2023, Authentication and System Administration

Microsoft Patch Tuesday, June 2023 Edition

Krebs on Security

JUNE 13, 2023

today released software updates to fix dozens of security vulnerabilities in its Windows operating systems and other software. ” Top of the list on that front is CVE-2023-29357 , which is a “critical” bug in Microsoft SharePoint Server that can be exploited by an unauthenticated attacker on the same network.

Social Engineering

Social Engineering System Administration Authentication Internet

OpenSSH bugs allows Man-in-the-Middle and DoS Attacks

Security Affairs

FEBRUARY 19, 2025

The second vulnerability, tracked CVE-2025-26466 (CVSS score: 5.9), affects both the OpenSSH client and server, allowing a pre-authentication denial-of-service attack. Introduced in December 2014 (OpenSSH 6.8p1), this flaw remained active, with FreeBSD enabling VerifyHostKeyDNS by default from 2013 to 2023, increasing exposure.

Authentication

Authentication System Administration DNS Hacking

Top 10 web application vulnerabilities in 2021–2023

SecureList

MARCH 12, 2024

Profile of participants and applications We collected the data from a sample of the application security assessment projects our team completed in 2021–2023. Broken Authentication 5. Broken Authentication 5. Mitigation: implement authentication and authorization controls according to the role-based access model.

Passwords

Passwords Authentication Architecture Risk

Advanced threat predictions for 2023

SecureList

NOVEMBER 14, 2022

We polled our experts from the GReAT team and have gathered a small number of key insights about what APT actors are likely to focus on in 2023. Okta is a widely used authentication services provider, and it is safe to assume that a hacker controlling their network would be able to infect any of their customers. The next WannaCry.

Firmware

Firmware Surveillance Mobile Telecommunications

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

eSecurity Planet

AUGUST 28, 2023

Some of these attacks are challenging to detect because they look like they could be the behavior of legitimate system administrators. August 21, 2023 Ivanti finds another vulnerability For the third time in a month, Ivanti’s has reported a vulnerability in a mobile device management platform.

VPN

VPN Authentication Mobile Firewall

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

eSecurity Planet

AUGUST 28, 2023

Some of these attacks are challenging to detect because they look like they could be the behavior of legitimate system administrators. August 21, 2023 Ivanti finds another vulnerability For the third time in a month, Ivanti’s has reported a vulnerability in a mobile device management platform.

VPN

VPN Authentication Mobile Firewall

Exploits and vulnerabilities in Q4 2024

SecureList

FEBRUARY 26, 2025

Although the number of registered vulnerabilities continued to rise, the total number of Proof of Concept (PoC) instances decreased compared to 2023. Among notable techniques in Q4, attackers leveraged undocumented RPC interfaces and targeted the Windows authentication mechanism. lower than in 2023.

Software

Software Authentication System Administration Malware

Story of the Year: global IT outages and supply chain attacks

SecureList

DECEMBER 9, 2024

XZ backdoor to bypass SSH authentication What happened? User data was stolen from Cisco Duo, a service that provides organizations with multi-factor authentication (MFA) and single sign-on (SSO) network access, as a consequence of a phishing attack targeting an employee of a third-party telephony provider.

Internet

Internet Internet Risk Social Engineering

Ransomware – Stop’em Before They Wreak Havoc

Thales Cloud Protection & Licensing

MAY 17, 2023

Ransomware – Stop’em Before They Wreak Havoc madhav Thu, 05/18/2023 - 06:03 Cybercriminals have been making a run on your data with ransomware attacks over the last decade in increasing frequency. It supports integrations with multiple authentication providers including Thales’ SafeNet Trusted Access , Okta and Keycloak.

Ransomware

Ransomware Encryption Authentication System Administration

Vulnerability Recap 7/15/24 – Industry Patches vs Flaw Exploits

eSecurity Planet

JULY 15, 2024

However, exploitation requires authentication and specific configurations. Always keep systems up to date and reduce unnecessary service exposure. Avoid unauthorized access by employing stronger authentication methods for your systems via access management tools. The problem: CVE-2023-27532 (CVSS score: 7.5)

Authentication

Authentication Backups Software Risk

Best Privileged Access Management (PAM) Software for 2022

eSecurity Planet

NOVEMBER 30, 2021

Least privilege access is at its core, requiring every single connection within a network to be authenticated and authorized before they are granted access to a system. PAM is the utility that verifies the permissions for administrative users according to these policies. This relies on governance policies for authorization.

Software

Software Accountability Government Passwords

Vulnerability Recap 5/27/24 – Google, Microsoft & GitLab Fixes

eSecurity Planet

MAY 27, 2024

GitHub Enterprise Server and GitLab patched their authentication bypass and XSS issues. If your system is already exposed to a DDoS attack, explore our guidelines on how to perform DDoS attack prevention in three stages. This affected system administrators worldwide. 3.11.10, 3.10.12, and 3.9.15.

Backups

Backups Authentication DDOS Engineering

Weekly Vulnerability Recap – Sept. 11, 2023 – Android Update Fixes 33 Vulnerabilities

eSecurity Planet

SEPTEMBER 11, 2023

September 5, 2023 Atlas VPN Leaks Users’ IP Addresses Type of attack: Zero-Day Vulnerability, a new vulnerability that is often difficult to fix since no patch is available on the market yet. Alarmingly, this API lacks any form of authentication, allowing virtually anyone, even a malicious website you might visit, to send commands to the CLI.

VPN

VPN Authentication Firmware Phishing

How to Meet Phishing-Resistant MFA

Thales Cloud Protection & Licensing

JULY 31, 2023

How to Meet Phishing-Resistant MFA madhav Tue, 08/01/2023 - 05:18 Incorporating multi-factor authentication (MFA) as a fundamental security measure for your organization is now considered standard practice. MFA bombing or MFA fatigue attacks demonstrate the limitations of simple two-factor or multi-factor authentication.

Phishing

Phishing Authentication Mobile Marketing

Cyber Security Informer

Microsoft Patch Tuesday, June 2023 Edition

OpenSSH bugs allows Man-in-the-Middle and DoS Attacks

Trending Sources

Top 10 web application vulnerabilities in 2021–2023

Advanced threat predictions for 2023

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

Exploits and vulnerabilities in Q4 2024

Story of the Year: global IT outages and supply chain attacks

Ransomware – Stop’em Before They Wreak Havoc

Vulnerability Recap 7/15/24 – Industry Patches vs Flaw Exploits

Best Privileged Access Management (PAM) Software for 2022

Vulnerability Recap 5/27/24 – Google, Microsoft & GitLab Fixes

Weekly Vulnerability Recap – Sept. 11, 2023 – Android Update Fixes 33 Vulnerabilities

How to Meet Phishing-Resistant MFA

Stay Connected