Penetration Testing

FEBRUARY 9, 2024

Dubbed CVE-2024-22394, this vulnerability exposes... The post CVE-2024-22394 Exposed: SonicWall SSL-VPN’s Authentication Flaw appeared first on Penetration Testing.

Authentication 82

Authentication Penetration Testing VPN 82

Penetration Testing

JANUARY 22, 2024

It’s a software platform that removes the hassle of moving data between different systems... The post CVE-2024-0204 (CVSS 9.8): Critical Authentication Bypass Flaw in GoAnywhere MFT appeared first on Penetration Testing.

Authentication 104

Authentication Penetration Testing Software 104

Security Boulevard

DECEMBER 7, 2023

The post Three Authentication Predictions for 2024 appeared first on Axiad. The post Three Authentication Predictions for 2024 appeared first on Security Boulevard. The Cybersecurity Threat Landscape in 2023 As the end of the year approaches, it’s a.

Authentication 57

Authentication Cybersecurity 57

Security Boulevard

JANUARY 23, 2024

On January 22, 2024 Fortra posted a security advisory for their GoAnywhere MFT product. This advisory details an authentication bypass vulnerability, CVE-2024-0204, that allows an unauthenticated attacker to create an […] The post CVE-2024-0204: Fortra GoAnywhere MFT Authentication Bypass Deep-Dive appeared first on Horizon3.ai.

Authentication 67

Authentication Social Engineering Engineering 67

Penetration Testing

FEBRUARY 27, 2024

A critical security vulnerability was recently discovered within the platform’s authentication system. This flaw (CVE-2024-1403) carries a CVSS score of 10 – the highest severity rating possible. Attention Progress OpenEdge users!

Penetration Testing 125

Penetration Testing Authentication 125

Penetration Testing

MARCH 13, 2024

These security updates address five vulnerabilities, including potential remote code execution, unauthorized data access, and improper authentication... The post CVE-2024-27135: Apache Pulsar Remote Code Execution Vulnerability appeared first on Penetration Testing.

Penetration Testing 127

Penetration Testing Authentication Software 127

Penetration Testing

MARCH 29, 2024

A severe backdoor vulnerability (designated CVE-2024-3094) has been unearthed in versions 5.6.0 This vulnerability could allow attackers to bypass SSH authentication on certain Linux... The post CVE-2024-3094 (CVSS 10): Backdoor Flaw Discovered in Popular Linux Compression Tool appeared first on Penetration Testing.

Penetration Testing 112

Penetration Testing Authentication 112

Security Affairs

FEBRUARY 14, 2024

Zoom addressed seven vulnerabilities in its desktop and mobile applications, including a critical flaw (CVE-2024-24691) affecting the Windows software. The vulnerability CVE-2024-24691 is an improper input validation bug that could be exploited by an attacker with network access to escalate privileges. ” reads the advisory.

Software 116

Software Authentication Mobile Hacking 116

Penetration Testing

FEBRUARY 29, 2024

A high-severity security vulnerability (CVE-2024-1468, CVSS score 8.8) This vulnerability allows authenticated attackers with contributor-level permissions or higher to upload arbitrary... The post Urgent Security Alert: Avada WordPress Theme Vulnerability (CVE-2024-1468) appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing Authentication 111

Penetration Testing

FEBRUARY 20, 2024

VMware has released an urgent security advisory regarding two critical vulnerabilities within its now-deprecated Enhanced Authentication Plug-in (EAP).

Penetration Testing 100

Penetration Testing Authentication 100

Security Affairs

MARCH 8, 2024

The three flaws fixed are: CVE-2024-21899 : an improper authentication vulnerability could allow users to compromise the security of the system via a network. CVE-2024-21900 : an injection vulnerability could allow authenticated users to execute commands via a network. x QTS 5.1.3.2578 build 20231110 and later QTS 4.5.x

Authentication 113

Authentication Hacking Internet Internet 113

Penetration Testing

MARCH 28, 2024

Security researchers have uncovered a serious vulnerability in Okta Verify for Windows, a popular multifactor authentication (MFA) app. This flaw rated 7.1

Penetration Testing 116

Penetration Testing Authentication 116

Security Boulevard

JANUARY 24, 2024

On 22 January, Fortra issued an advisory stating that versions of its GoAnywhere Managed File Transfer (MFT) product suffer from an authentication bypass vulnerability. The post CVE-2024-0204: Check Critical Fortra GoAnywhere MFT Authentication Bypass with NodeZero™️ Now! appeared first on Horizon3.ai.

Authentication 62

Authentication 62

Penetration Testing

MARCH 18, 2024

Spring Security, a widely used framework for securing Java-based applications, has a serious vulnerability that could allow attackers to bypass authentication and gain unauthorized access to sensitive systems.

Penetration Testing 108

Penetration Testing Authentication 108

Penetration Testing

MARCH 5, 2024

HashiCorp’s Vault, a popular tool for securely managing sensitive data, contains a vulnerability (CVE-2024-2048, CVSS 8.1) that could allow attackers to bypass authentication and gain unauthorized access to your organization’s most valuable secrets.

Penetration Testing 97

Penetration Testing Risk Authentication 97

Penetration Testing

MARCH 6, 2024

Akamai security researcher Tomer Peled recently unveiled the technical detail and proof-of-concept (PoC) for a vulnerability within Microsoft Themes (CVE-2024-21320). This vulnerability, with a CVSS score of 6.5,

Penetration Testing 107

Penetration Testing Authentication 107

Penetration Testing

JANUARY 25, 2024

GitLab has addressed a critical severity vulnerability that could allow an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace.

Penetration Testing 134

Penetration Testing Authentication 134

Security Affairs

APRIL 10, 2024

Microsoft Patches Tuesday security updates for April 2024 addressed three Critical vulnerabilities, none actively exploited in the wild. Microsoft Patches Tuesday security updates for April 2024 addressed 147 vulnerabilities in multiple products. CVE-2024-20678 – Remote Procedure Call Runtime Remote Code Execution Vulnerability.

DNS 94

DNS Authentication Hacking 94

Security Boulevard

APRIL 7, 2024

Vulnerability Overview Recently, NSFOCUS CERT detected that the security community disclosed a supply chain backdoor vulnerability in XZ-Utils (CVE-2024-3094), with a CVSS score of 10. The post XZ-Utils Supply Chain Backdoor Vulnerability Updated Advisory (CVE-2024-3094) appeared first on Security Boulevard.

Cyber Attacks 70

Cyber Attacks Authentication DDOS 70

The Last Watchdog

DECEMBER 14, 2023

What should I be most concerned about – and focus on – in 2024? In 2024, security teams will need to focus on developing automated tooling to shrink the range of issues that they need to address. Doug Dooley , COO, Data Theorem Dooley 2024 will be the year of full-stack visualization.

Cybersecurity 201

Cybersecurity Marketing Encryption CISO 201

Security Boulevard

MARCH 31, 2024

Overview NSFOCUS CERT recently detected that a backdoor vulnerability in XZ Utils (CVE-2024-3094) was disclosed from the security community, with a CVSS score of 10. After […] The post XZ Utils Backdoor Vulnerability (CVE-2024-3094) Advisory appeared first on NSFOCUS, Inc.,

Cyber Attacks 62

Cyber Attacks Authentication 62

Security Affairs

JANUARY 28, 2024

Multiple proof-of-concept (PoC) exploits for recently disclosed critical Jenkins vulnerability CVE-2024-23897 have been released. Researchers warn that several proof-of-concept (PoC) exploits targeting the recently disclosed critical Jenkins vulnerability, CVE-2024-23897 , have been made public. Exploits are already available.

Authentication 118

Authentication Internet Internet Hacking 118

Security Affairs

FEBRUARY 20, 2024

Researchers from Shadowserver Foundation identified roughly 28,000 internet-facing Microsoft Exchange servers vulnerable to CVE-2024-21410. For more information about Exchange Server’s support for Extended Protection for Authentication(EPA), please see Configure Windows Extended Protection in Exchange Server.” Last week, the U.S.

Authentication 114

Authentication Internet Internet Ransomware 114

Security Boulevard

APRIL 4, 2024

Portland, Oregon, April 4th, 2024, CyberNewsWire Center Identity, a pioneering cybersecurity company, is excited to unveil its patented secret location authentication, reshaping how businesses manage workforce digital identity. The benefits of this novel approach to digital identity management.

Authentication 67

Authentication Technology Cybersecurity 67

Security Affairs

APRIL 2, 2024

Researchers from the firmware security firm Binarly released a free online scanner to detect the CVE-2024-3094 Backdoor Last week, Microsoft engineer Andres Freund discovered a backdoor issue in the latest versions of the “xz” tools and libraries. The vulnerability was tracked as CVE-2024-3094 and received a CVSS score of 10.

Firmware 110

Firmware Authentication Engineering Hacking 110

Security Affairs

MARCH 12, 2024

Microsoft Patch Tuesday security updates for March 2024 addressed 59 security vulnerabilities in its products, including RCE flaws. Two of the vulnerabilities, tracked as CVE-2024-21407 and CVE-2024-21408 , addressed by Microsoft are rated Critical, while the remaining 57 issues are rated Important in severity.

Internet 106

Internet Internet Authentication Hacking 106

Security Boulevard

APRIL 8, 2024

Securing our data’s authenticity has become quite the challenge in today’s era of smart living. One approach […] The post Cyber-Physical Systems Security Analysis Challenges and Solutions 2024 appeared first on Security Boulevard. Living in smart homes and cities has made life convenient.

IoT 73

IoT Internet Internet Authentication 73

Security Affairs

APRIL 10, 2024

Microsoft Patches Tuesday security updates for April 2024 addressed three Critical vulnerabilities, none actively exploited in the wild. Microsoft Patches Tuesday security updates for April 2024 addressed 147 vulnerabilities in multiple products. CVE-2024-20678 – Remote Procedure Call Runtime Remote Code Execution Vulnerability.

DNS 72

DNS Authentication Hacking 72

Penetration Testing

FEBRUARY 20, 2024

A recently disclosed vulnerability in Spring Security (CVE-2024-22234, CVSS 7.4) could lead to unauthorized access within affected Java web applications.

Penetration Testing 83

Penetration Testing Authentication 83

NetSpi Technical

MARCH 11, 2024

In 2023 NetSPI discovered that Microsoft Outlook was vulnerable to authenticated remote code execution (RCE) via synced form objects. This blog will cover how we discovered CVE-2024-21378 and weaponized it by modifying Ruler , an Outlook penetration testing tool published by SensePost.

Authentication 145

Authentication Penetration Testing Technology Phishing 145

The Last Watchdog

DECEMBER 13, 2023

We drilled down on a few significant developments expected to play out in 2024 and beyond. Each time we use a mobile app or website-hosted service, digital certificates and the Public Key Infrastructure ( PKI ) come into play — to assure authentication and encrypt sensitive data transfers. We met at DigiCert Trust Summit 2023.

Encryption 278

Encryption Technology CISO IoT 278

Security Affairs

JANUARY 9, 2024

Microsoft Patch Tuesday security updates for January 2024 addressed a total of 49 flaws, including two critical vulnerabilities. The critical vulnerabilities are: CVE-2024-20700 – Windows Hyper-V Remote Code Execution Vulnerability. CVE-2024-20674 – Windows Kerberos Security Feature Bypass Vulnerability.

Authentication 107

Authentication Internet Internet Hacking 107

Bleeping Computer

OCTOBER 5, 2023

Amazon will require all privileged AWS (Amazon Web Services) accounts to use multi-factor authentication (MFA) for stronger protection against account hijacks leading to data breaches, starting in mid-2024. [.]

Accountability 122

Accountability Data breaches Authentication Technology 122

Penetration Testing

MARCH 8, 2024

The... The post CVE-2024-21899 (CVSS 9.8): Critical QNAP Flaw Opens Door to Hackers appeared first on Penetration Testing. These vulnerabilities, if left unaddressed, could provide attackers with various avenues for compromising affected devices. What’s the Risk?

Penetration Testing 122

Penetration Testing Software Risk Authentication 122

Security Boulevard

JANUARY 17, 2024

As AI becomes available and robust, malicious actors have already used it to develop more advanced attack methods; defenders must also leverage AI in 2024. The post AI’s Role in Cybersecurity for Attackers and Defenders in 2024 appeared first on Security Boulevard.

Cybersecurity 125

Cybersecurity Artificial Intelligence Threat Detection Data privacy 125

Malwarebytes

MARCH 13, 2024

The March 2024 Patch Tuesday update includes patches for 61 Microsoft vulnerabilities. The Hyper-V CVEs patched in this round of updates are: CVE-2024-21407 is a Windows Hyper-V Remote Code Execution (RCE) vulnerability with a CVSS score of 8.1 Another vulnerability worth mentioning is CVE-2024-21334 , which has a CVSS score of 9.8

Software 89

Software Authentication Internet Internet 89

LRQA Nettitude Labs

MARCH 13, 2024

CVE-2024-25153 , a critical Unsafe File Upload and Directory Traversal vulnerability in Fortra FileCatalyst , allows a remote unauthenticated attacker to gain Remote Code Execution (RCE) on the web server. This, or valid credentials, is a requirement for exploiting CVE-2024-25153. This affects Fortra FileCatalyst Workflow 5.x,

Engineering 93

Engineering Risk Authentication 93