Security Affairs

MAY 12, 2023

What started as notes from Nigerian princes that needed large sums of money to help them get home has evolved into bad actors that use refined social engineering tactics to convince the receiver to unknowingly share important information. At this point, the bad actor has access to the information they were after.

Phishing 88

Phishing Social Engineering Small Business B2B 88

Security Affairs

APRIL 24, 2023

Hackers are actively exploiting PaperCut MF/NG print management software flaws (tracked as CVE-2023-27350 and CVE-2023-27351 ) in attacks in the wild. On April 19th, Print management software provider PaperCut confirmed that it is aware of the active exploitation of the CVE-2023-27350 vulnerability.

Authentication 94

Authentication Software Education Malware 94

Duo's Security Blog

JANUARY 23, 2024

Throughout 2023, we’ve heard about many high-profile security incidents targeting a wide range of publicly listed companies. Additionally, Chief Information Security Officers (CISOs) have also been under scrutiny for the actions they’ve taken to address these issues. WebAuthn is important. Duo Care can help.

Authentication 75

Authentication Accountability CISO Technology 75

Security Affairs

APRIL 21, 2023

One of the issues tracked as CVE-2023-20036 (CVSS score: 9.9) “A vulnerability in the web UI of Cisco IND could allow an authenticated, remote attacker to execute arbitrary commands with administrative privileges on the underlying operating system of an affected device.” ” reads the advisory.

Authentication 90

Authentication Education Media Hacking 90

Security Affairs

APRIL 22, 2023

Cybersecurity and Infrastructure Security Agency (CISA) has added the following three new issues to its Known Exploited Vulnerabilities Catalog : CVE-2023-28432 (CVSS score – 7.5) – MinIO Information Disclosure Vulnerability. CVE-2023-2136 – Google Chrome Skia Integer Overflow Vulnerability.

Education 90

Education Media Authentication Cybersecurity 90

Security Affairs

JANUARY 16, 2024

Last week, software firm Ivanti reported that threat actors are exploiting two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Connect Secure (ICS) and Policy Secure to remotely execute arbitrary commands on targeted gateways. The flaw CVE-2023-46805 (CVSS score 8.2) x and Ivanti Policy Secure.

VPN 85

VPN Authentication Small Business Telecommunications 85

Security Affairs

APRIL 5, 2023

.” The researchers reported the issues to the United States Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA), which assigned the following five CVEs: Use of Hard-coded Credentials CWE-798 ( CVE-2023–1748 , CVSS3.0: Improper Input Validation CWE-20 ( CVE-2023–1751 , CVSS3.0:

Manufacturing 90

Manufacturing Media Firewall Education 90

Security Affairs

MAY 2, 2023

FortiGuard Labs researchers observed a worrisome level of attacks attempting to exploit an authentication bypass vulnerability in TBK DVR devices. Threat actors are attempting to exploit a five-year-old authentication bypass issue, tracked as CVE-2018-9995 (CVSS score of 9.8), in TBK DVR devices. .

Authentication 98

Authentication Retail Surveillance Education 98

Krebs on Security

APRIL 27, 2023

Customers can access a Salesforce Community website in two ways: Authenticated access (requiring login), and guest user access (no login required). This misconfigured Salesforce Community site from the state of Vermont was leaking pandemic assistance loan application data, including names, SSNs, email address and bank account information.

Banking 294

Banking Government Information Security Authentication 294

Security Affairs

MAY 9, 2023

Microsoft warns that Iran-linked APT groups have been observed exploiting the CVE-2023-27350 flaw in attacks against PaperCut MF/NG print management servers. The CVE-2023-27350 flaw is a PaperCut MF/NG Improper Access Control Vulnerability. ” reads a tweet published by the Microsoft Threat Intelligence team. .”

Software 90

Software Authentication Hacking Cybersecurity 90

Security Affairs

APRIL 13, 2023

Successful exploitation can lead to remote, unauthenticated access to Redis and MongoDB instances via crafted authentication requests. ” reads the advisory published by the vendor. The vulnerability affects FortiPresence 1.2 all versions, FortiPresence 1.1 all versions, and FortiPresence 1.0 all versions.

Authentication 81

Authentication Education Media Hacking 81

Security Affairs

APRIL 8, 2023

The CVE-2023-26083 flaw in the Arm Mali GPU driver is chained with other issues to install commercial spyware, as reported by Google’s Threat Analysis Group (TAG) in a recent report. CISA orders federal agencies to fix this flaw by April 28, 2023.

Backups 80

Backups Spyware Ransomware Education 80

Security Affairs

AUGUST 3, 2023

The new vulnerability, tracked as CVE-2023-35082 (CVSS score: 10.0), can be exploited by unauthenticated attackers to access the API in older unsupported versions of MobileIron Core (11.2 “In our testing of CVE-2023-35078, we had access to MobileIron Core version 11.2.0.0-31. and below). and prior. .”

Mobile 86

Mobile Authentication Internet Internet 86

Security Affairs

MAY 25, 2023

D-Link fixed two critical flaws in its D-View 8 network management suite that could lead to authentication bypass and arbitrary code execution. in its D-View 8 network management suite that could be exploited by remote attackers to bypass authentication and execute arbitrary code. ” reads the advisory published by ZDI.

Firmware 93

Firmware Authentication Software Hacking 93

Security Affairs

FEBRUARY 2, 2024

The incident took place on Thanksgiving Day, November 23, 2023, and Cloudflare immediately began an investigation with the help of CrowdStrike. The company pointed out that no customer data or systems were impacted by this security breach. . ” reads the blog post published by the company.

Authentication 107

Authentication Hacking Accountability Information Security 107

Security Affairs

APRIL 26, 2023

The maintainers of the software have released security patches to address an insecure default configuration, tracked as CVE-2023-27524 (CVSS score: 8.9), that could lead to remote code execution. ” The CVE-2023-27524 flaw impacts versions up to and including 2.0.1. on April 5, 2023. ” reads the advisory.

Authentication 83

Authentication Education Media Internet 83

Security Affairs

MAY 25, 2023

Zyxel addressed two critical buffer overflow vulnerabilities, tracked as CVE-2023-33009 and CVE-2023-33010 , that affect several of its firewall and VPN products. Patch 2 At the end April, Zyxel fixed a critical RCE flaw, tracked as CVE-2023-28771 (CVSS score 9.8), in its firewall devices and urged customers to install the patches.

Firewall 94

Firewall VPN Authentication Hacking 94

Security Affairs

MAY 4, 2023

Cisco is warning of a critical remote code execution (RCE) vulnerability, tracked as CVE-2023-20126 (CVSS score of 9.8), impacting SPA112 2-Port phone adapters. The company also warned that there are no workarounds for the CVE-2023-20126 vulnerability. The company product has reached end-of-life (EoL). ” continues the advisory.

Firmware 85

Firmware Education Media Authentication 85

Security Affairs

APRIL 30, 2023

Nominate here: [link] Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter ) The post Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition appeared first on Security Affairs.

Cybercrime 88

Cybercrime Malware Hacking Accountability 88

Security Affairs

APRIL 18, 2023

1/4 pic.twitter.com/7JjOSbYEBx — ESET Research (@ESETresearch) April 17, 2023 The RedLine is an info stealing malware written in.NET that is active since at least early 2020. The removal of these repositories should break authentication for panels currently in use.

Malware 86

Malware Education Media Authentication 86

Security Affairs

APRIL 3, 2023

’ The shared responsibility model allows application owners to add an authentication function by simply clicking a button. ” The experts discovered that other apps were impacted by the misconfiguration issue, including Mag News, Central Notification Service (CNS), Contact Center, PoliCheck, Power Automate Blog, and COSMOS.

Accountability 79

Accountability Education Media Authentication 79

Security Affairs

MAY 4, 2023

Cybersecurity researchers from VulnCheck have developed a new exploit for the recently disclosed critical flaw in PaperCut servers, tracked as CVE-2023-27350 (CVSS score: 9.8), that bypasses all current detections. The CVE-2023-27350 flaw is a PaperCut MF/NG Improper Access Control Vulnerability.

Education 92

Education Malware Software Cybersecurity 92

Security Affairs

APRIL 24, 2023

Print management software provider PaperCut confirmed ongoing active exploitation of CVE-2023-27350 vulnerability. On April 19th, Print management software provider PaperCut confirmed that it is aware of the active exploitation of the CVE-2023-27350 vulnerability. ” The CVE-2023-27350 (CVSS score – 9.8)

Cybercrime 74

Cybercrime Software Education Ransomware 74

Security Affairs

MAY 5, 2023

Fortinet addressed nine security vulnerabilities affecting multiple products, including two high-severity issues, tracked as CVE-2023-27999 and CVE-2023-22640, in FortiADC, FortiOS, and FortiProxy. The CVE-2023-27999 flaw (CVSS score 7.6) The flaw was discovered by Wilfried Djettchou of Fortinet Product Security team.

VPN 92

VPN Authentication Hacking Cybersecurity 92

Security Affairs

FEBRUARY 1, 2024

Mandiant researchers discovered new malware employed by a China-linked APT group known as UNC5221 and other threat groups targeting Ivanti Connect Secure VPN and Policy Secure devices. The attackers were observed exploiting CVE-2023-46805 and CVE-2024-21887 to execute arbitrary commands on the unpatched Ivanti devices.

VPN 107

VPN Malware Authentication Hacking 107

Security Affairs

FEBRUARY 28, 2024

In April 2023, FortiGuard Labs researchers observed a hacking campaign targeting Cacti ( CVE-2022-46169 ) and Realtek ( CVE-2021-35394 ) vulnerabilities to spread ShellBot and Moobot malware. Attackers replaced binaries on compromised EdgeRouters with trojanized OpenSSH server binaries allowing remote attackers to bypass authentication.

Energy and Utilities 97

Energy and Utilities Government Firewall Malware 97

Security Affairs

MAY 6, 2023

Assetnote researchers discovered a reflected cross-site scripting vulnerability, tracked as CVE-2023-29489 (CVSS score: 6.1), in the Advanced Custom Fields plugin for WordPress. An authenticated attacker can exploit the flaw to achieve command execution, if targeting a logged-in cPanel user. ” reads the advisory. 11.102.0.31

Authentication 96

Authentication Hacking Engineering Cybersecurity 96

Duo's Security Blog

JANUARY 26, 2024

In today’s complex IT landscape, one of the biggest problems faced by a Chief Information Security Officer (CISO) and their IT security team are forgotten and stolen passwords. Pre-Requisites Passwordless uses passkeys and platform authenticators as one of the many ways to secure application access without passwords.

Passwords 79

Passwords Authentication Mobile CISO 79

Security Affairs

MAY 9, 2023

A Linux NetFilter kernel flaw, tracked as CVE-2023-32233, can be exploited by unprivileged local users to escalate their privileges to root. Netfilter is a framework provided by the Linux kernel that allows various networking-related operations to be implemented in the form of customized handlers. “In the Linux kernel through 6.3.1,

Engineering 95

Engineering Authentication Hacking Cybersecurity 95

Security Affairs

MAY 8, 2023

MSI confirmed the security breach, it revealed that threat actors had access to some of its information service systems. The Money Message group initially threatened to publish the stolen files by April 12, 2023, if the company will not pay the ransom. Previously we already described the BG pkeys leak impact.

Data breaches 79

Data breaches Ransomware Firmware Manufacturing 79

Security Affairs

MAY 4, 2023

. “The method of implementation of the malicious plan, the IP addresses of the access subjects, as well as the fact of using a modified version of RoarBat testify to the similarity with the cyber attack on Ukrinform, information about which was published in the Telegram channel “CyberArmyofRussia_Reborn” on January 17, 2023.”

VPN 86

VPN Education Accountability Cyber Attacks 86

Security Affairs

APRIL 20, 2023

Wiz reported the flaws to the Alibaba Cloud in December 2022 and the company fixed them on April 12, 2023. “76% of organizations don’t enforce MFA [multi-factor authentication] for console users, while 58% of organizations don’t enforce MFA for root/admin users,” the cybersecurity firm said.

Accountability 70

Accountability Education Media Authentication 70

Security Affairs

APRIL 15, 2023

Exposed sensitive files On February 17, 2023, the Cybernews research team discovered public access to sensitive files hosted on dimasvolvo.com.br Volvo’s retailer exposed its database’s authentication information, including MySQL and Redis database hosts, open ports and credentials.

Retail 91

Retail Manufacturing Passwords Phishing 91

Thales Cloud Protection & Licensing

SEPTEMBER 18, 2023

Compliance madhav Tue, 09/19/2023 - 05:17 It is essential for any business that stores, processes, and transmits payment card information to comply with the Payment Card Industry Data Security Standard (PCI DSS). Consumers’ payment data is a compelling target for criminals who continue to circumvent IT security defenses.

Financial Services 77

Financial Services Data breaches Accountability Encryption 77

Security Affairs

MAY 13, 2023

A data breach disclosed by Toyota Motor Corporation exposed info of more than 2 million customers for ten years Toyota Motor Corporation disclosed a data breach that exposed the car-location information of 2,150,000 customers between November 6, 2013, and April 17, 2023.

Data breaches 86

Data breaches Authentication Internet Internet 86

Security Affairs

JANUARY 29, 2023

CVE-2022-31711 – Information Disclosure Vulnerability (CVSS score 7.5) which can be exploited by a remote attacker to collect sensitive session and application information without authentication.

Engineering 85

Engineering Authentication Internet Internet 85

Security Affairs

APRIL 5, 2023

The STYX marketplace was launched at the beginning of 2023. This platform is specifically designed to facilitate financial crime, providing cybercriminals with a range of services, including stolen financial data, credit card information, forged documents, money laundering services, victim reconnaissance ‘lookups’, and more.

Banking 79

Banking Cybercrime Accountability Risk 79