eSecurity Planet

MARCH 21, 2022

By using a misconfigured Cisco Duo MFA implementation to force enrollment of a new device, the hackers were then able to use the “PrintNightmare” Windows Print Spooler vulnerability ( CVE-2021-34527 and CVE-2021-36958 ) to obtain administrator privileges. Require all accounts with password logins (e.g.,

VPN 108

VPN Accountability Authentication Passwords 108

SC Magazine

JULY 7, 2021

Further, the Redis server operates on a remote host but is not protected by password authentication. is caused by the Vue platform’s use of cryptographic keys or passwords beyond the established expiration date, “which diminishes its safety significantly by increasing the timing window for cracking attacks against that key.”.

VPN 121

VPN Software System Administration Authentication 121

SecureList

NOVEMBER 14, 2022

Okta was breached through one of its service providers, Sitel, itself compromised via the insecure VPN gateway of a recently acquired company. We encourage system administrators to immediately set up monitoring for these machines, due to the unlikelihood that patching (even in a timely fashion) will be sufficient to protect them.

Firmware 106

Firmware Surveillance Mobile Telecommunications 106