally required for that account.

Cybercrime 286

Cybercrime Passwords Authentication Malware 286

The Hacker News

JUNE 21, 2023

A security shortcoming in Microsoft Azure Active Directory (AD) Open Authorization (OAuth) process could have been exploited to achieve full account takeover, researchers said. California-based identity and access management service Descope, which discovered and reported the issue in April 2023, dubbed it nOAuth.

Accountability 93

Accountability Authentication 93

SecureWorld News

JUNE 21, 2023

Cybersecurity firm Group-IB recently uncovered a significant security breach involving ChatGPT accounts. These compromised accounts pose a serious risk to businesses, especially in the Asia-Pacific region, which has experienced the highest concentration of ChatGPT credentials for sale.

Accountability 120

Accountability Data collection Cyber threats Cybersecurity 120

eSecurity Planet

OCTOBER 30, 2023

See the Top Patch and Vulnerability Management tools October 23, 2023 Citrix NetScaler Vulnerability Under Active Attack Type of attack: Active exploitation of the high-risk Sensitive Information Disclosure vulnerability ( CVE-2023-4966 ) disclosed on October 10, 2023 and now known as Citrix Bleed.

Authentication 93

Authentication Mobile Accountability Software 93

Bleeping Computer

MAY 4, 2022

GitHub announced today that all users who contribute code on its platform (an estimated 83 million developers in total) will be required to enable two-factor authentication (2FA) on their accounts by the end of 2023. [.].

Authentication 122

Authentication Accountability 122

Malwarebytes

FEBRUARY 20, 2023

From March 19, users of Twitter won’t be able to use SMS-based two-factor authentication (2FA) unless they have a subscription to the paid Twitter Blue service. You can still use the authentication app and security key methods. To avoid losing access to Twitter, remove text message two-factor authentication by Mar 19, 2023.

Authentication 94

Authentication Phishing Mobile Accountability 94

Security Affairs

MARCH 26, 2023

Microsoft is warning of cyber attacks exploiting a recently patched Outlook vulnerability tracked as CVE-2023-23397 (CVSS score: 9.8). Microsoft published guidance for investigating attacks exploiting recently patched Outlook vulnerability tracked as CVE-2023-23397. reads the advisory published by Microsoft.

Authentication 92

Authentication Accountability Cyber Attacks Hacking 92

Bleeping Computer

DECEMBER 15, 2022

GitHub will require all users who contribute code on the platform to enable two-factor authentication (2FA) as an additional protection measure on their accounts by the end of 2023. [.].

Authentication 98

Authentication Accountability 98

Google Security

MAY 2, 2024

Sriram Karra and Christiaan Brand, Google product managers Last year, Google launched passkey support for Google Accounts. Today, we announced that passkeys have been used to authenticate users more than 1 billion times across over 400 million Google Accounts. This post will seek to clarify these topics.

Accountability 60

Accountability Passwords Authentication Password Management 60

Security Affairs

FEBRUARY 18, 2023

Twitter has announced that the platform will allow using the SMS-based two-factor authentication (2FA) only to its Blue subscribers. To date, Twitter has offered three methods of 2FA : text message, authentication app, and security key. “At that time, accounts with text message 2FA still enabled will have it disabled.

Authentication 94

Authentication Accountability Media Hacking 94

Security Affairs

JANUARY 4, 2024

An internet outage impacted Orange Spain after a hacker gained access to the company’s RIPE account to misconfigure BGP routing. The hacker, who uses the moniker ‘Snow’, gained access to the RIPE account of Orange Spain and misconfigured the BGP routing causing an internet outage. I have fixed your RIPE admin account security.

Internet 111

Internet Internet Accountability Passwords 111

eSecurity Planet

SEPTEMBER 5, 2023

August 28, 2023 Ransomware Group Exploits Citrix NetScaler Vulnerability In July, Citrix released a patch for a critical remote code execution vulnerability ( CVE-2023-3519 ), which affected the company’s NetScaler ADC and NetScaler Gateway products and carried a severity rating of 9.8 out of 10 on the CVSS vulnerability scale.

VPN 95

VPN Authentication Ransomware Antivirus 95

Security Affairs

MARCH 29, 2023

OpenAI addressed multiple severe vulnerabilities in the popular chatbot ChatGPT that could have been exploited to take over accounts. OpenAI addressed multiple severe vulnerabilities in ChatGPT that could have allowed attackers to take over user accounts and view chat histories. Attack Flow: 1. Victims visit the legitimate link.

Accountability 83

Accountability Authentication Hacking Information Security 83

Malwarebytes

DECEMBER 28, 2023

In 2023, the public primarily confronted two varieties of online scams: the technical and the topical. A team of hackers can, say, boost their own info-stealing websites through Google search results, providing a veneer of authenticity to their malicious intent. Topical scams, on the other hand, are simpler. The money’s crazy.”

Scams 87

Scams Accountability Social Engineering Small Business 87

The Hacker News

JUNE 29, 2023

Tracked as CVE-2023-2982 (CVSS score: 9.8), the authentication bypass flaw impacts all versions of the plugin, including and prior to 7.6.4. It was addressed on June 14, 2023

Accountability 97

Accountability Authentication 97

Security Affairs

APRIL 12, 2023

SAP April 2023 security updates include a total of 24 notes, 19 of which are new vulnerabilities. CVE-2023-28765 : An attacker with basic privileges in SAP BusinessObjects Business Intelligence Platform (Promotion Management) – versions 420, 430, can exploit the issue to access to lcmbiar file and further decrypt the file.

Education 83

Education Media Authentication Passwords 83

CyberSecurity Insiders

APRIL 10, 2023

Why is identity management and security important in 2023? “In These attacks have become more complex and challenging to detect, leading to increased instances of data breaches, account takeovers, and impersonation attacks. The post IDENTITY MANAGEMENT DAY 2023: Advice from Cyber Pros appeared first on Cybersecurity Insiders.

Identity Theft 105

Identity Theft Education Authentication Data breaches 105

Malwarebytes

JULY 27, 2023

All Federal Civilian Executive Branch (FCEB) agencies must remediate this vulnerability by August 15, 2023 to protect their networks against active threats. Ivanti has made a patch available for supported version 11.4 releases 11.10, 11.9 and recommends that you immediately take action to ensure you are fully protected.

Mobile 87

Mobile Authentication Government Software 87

Malwarebytes

SEPTEMBER 13, 2023

They can do this becasue alongside the password vaults that were stolen, criminals also made off with customers' email addresses, as well as " basic customer account information", company names, end-user names, billing addresses, telephone numbers, and IP addresses. For us, data security is paramount. Don't take things at face value.

Phishing 138

Phishing Accountability Passwords Password Management 138

Security Affairs

APRIL 9, 2024

“An error in the account handler lets an attacker skip the PIN verification entirely and create a privileged user profile.” running on OLED55A23LA Below is the disclosure timeline: November 01, 2023: Vendor disclosure November 15, 2023: Vendor confirms the vulnerabilities. ” reads the advisory.

Hacking 125

Hacking Internet Internet Authentication 125

CyberSecurity Insiders

DECEMBER 23, 2022

In 2023 we will see malicious actors increase the frequency of and escalate tactics and techniques around communication. Below are my top 5 predictions for Business Communication Compromise in 2023. This is a trend that will escalate in 2023.

Social Engineering 142

Social Engineering Phishing Risk Engineering 142

eSecurity Planet

AUGUST 28, 2023

August 21, 2023 Ivanti finds another vulnerability For the third time in a month, Ivanti’s has reported a vulnerability in a mobile device management platform. The latest — CVE-2023-38035 — affects the Sentry secure mobile gateway, part of Ivanti’s UEM platform and is being exploited as a zero-day.

VPN 85

VPN Authentication Mobile Firewall 85

CyberSecurity Insiders

DECEMBER 27, 2022

Google, the much-used search engine across the world, has disclosed some security steps to its Gmail users to stay cyber safe in the year 2023. Always keep your google account safe by going through the Security Checkup and Privacy Checkup pages once or twice in 3 months.

Accountability 109

Accountability Mobile Engineering Authentication 109

Malwarebytes

JULY 21, 2023

This means that Federal Civilian Executive Branch (FCEB) agencies need to remediate this vulnerability by August 9, 2023 to protect their networks against active threats. The actively exploited CVE patched in this update is CVE-2023-3519 a Citrix NetScaler ADC and NetScaler Gateway code injection vulnerability with a CVSS score of 9.8

Authentication 98

Authentication VPN Cybercrime Cybersecurity 98

eSecurity Planet

NOVEMBER 6, 2023

30, 2023 NGINX Ingress Controller for Kubernetes Flaws Can Lead to Credential Theft Type of Attack: Path sanitization bypass and injection vulnerabilities discovered in the NGINX Ingress controller can allow for credential theft, arbitrary command execution, and critical data access. CVE-2023-5044 (Code Injection): This CVSS score 7.6

Software 89

Software Education Ransomware Firmware 89

Malwarebytes

JANUARY 25, 2023

The recent WhatsApp accounts takeover is simple and genius. A "hacker" tries to login to your account via WhatsApp. — Zuk (@ihackbanme) January 19, 2023 He explains that attackers can take advantage of two things: a user's availability and how identity verification works on WhatsApp. Here's how it works.

Accountability 98

Accountability Mobile Risk Authentication 98

Security Boulevard

JUNE 9, 2023

On 31-May-2023, Progress Software disclosed a critical vulnerability CVE-2023-34362 in the MOVEit application. This ASPX file stages an SQL database account to be used for further access. Once the malicious webshell is installed, it creates a random 36 characters long password which later is used for the authentication purpose.

Software 103

Software Internet Internet Authentication 103

eSecurity Planet

OCTOBER 9, 2023

This vulnerability, identified as CVE-2023-42793 , can give unauthenticated attackers remote code execution (RCE) abilities without requiring user input by exploiting an authentication bypass flaw. The problem: Arm has issued a security alert on CVE-2023-4211 , an actively exploited vulnerability in its Mali GPU drivers.

Architecture 93

Architecture Ransomware Software Accountability 93