Security Affairs

JANUARY 31, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Apple improper authentication bug to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added an Apple improper authentication bug, tracked as CVE-2022-48618 , to its Known Exploited Vulnerabilities (KEV) catalog.

Authentication 99

Authentication Cybersecurity Risk Information Security 99

Security Affairs

SEPTEMBER 7, 2022

In the digital age, authentication is paramount to a strong security strategy. Which are the challenges of user authentication? In the digital age, authentication is paramount to a strong security strategy. User authentication seems easy, but there are inherent challenges to be aware of. User Authentication.

Authentication 95

Authentication Passwords Risk Education 95

Security Affairs

MAY 30, 2023

PyPI is going to enforce two-factor authentication (2FA) for all project maintainers by the end of this year over security concerns. Due to security concerns, PyPI will be mandating the use of two-factor authentication (2FA) for all project maintainers by the end of this year. ” continues the announcement. .

Authentication 84

Authentication Accountability Hacking Malware 84

Security Affairs

SEPTEMBER 15, 2021

Microsoft announced that users can access their consumer accounts without providing passwords and using more secure authentication methods. SecurityAffairs – hacking, passwordless authentication). The post Microsoft announces passwordless authentication for consumer accounts appeared first on Security Affairs.

Authentication 95

Authentication Accountability Passwords Phishing 95

Security Affairs

SEPTEMBER 25, 2023

Sonar’s Vulnerability Research Team discovered a critical security vulnerability, tracked as CVE-2023-42793 (CVSS score of 9.8), in TeamCity. The vulnerability is an authentication bypass issue affecting the on-premises version of TeamCity. ” The link for the Security patch plugin are for TeamCity 2018.2

Hacking 116

Hacking Software Authentication Internet 116

Security Affairs

AUGUST 21, 2023

Ivanti warned customers of a new critical Sentry API authentication bypass vulnerability tracked as CVE-2023-38035. The software company Ivanti released urgent security patches to address a critical-severity vulnerability, tracked as CVE-2023-38035 (CVSS score 9.8), in the Ivanti Sentry (formerly MobileIron Sentry) product.

Authentication 81

Authentication Internet Internet Mobile 81

Security Affairs

MARCH 27, 2022

Sophos has fixed an authentication bypass vulnerability, tracked as CVE-2022-1040, that resides in the User Portal and Webadmin areas of Sophos Firewall. “An authentication bypass vulnerability allowing remote code execution was discovered in the User Portal and Webadmin of Sophos Firewall and responsibly disclosed to Sophos. .”

Firewall 86

Firewall Authentication VPN Hacking 86

Security Affairs

FEBRUARY 18, 2023

Twitter has announced that the platform will allow using the SMS-based two-factor authentication (2FA) only to its Blue subscribers. To date, Twitter has offered three methods of 2FA : text message, authentication app, and security key. ” reads the post published by the social media and social networking service.

Authentication 94

Authentication Accountability Media Hacking 94

Security Affairs

APRIL 24, 2022

Atlassian fixed a critical flaw in its Jira software, tracked as CVE-2022-0540 , that could be exploited to bypass authentication. Atlassian has addressed a critical vulnerability in its Jira Seraph software, tracked as CVE-2022-0540 (CVSS score 9.9), that can be exploited by an unauthenticated attacker to bypass authentication.

Authentication 80

Authentication Software Hacking Risk 80

SecureList

AUGUST 14, 2023

Another tactic, popular with scammers big and small, phishers included, is hacking websites and placing malicious content on those, rather than registering new domains. Besides tucking a phishing page inside the website they hack, scammers can steal all of the data on the server and completely disrupt the site’s operation.

Phishing 74

Phishing Hacking Banking Scams 74

Security Affairs

NOVEMBER 8, 2022

Citrix released security updates to address a critical authentication bypass vulnerability in Citrix ADC and Citrix Gateway. Citrix is urging customers to install security updates to address a critical authentication bypass issue, tracked as CVE-2022-27510, in Citrix ADC and Citrix Gateway. ” concludes the bulletin.

Authentication 97

Authentication VPN Phishing Hacking 97

Security Affairs

OCTOBER 7, 2022

Fortinet addressed a critical authentication bypass vulnerability that impacted FortiGate firewalls and FortiProxy web proxies. Fortinet addressed a critical authentication bypass flaw, tracked as CVE-2022-40684, that impacted FortiGate firewalls and FortiProxy web proxies. SecurityAffairs – hacking, authentication bypass).

Authentication 98

Authentication Firewall Hacking Risk 98

Security Affairs

MAY 11, 2023

Industrial and IoT cybersecurity firm Claroty disclosed technical details of five vulnerabilities that be exploited to hack some Netgear router models. “Team82 disclosed five vulnerabilities in NETGEAR’s Nighthawk RAX30 routers as part of its research and participation in last December’s Pwn2Own Toronto hacking competition.”

Hacking 95

Hacking Firmware Authentication DNS 95

Security Affairs

SEPTEMBER 8, 2022

” The fourth issue fixed by the vendor is an authentication bypass flaw, tracked CVE-2022-20923 (CVSS score: 4.0) SecurityAffairs – hacking, NVIDIA). The post Cisco will not fix the authentication bypass flaw in EoL routers appeared first on Security Affairs. Follow me on Twitter: @securityaffairs and Facebook.

Authentication 132

Authentication Small Business Software Firewall 132

Security Affairs

APRIL 7, 2024

This trick allows attackers to obtain bypass authentication. “Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the system, potentially leading to unauthorized access to sensitive information, modification of system configurations, or denial of service conditions.”

Internet 131

Internet Internet DNS Hacking 131

Security Affairs

NOVEMBER 2, 2023

The attacks targeted IT service desk staff to trick them into resetting all multi-factor authentication (MFA) factors enrolled by highly privileged users. In December 2022, the American identity and access management giant revealed that its private GitHub repositories were hacked.

Data breaches 113

Data breaches Hacking Healthcare Social Engineering 113

Security Affairs

NOVEMBER 27, 2023

Ukraine’s intelligence service announced the hack of the Russian Federal Air Transport Agency, ‘Rosaviatsia.’ ’ Ukraine’s intelligence service announced they have hacked Russia’s Federal Air Transport Agency, ‘Rosaviatsia.’ ” reads the announcement. ” reads the announcement.

Hacking 108

Hacking Engineering Manufacturing Government 108

Security Affairs

FEBRUARY 27, 2021

A critical authentication bypass vulnerability could be exploited by remote attackers to Rockwell Automation programmable logic controllers (PLCs). “An attacker who is able to extract the secret key would be able to authenticate to any Rockwell Logix controller.” SecurityAffairs – hacking, PLC). Pierluigi Paganini.

Authentication 120

Authentication Software Engineering Manufacturing 120

Security Affairs

NOVEMBER 24, 2020

Microsoft released an out-of-band update for Windows to address authentication flaws related to a recently patched Kerberos vulnerability. Microsoft released an out-of-band update to address authentication issues in Windows related to a recently patched Kerberos vulnerability tracked as CVE-2020-17049. “An Pierluigi Paganini.

Authentication 124

Authentication Hacking Information Security Malware 124

The Last Watchdog

APRIL 4, 2022

They are often unaware of the risks they take on, which can include hacking, fraud, phishing, and more. SMBs and enterprises alike have been struggling with APIs as a mechanism for information security. The fact that there are so many different APIs is the main challenge for enterprises when it comes to API security.

Hacking 223

Hacking Penetration Testing Data breaches Authentication 223

Security Affairs

DECEMBER 13, 2022

VMware fixed three flaws in multiple products, including a virtual machine escape issue exploited at the GeekPwn 2022 hacking competition. VMware addressed three vulnerabilities in multiple products, including a virtual machine escape flaw, tracked as CVE-2022-31705, that was exploited at the GeekPwn 2022 hacking competition.

Hacking 123

Hacking Authentication Information Security 123

Security Affairs

AUGUST 10, 2022

The user had enabled password syncing via Google Chrome and had stored their Cisco credentials in their browser, enabling that information to synchronize to their Google account.” SecurityAffairs – hacking, Yanluowang ransomware). The post Cisco was hacked by the Yanluowang ransomware gang appeared first on Security Affairs.

Ransomware 122

Ransomware Hacking VPN Phishing 122

Security Affairs

APRIL 1, 2021

VMware has addressed a critical authentication bypass vulnerability in the VMware Carbon Black Cloud Workload appliance. VMware has addressed a critical vulnerability, tracked as CVE-2021-21982 , in the VMware Carbon Black Cloud Workload appliance that could be exploited by attackers to bypass authentication. Pierluigi Paganini.

Authentication 102

Authentication Malware Hacking Technology 102

Security Affairs

JANUARY 21, 2023

The IT giant announced that these devices will receive no security updates to address the bug because they have reached end of life (EoL). The flaw is an authentication bypass issue that resides in the web-based management interface of the routers, an attacker. reads the advisory published by the company.

Hacking 96

Hacking Small Business VPN Internet 96

Security Affairs

JUNE 16, 2022

Cisco addressed a critical bypass authentication flaw in Cisco Email Security Appliance (ESA) and Secure Email and Web Manager. Cisco addressed a critical bypass authentication vulnerability affecting Email Security Appliance (ESA) and Secure Email and Web Manager. SecurityAffairs – hacking, Cisco ESA).

Authentication 89

Authentication Hacking Software Cybersecurity 89

Security Affairs

NOVEMBER 24, 2020

Researchers discovered a major issue in cPanel that could be exploited by attackers to bypass two-factor authentication for cPanel accounts. Security researchers from Digital Defense have discovered a major security issue in cPanel , a popular software suite that facilitates the management of a web hosting server.

Hacking 135

Hacking Authentication Accountability Software 135

Security Affairs

AUGUST 22, 2023

The Akira ransomware has been active since March 2023, the threat actors behind the malware claim to have already hacked multiple organizations in multiple industries, including education, finance, and real estate. The Akira ransomware gang targets Cisco VPN products to gain initial access to corporate networks and steal their data.

VPN 89

VPN Ransomware Hacking Education 89

Security Affairs

JULY 26, 2023

Experts warn of a severe privilege escalation, tracked as CVE-2023-30799 , in MikroTik RouterOS that can be exploited to hack vulnerable devices. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface.” “MikroTik RouterOS stable before 6.49.7

Hacking 95

Hacking Passwords Authentication Encryption 95

Security Affairs

AUGUST 20, 2023

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. CVE-2023-36846 5.3 CVE-2023-36847 5.3

Hacking 83

Hacking Authentication Information Security Network Security 83

Security Affairs

JULY 25, 2022

The now patched vulnerabilities are an authentication bypass issue tracked as CVE-2022-34907 and a hardcoded cryptographic key tracked as CVE-2022-34906. A remote attacker can trigger the vulnerabilities to bypass authentication and gain full control over the MDM platform and its managed devices. x, prior to 14.7.2. Pierluigi Paganini.

Hacking 91

Hacking Authentication Internet Internet 91

Security Affairs

MARCH 11, 2024

Researchers released technical specifics and a PoC exploit for a recently disclosed flaw in Progress Software OpenEdge Authentication Gateway and AdminServer. “The Progress OpenEdge team recently identified a security vulnerability in OpenEdge Release 11.7.18 If a match occurs, authentication is granted.

Software 112

Software Authentication Passwords Engineering 112

Security Affairs

SEPTEMBER 18, 2022

The Password management solution LastPass revealed that the threat actors had access to its systems for four days during the August hack. Password management solution LastPass shared more details about the security breach that the company suffered in August 2022. had successfully authenticated using multi-factor authentication.”

Hacking 95

Hacking Password Management Passwords Authentication 95

Security Affairs

MARCH 11, 2022

Anonymous announced to have hacked the Russian Federal Service for Supervision of Communications, Information Technology and Mass Media, also known as Roskomnadzor. Anonymous linked group Ghostsec also announced to have hacked the Department of Information Projects ( [link] ). SecurityAffairs – hacking, Anonymous).

Hacking 108

Hacking Media Authentication Technology 108

Security Affairs

OCTOBER 3, 2022

Documents belonging to the Italian luxury sports car manufacturer Ferrari are circulating online, the company confirmed their authenticity stating it is not aware of cyber attacks. SecurityAffairs – hacking, Log4Shell). Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Hacking 111

Hacking Manufacturing Cyber Attacks Ransomware 111

Security Affairs

JANUARY 18, 2023

The vulnerabilities discovered in the Netcomm routers are a a stack based buffer overflow and an authentication bypass, respectively tracked as CVE-2022-4873 and CVE-2022-4874. CVE-2022-4874 – Authentication bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows an unauthenticated user to access content.

Hacking 87

Hacking Authentication Software Internet 87

Security Affairs

APRIL 8, 2021

The maintainers of the PHP programming language have provided an update regarding the security breach that took place on March 28. Unknown attackers hacked the official Git server of the PHP programming language and pushed unauthorized updates to insert a backdoor into the source code. SecurityAffairs – hacking, data breach).

Hacking 84

Hacking Passwords Authentication Data breaches 84

Security Affairs

AUGUST 27, 2023

The Polish domestic security agency is investigating a hacking attack on the national railways, Polish media report. Poland’s Internal Security Agency (ABW) and national police have launched an investigation into a hacking attack on the state’s railway network.

Hacking 80

Hacking Media Encryption Authentication 80