Security Affairs

JANUARY 31, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Apple improper authentication bug to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added an Apple improper authentication bug, tracked as CVE-2022-48618 , to its Known Exploited Vulnerabilities (KEV) catalog.

Authentication 108

Authentication Cybersecurity Risk Information Security 108

LRQA Nettitude Labs

MARCH 13, 2024

CVE-2024-25153 , a critical Unsafe File Upload and Directory Traversal vulnerability in Fortra FileCatalyst , allows a remote unauthenticated attacker to gain Remote Code Execution (RCE) on the web server. This, or valid credentials, is a requirement for exploiting CVE-2024-25153. This affects Fortra FileCatalyst Workflow 5.x,

Engineering 93

Engineering Risk Authentication 93

NopSec

FEBRUARY 28, 2024

February 2024 is off to a ripping start for security research. It turns out Ivanti is having a difficult time addressing a recent spate of critical vulnerabilities as last month’s patch resulted in the discovery of additional risk vectors. The attack chain is pretty interesting, but does require authenticated access.

Authentication 59

Authentication Accountability Passwords Risk 59

eSecurity Planet

FEBRUARY 5, 2024

Vendor risk management and collaboration within the industry further enhance your system’s resiliency. January 29, 2024 Juniper Releases Updates for Critical RCE Vulnerabilities Type of vulnerability: Missing authentication flaw and cross-site scripting (XSS) vulnerability. Both affect J-Web and all Junos OS versions.

Risk 113

Risk Penetration Testing Authentication Software 113

Malwarebytes

MARCH 13, 2024

The March 2024 Patch Tuesday update includes patches for 61 Microsoft vulnerabilities. The Hyper-V CVEs patched in this round of updates are: CVE-2024-21407 is a Windows Hyper-V Remote Code Execution (RCE) vulnerability with a CVSS score of 8.1 Another vulnerability worth mentioning is CVE-2024-21334 , which has a CVSS score of 9.8

Software 87

Software Authentication Internet Internet 87

Malwarebytes

JANUARY 10, 2024

Microsoft has issued patches for 48 security vulnerabilities in the first Patch Tuesday of 2024. The CVE IDs for the two critical vulnerabilities are: CVE-2024-20674 is a Windows Kerberos security feature bypass vulnerability with a CVSS score of 9.0 Google published the Android Security Bulletin for January 2024.

Authentication 74

Authentication Software Risk Cybersecurity 74

The Hacker News

FEBRUARY 20, 2024

VMware is urging users to uninstall the deprecated Enhanced Authentication Plugin (EAP) following the discovery of a critical security flaw. Tracked as CVE-2024-22245 (CVSS score: 9.6), the vulnerability has been described as an arbitrary authentication relay bug. "A

Risk 118

Risk Authentication 118

Security Boulevard

JANUARY 17, 2024

As AI becomes available and robust, malicious actors have already used it to develop more advanced attack methods; defenders must also leverage AI in 2024. The post AI’s Role in Cybersecurity for Attackers and Defenders in 2024 appeared first on Security Boulevard.

Cybersecurity 125

Cybersecurity Artificial Intelligence Threat Detection Data privacy 125

Security Affairs

APRIL 28, 2024

Another severe issue is related to the presence of Hardcoded Docker Keys tracked as CVE-2024-29963 (CVSS score of 8.6). The patches were released in April 2024, 19 months after Brocade firstly rejected the vulnerabilities and 11 months after Brocade acknowledged the vulnerabilities. Brocade SANnav OVA before v2.3.1,

Firewall 110

Firewall Authentication Architecture Backups 110

Thales Cloud Protection & Licensing

MARCH 6, 2024

API Security in 2024: Imperva Report Uncovers Rising Threats and the Urgent Need for Action madhav Thu, 03/07/2024 - 04:56 APIs (Application Programming Interfaces) are the backbone of modern digital innovation. Identify and protect sensitive and high-risk APIs. Remember that API security is not a one-and-done solution.

Risk 87

Risk Financial Services Authentication DDOS 87

SecureWorld News

JANUARY 16, 2024

The clock is ticking for organizations worldwide as a maelstrom of cybersecurity compliance deadlines looms in 2024. March 29, 2024: California Privacy Rights Act enforcement begins Get ready, California! March 31, 2024: First compliance phase for PCI DSS v4.0 Hold onto your credit cards! The highly-anticipated PCI DSS v4.0

Cybersecurity 86

Cybersecurity Data privacy Data collection Penetration Testing 86

Penetration Testing

APRIL 18, 2024

Keycloak, a widely used open-source solution for authentication and authorization, has released important security updates addressing multiple vulnerabilities.

DDOS 113

DDOS Penetration Testing Risk Authentication 113

Duo's Security Blog

FEBRUARY 6, 2024

The 2024 Duo Trusted Access Report: Navigating Complexity , gives us a chance to use the topic of complexity as a backdrop to examine trends (existing and emerging) in both access management and identity. MFA usage continues to expand globally — The number of MFA authentications using Duo rose by 41% in the past year.

Authentication 66

Authentication Accountability Threat Detection Risk 66

Security Affairs

MARCH 20, 2024

Multiple threat actors are exploiting the recently disclosed JetBrains TeamCity flaw CVE-2024-27198 in attacks in the wild. Trend Micro researchers are exploiting the recently disclosed vulnerabilities CVE-2024-27198 (CVSS score: 9.8) and CVE-2024-27199 (CVSS score 7.3) reads the advisory published by JetBrains.

Malware 123

Malware Authentication Cryptocurrency Ransomware 123

Thales Cloud Protection & Licensing

FEBRUARY 7, 2024

Navigating the Digital Landscape: Insights from the 2024 Thales Digital Trust Index madhav Thu, 02/08/2024 - 05:04 In today's rapidly evolving digital world, the balance between a seamless online experience and robust data security is more critical than ever.

Media 77

Media Passwords Authentication Digital transformation 77

Security Affairs

MARCH 9, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2024-27198 (CVSS Score 9.8) JetBrains TeamCity authentication bypass vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. CISA orders federal agencies to fix this vulnerability by March 28, 2024. reads the advisory published by JetBrains.

Authentication 121

Authentication Cybersecurity Risk Hacking 121

The Last Watchdog

NOVEMBER 28, 2023

28, 2023 – AppDirect , the world’s leading B2B subscription commerce platform, today released key findings from its IT Business Leaders 2024 Outlook Report. Their top areas of concern include cybersecurity risk (58%), information security risk (53%) and compliance risk (39%). San Francisco, Calif.,

Cyber Risk 113

Cyber Risk Risk B2B Social Engineering 113

Security Boulevard

MARCH 6, 2024

API Security in 2024: Imperva Report Uncovers Rising Threats and the Urgent Need for Action madhav Thu, 03/07/2024 - 04:56 APIs (Application Programming Interfaces) are the backbone of modern digital innovation. Identify and protect sensitive and high-risk APIs. Remember that API security is not a one-and-done solution.

Risk 62

Risk Financial Services Authentication DDOS 62

BH Consulting

MARCH 21, 2024

Creeping cyber risk grabbing global headlines Ransomware keeps reminding us of the strong connection between a cybersecurity incident and financial loss. Scale is a factor: larger organisations seem better equipped than SMEs to react to risks. Sign up here The post Security Roundup March 2024 appeared first on BH Consulting.

Cyber threats 69

Cyber threats Ransomware Healthcare Risk 69

SecureList

NOVEMBER 23, 2023

Yet, metaverse company breach that led to malicious email sent out to its users hinted at ongoing risks. As we look to 2024, we believe that the consumer threat landscape will be heavily influenced by political, cultural, and technological events and trends. Malicious clones of the banned apps may rise to fill the void in 2024.

VPN 90

VPN Scams Education Internet 90

Security Affairs

APRIL 11, 2024

The flaw affects D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L, these devices contain a hard-coded credential that allows an attacker to conduct authenticated command injection, leading to remote, unauthorized code execution. The flaw CVE-2024-3272 is a Command Injection Vulnerability impacting D-Link Multiple NAS Devices.

DNS 119

DNS Authentication Hacking Cybersecurity 119

Pen Test Partners

FEBRUARY 20, 2024

TL;DR The VMware Enhanced Authentication plugin that is offered as part of VMware vSphere’s seamless login experience for the web console contains multiple vulnerabilities relating to Kerberos authentication relay. The general recommendation is to simply remove the enhanced authentication plugin from all client devices.

Authentication 134

Authentication Risk 134

Security Boulevard

FEBRUARY 6, 2024

This vulnerability, identified as CVE-2024-23897, poses a high risk and affects Jenkins integrated command line interfaces (CLI). In addition to file access, CVE-2024-23897 can be leveraged to access binary files that contain cryptographic keys utilized for various Jenkins functionalities, albeit with certain limitations.

Risk 62

Risk Authentication Accountability 62

Malwarebytes

OCTOBER 6, 2023

Recently, Amazon announced that it will require all privileged Amazon Web Services (AWS) accounts to use multi-factor authentication (MFA) , starting in mid-2024. Multi-factor authentication is so much more secure, and with that a lot more forgiving, than passwords alone. So we wholeheartedly agree with Amazon on this.

Authentication 128

Authentication Passwords Social Engineering Accountability 128

Penetration Testing

APRIL 18, 2024

Cisco customers are facing an increased risk of attack as publicly accessible exploit code has emerged for CVE-2024-20356, a critical vulnerability in Cisco’s Integrated Management Controller (IMC).

Penetration Testing 88

Penetration Testing Authentication Risk 88

Security Affairs

APRIL 15, 2024

Cisco Duo warns that a data breach involving one of its telephony suppliers exposed multifactor authentication (MFA) messages sent by the company via SMS and VOIP to its customers. The security breach occurred on April 1, 2024, the threat actors used a Provider employee’s credentials that illicitly obtained through a phishing attack.

Data breaches 122

Data breaches Social Engineering Engineering Authentication 122

Security Affairs

APRIL 28, 2024

From March 18, 2024, to April 16, 2024, Duo Security and Cisco Talos observed large-scale brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services. This method poses a risk of exposing sensitive data or enabling fraudulent activities.

VPN 117

VPN Accountability Firewall Data breaches 117

The Hacker News

JANUARY 10, 2024

Tracked as CVE-2024-20272 (CVSS score: 7.3), the vulnerability is an arbitrary file upload bug residing in the web-based management interface and is the result of a lack of authentication in a specific

Software 81

Software Risk Authentication 81

eSecurity Planet

APRIL 15, 2024

To mitigate these risks, users must promptly apply vendor-provided software patches and updates, as well as exercise vigilance when using online services and apps. Employ robust password management techniques, two-factor authentication (2FA), and regular backups of essential data.

Firewall 109

Firewall VPN Software Risk 109

Thales Cloud Protection & Licensing

JANUARY 3, 2024

Navigating the Future: Strategic Insights on Identity Verification and Digital Banking in 2024 madhav Thu, 01/04/2024 - 05:32 As we embark on 2024, the digital landscape is undergoing a seismic shift, especially in identity verification and digital banking. The need for enhanced security and user convenience drives this change.

Banking 87

Banking Data privacy Technology Encryption 87

Security Affairs

APRIL 25, 2024

Early in 2024, a customer contacted Cisco to report a suspicious related to its Cisco Adaptive Security Appliances (ASA). By redirecting the pointer to the Line Dancer interpreter, attackers can interact with the device through POST requests without authentication. PSIRT and Talos launched an investigation to support the customer.

VPN 116

VPN Software Firewall Authentication 116

Security Boulevard

APRIL 1, 2024

A thorough cybersecurity investigation is necessary to mitigate these risks effectively. Tighten User Controls: Strengthen user authentication processes and access controls to mitigate the risk of malicious activities originating from compromised user devices. Sign up for the NEW (and free!)

Malware 62

Malware Cybersecurity Risk Cyber threats 62

Security Affairs

JANUARY 11, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added an Ivanti Connect Secure and Policy Secure flaws, tracked as CVE-2024-21887 and CVE-2023-46805 , and Microsoft SharePoint Server flaw CVE-2023-29357 to its Known Exploited Vulnerabilities (KEV) catalog. The second flaw, tracked as CVE-2024-21887 (CVSS score 9.1)

Authentication 113

Authentication Hacking Cybersecurity Software 113

Malwarebytes

MARCH 8, 2024

JetBrains issued a warning on March 4, 2024 about two serious vulnerabilities in TeamCity server. The flaws can be used by a remote, unauthenticated attacker with HTTP(S) access to a TeamCity on-premises server to bypass authentication checks and gain administrative control of the TeamCity server. 16 IPs seen scanning so far.

Authentication 87

Authentication Internet Internet Cybersecurity 87

Thales Cloud Protection & Licensing

APRIL 8, 2024

From Marco Polo to Modern Mayhem: Why Identity Management Matters madhav Tue, 04/09/2024 - 05:20 Imagine yourself as Marco Polo, the Venetian merchant traversing dangerous trade routes. The Stats: Why Identity Management Is Crucial Marco Polo's most significant risk might have been a hostile tribe or a sandstorm. The key takeaway?

Identity Theft 138

Identity Theft Passwords Banking Password Management 138

NopSec

APRIL 3, 2024

Let’s fire up your favorite shell and listen to the sound of the ocean as we learn about the most trendy CVEs for March 2024. CVE-2024-23897 Jenkins is an open-source automation platform that facilitates the building, testing, and deployment of software. The post Top Trending CVEs of March 2024 appeared first on NopSec.

VPN 45

VPN Authentication Architecture Software 45

BH Consulting

JANUARY 28, 2024

It starts with creating a safe environment where people feel comfortable expressing themselves and taking risks. It means being transparent and authentic. Be authentic Start with self-awareness. The path to authenticity can be tricky. So how can the privacy leader build trust within their team? Embrace the journey.

Authentication 69

Authentication Firewall Data breaches Risk 69