The Last Watchdog

APRIL 30, 2023

The theme of RSA Conference 2023 — ‘stronger together’ — was certainly well chosen. Here are four evolving themes reverberating from RSAC 2023 that struck me: Password enabled access will endure for the foreseeable future. about the role of advanced wearable authentication devices, going forward.

Mobile 238

Mobile Cloud Migration Penetration Testing Authentication 238

Krebs on Security

JUNE 15, 2023

The directive applies to any networking devices — such as firewalls, routers and load balancers — that allow remote authentication or administration. “This is reachable pre-authentication, on every SSL VPN appliance,” French vulnerability researcher Charles Fol tweeted. “Patch your #Fortigate.”

Risk 279

Risk VPN Internet Internet 279

Krebs on Security

FEBRUARY 26, 2025

At the end of 2023, malicious hackers learned that many companies had uploaded sensitive customer records to accounts at the cloud data storage service Snowflake that were protected with little more than a username and password (no multi-factor authentication needed). million customers.

Hacking 259

Hacking Government Identity Theft Accountability 259

The Last Watchdog

APRIL 28, 2023

“Stronger together” was the theme of RSA Conference 2023 , which returned to its pre-Covid grandeur under the California sunshine last week at San Francisco’s Moscone Center. Here are three evolving themes reverberating from RSAC 2023 that struck me: Getting a grip on identities Password enabled access will endure for the foreseeable future.

Mobile 211

Mobile Cloud Migration Penetration Testing Authentication 211

Security Affairs

FEBRUARY 26, 2025

The two vulnerabilities are: CVE-2023-34192 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability CVE-2024-49035 Microsoft Partner Center Improper Access Control Vulnerability The first vulnerability, CVE-2023-34192 (CVSS score: 9.0), is a cross-site scripting (XSS) issue in Synacor ZCS.

Authentication 103

Authentication Hacking Cybersecurity Risk 103

SecureList

MARCH 12, 2024

Profile of participants and applications We collected the data from a sample of the application security assessment projects our team completed in 2021–2023. Broken Authentication 5. Broken Authentication 5. High-risk vulnerabilities can cause errors in applications and affect customers’ business. SQL Injection 3.

Passwords 140

Passwords Authentication Architecture Risk 140

Thales Cloud Protection & Licensing

NOVEMBER 26, 2024

Protecting Retailers Against Cyber Risks on Black Friday and Cyber Monday josh.pearson@t… Tue, 11/26/2024 - 08:01 As Black Friday and Cyber Monday loom, the stakes for retailers extend far beyond enticing deals and record sales. trillion, the risk of a data breach extends beyond immediate financial losses. trillion and $5.28

Retail 71

Retail Cyber Risk Risk DDOS 71

The Last Watchdog

MARCH 1, 2023

The IT world relies on digital authentication credentials, such as API keys, certificates, and tokens, to securely connect applications, services, and infrastructures. In January 2023, CircleCI was breached. The increasing prevalence of code and services means that software- and code-related risks will not dissipate any time soon.

Authentication 222

Authentication CISO Software Passwords 222

SecureWorld News

FEBRUARY 13, 2025

According to a 2023 study by Sumsub , deepfake fraud attempts increased by 704% between 2022 and 2023. Key risks posed by deepfakes Deepfake attacks can be broadly classified into three categories. Deepfakes undermine these security measures by generating highly realistic digital forgeries, bypassing authentication processes.

Social Engineering 85

Social Engineering Authentication Identity Theft Engineering 85

Security Affairs

AUGUST 31, 2023

Cisco is aware of attacks conducted by Akira ransomware threat actors targeting Cisco ASA VPNs that are not configured for multi-factor authentication. “This highlights the importance of enabling multi-factor authentication (MFA) in VPN implementations. . ” reads a post published by Cisco PSIRT. 200 and 162.35.92[.]242

Authentication 138

Authentication Ransomware VPN Hacking 138

The Last Watchdog

SEPTEMBER 24, 2024

The breach was initially caused by a third-party malicious actor who infiltrated NPD’s systems in December 2023. This drives public awareness of the risks associated with identity theft. Related: Class-action lawsuits pile up in wake of NPD hack So what’s the connection? NPD reported the exposure of over 2.7 billion records.

Authentication 216

Authentication Identity Theft Banking Data breaches 216

Digital Shadows

MARCH 17, 2025

While it had dropped out of the top 15 by 2023, it remains on CISAs list of routinely exploited vulnerabilities, showcasing its enduring appeal to threat actors. Whether driven by concerns over downtime or simply underestimating the risk of older vulnerabilities, this lack of urgency leaves systems exposed to attack. Rated CVSS 9.8,

VPN 133

VPN Authentication Ransomware Risk 133

SecureWorld News

NOVEMBER 13, 2024

The MOVEit vulnerability (CVE-2023-34362), first exploited in May 2023, allowed unauthenticated attackers to gain unauthorized access to vulnerable systems. The group has been observed leaking stolen data, potentially putting individuals and businesses at risk. The third-party vendor breached in the attack was not identified.

Data breaches 117

Data breaches Identity Theft Education Software 117

Security Affairs

OCTOBER 25, 2023

Citrix warned of attacks actively exploiting the vulnerability CVE-2023-4966 in NetScaler ADC and Gateway appliances. Citrix is urging administrators to secure all NetScaler ADC and Gateway appliances against the CVE-2023-4966 vulnerability, which is actively exploited in attacks. reported Citrix. reported Citrix. NetScaler ADC 13.1-FIPS

Authentication 136

Authentication VPN Hacking Government 136

SecureList

MAY 6, 2024

Amid the current threat landscape, Kaspersky has conducted a comprehensive analysis of the financial risks, pinpointing key trends and providing recommendations to effectively mitigate risks and enhance security posture. Cryptocurrency phishing saw a 16% year-on-year increase in 2023, with 5.84 million detections compared to 5.04

Phishing 134

Phishing Banking Mobile Scams 134

SecureList

MAY 14, 2024

Incident response analyst report 2023 As an information security company, our services include incident response and investigation, and malware analysis. Our annual Incident Response Report presents anonymized statistics on the cyberattacks we investigated in 2023. This attack vector was among the three most frequently seen in 2023.

Ransomware 131

Ransomware Authentication Passwords Government 131

Thales Cloud Protection & Licensing

OCTOBER 2, 2023

Cybersecurity Awareness Month 2023 – What it is and why we should be aware madhav Tue, 10/03/2023 - 05:33 The inception of Cybersecurity Awareness Month in 2004 came at a critical juncture in our technological history. Implement Passwordless Strong Authentication Strong authentication is crucial in enhancing cybersecurity.

Cybersecurity 148

Cybersecurity Cyber threats Authentication Phishing 148

eSecurity Planet

DECEMBER 7, 2022

But for 2023, cybersecurity will be a “key pillar” of the company’s focus – particularly data compliance and protection. There are many issues like API security, authentication, data residency, privacy and compliance. An area that Kakran is bullish on for 2023 is Kubernetes security and observability.

Cybersecurity 145

Cybersecurity Risk Technology Ransomware 145

Security Affairs

OCTOBER 18, 2023

Experts reported that the vulnerability CVE-2023-4966 in Citrix NetScaler ADC/Gateway devices has been exploited in attacks since late August. On October 10, Citrix published a security bulletin related to a critical vulnerability, tracked as CVE-2023-4966, in Citrix NetScaler ADC/Gateway devices. ” reported Citrix.

Authentication 134

Authentication VPN Hacking Government 134

Security Affairs

OCTOBER 4, 2023

Software giant Atlassian released emergency security updates to address a critical zero-day vulnerability, tracked as CVE-2023-22515 (CVSS score 10), in its Confluence Data Center and Server software. The flaw CVE-2023-22515 is a privilege escalation vulnerability that affects Confluence Data Center and Server 8.0.0 and later.

Software 143

Software Accountability Authentication Internet 143

The Last Watchdog

JULY 11, 2024

Related: Passwordless workpace long way off However, as users engage with more applications across multiple devices, the digital security landscape is shifting from passwords and password managers towards including passwordless authentication, such as multi-factor authentication (MFA), biometrics, and, as of late, passkeys.

Authentication 124

Authentication Passwords Malware Accountability 124

Security Affairs

MAY 2, 2025

An attacker can exploit the flaw to map URLs to file system locations that are permitted to be served by the server CVE-2023-44221 (CVSS score: 7.2) A remote authenticated attacker with administrative privilege can exploit the flaw to inject arbitrary commands as a nobody user, potentially leading to OS Command Injection Vulnerability.

Firmware 71

Firmware Authentication VPN Mobile 71

SecureWorld News

JANUARY 16, 2025

A report from 2023 revealed that 67% of energy and utility companies faced ransomware attacks, with many incidents exploiting unpatched vulnerabilities. Regularly updating and patching systems, including antivirus software, firewalls, and SCADA networks, can mitigate this risk.

Energy and Utilities 109

Energy and Utilities IoT Artificial Intelligence Backups 109

Krebs on Security

JULY 12, 2024

AT&T also acknowledged the customer records were exposed in a cloud database that was protected only by a username and password (no multi-factor authentication needed). c) of the SEC Rule, due to potential risks to national security and/or public safety. In a regulatory filing with the U.S.

Data breaches 347

Data breaches Passwords Authentication Accountability 347

Jane Frankland

NOVEMBER 20, 2023

My Predictions for Cybersecurity in 2023 were… Technology enables opportunities as fast as it introduces threats. Here are my predictions for 2023. By swapping implicit trust for identity-and context-based risk appropriate trust (users, devices, and services), companies will realise greater safeguards. Types of attacks.

Cybersecurity 130

Cybersecurity Digital transformation Artificial Intelligence Architecture 130

Security Boulevard

DECEMBER 30, 2024

In December 2023, as cyberattacks surged, the U.S. Securities and Exchange Commission adopted new cybersecurity disclosure rules in July 2023, which took effect in September 2023, with compliance required by December 2023. Securities and Exchange Commission (SEC)began enforcing new cybersecurity disclosure rules.

Cybersecurity 85

Cybersecurity Cyber Risk CISO Risk 85

Cisco Security

JANUARY 10, 2023

As the majority of the global Covid fog finally started lifting in 2022, other events – and their associated risks – started to fill the headspace of C-level execs the world over. Here are the topics that I think will be top of mind in 2023, and what CISOs can do to prepare. CISO in the firing line. Third party dependency.

CISO 142

CISO Insurance Cyber Insurance Phishing 142

The Last Watchdog

MARCH 4, 2024

Assess risks. Creating a solid cybersecurity foundation begins with understanding the organization’s risks. A recent study found only 27% of charities undertook risk assessments in 2023 and only 11% said they reviewed risks posed by suppliers. Strengthen authentication. Train staff regularly.

Social Engineering 213

Social Engineering Risk Cybersecurity Authentication 213

Malwarebytes

OCTOBER 6, 2023

Recently, Amazon announced that it will require all privileged Amazon Web Services (AWS) accounts to use multi-factor authentication (MFA) , starting in mid-2024. Multi-factor authentication is so much more secure, and with that a lot more forgiving, than passwords alone. So we wholeheartedly agree with Amazon on this.

Authentication 134

Authentication Passwords Accountability Social Engineering 134

CyberSecurity Insiders

DECEMBER 6, 2022

To avoid these risks, companies need to develop a culture of cybersecurity that will lead to sustainable behavioral change whether employees are in the office or not. 2 – The proliferation of attack vectors will put companies at risk. Companies should also provide clear channels for reporting suspicious incidents.

Cybersecurity 129

Cybersecurity VPN Digital transformation Education 129

SecureList

DECEMBER 9, 2024

This incident serves as a stark reminder of the critical risks posed by global IT disruptions and supply chain weaknesses. XZ backdoor to bypass SSH authentication What happened? This case underscores the serious risk that social engineering and supply chain attacks pose to open-source projects. million systems worldwide.

Internet 111

Internet Internet Risk Social Engineering 111

eSecurity Planet

OCTOBER 11, 2023

Microsoft’s Patch Tuesday for October 2023 covers a total of 103 CVEs, including three zero-day vulnerabilities affecting WordPad, Skype and the HTTP/2 “ Rapid Reset ” DDoS vulnerability. CVE-2023-41763 , an elevation of privilege vulnerability in Skype for Business with a CVSS score of 5.3

DDOS 109

DDOS Engineering Authentication Social Engineering 109

Krebs on Security

AUGUST 25, 2023

19, 2023, someone targeted a T-Mobile phone number belonging to a Kroll employee “in a highly sophisticated ‘SIM swapping’ attack.” Countless websites and online services use SMS text messages for both password resets and multi-factor authentication. And there is some indication this is already happening.

Mobile 244

Mobile Cyber Risk Cryptocurrency Data breaches 244

The Last Watchdog

FEBRUARY 20, 2024

billion work hours in 2023 and helped raise customer satisfaction to 69% for $0.50 Authentication and authorization vulnerabilities: Weak authentication methods and compromised access tokens can provide unauthorized access. This helps them improve their performance over time by gaining data from interactions. per interaction.

Cybersecurity 273

Cybersecurity Penetration Testing Authentication Social Engineering 273

Security Boulevard

APRIL 18, 2023

With the COVID-19 pandemic leading to a surge in remote work over the past several years, the risk of phishing attacks has only increased. Additionally, sophisticated adversary-in-Middle (AiTM) attacks are helping attackers bypass multi-factor authentication (MFA security measures). The post 2023 Phishing Report Reveals 47.2%

Phishing 122

Phishing Social Engineering Education Retail 122

Zero Day

JUNE 6, 2025

Collectively, they could easily put affected customers at risk for account takeovers and identity theft. Affecting "nearly all AT&T cellular customers," the company said at the time that the data included phone numbers and certain phone call data stemming from May 1, 2022, to October 31, 2022, and on January 2, 2023.

Password Management 128

Password Management Passwords Artificial Intelligence Software 128

eSecurity Planet

NOVEMBER 6, 2023

30, 2023 NGINX Ingress Controller for Kubernetes Flaws Can Lead to Credential Theft Type of Attack: Path sanitization bypass and injection vulnerabilities discovered in the NGINX Ingress controller can allow for credential theft, arbitrary command execution, and critical data access. CVE-2023-5044 (Code Injection): This CVSS score 7.6

Software 112

Software Ransomware Education Firmware 112