Security Affairs

SEPTEMBER 7, 2022

In the digital age, authentication is paramount to a strong security strategy. Which are the challenges of user authentication? In the digital age, authentication is paramount to a strong security strategy. User authentication seems easy, but there are inherent challenges to be aware of. User Authentication.

Authentication 95

Authentication Passwords Risk Education 95

Security Affairs

APRIL 9, 2024

December 14, 2023: Vendor requests extension March 22, 2024: Patch release April 09, 2024: Public release of this report Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, smart TVs) Most of the Internet-facing devices are in South Korea, Hong Kong, the U.S.,

Hacking 124

Hacking Internet Internet Authentication 124

Security Affairs

NOVEMBER 2, 2023

Okta warns approximately 5,000 employees that their personal information was compromised due to a third-party vendor data breach. Cloud identity and access management solutions provider Okta warns nearly 5,000 employees that their personal information was exposed due to a data breach suffered by the third-party vendor Rightway Healthcare.

Data breaches 115

Data breaches Hacking Healthcare Social Engineering 115

Security Affairs

AUGUST 2, 2022

VMware patched a critical authentication bypass security flaw, tracked as CVE-2022-31656, impacting local domain users in multiple products. VMware has addressed a critical authentication bypass security flaw, tracked as CVE-2022-31656, impacting local domain users in multiple products. Pierluigi Paganini.

Authentication 111

Authentication Hacking Information Security 111

Security Affairs

JUNE 29, 2023

Data protection firm Arcserve addressed an authentication bypass vulnerability in its Unified Data Protection (UDP) backup software. Data protection vendor Arcserve addressed a high-severity bypass authentication flaw, tracked as CVE-2023-26258, in its Unified Data Protection (UDP) backup software. Arcserve released UDP 9.1

Authentication 90

Authentication Backups Ransomware Software 90

Security Affairs

JANUARY 31, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Apple improper authentication bug to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added an Apple improper authentication bug, tracked as CVE-2022-48618 , to its Known Exploited Vulnerabilities (KEV) catalog.

Authentication 100

Authentication Cybersecurity Risk Information Security 100

Security Affairs

APRIL 7, 2024

An attacker can exploit the flaw to achieve command execution on the affected D-Link NAS devices, gain access to potential access to sensitive information, system configuration alteration, or denial of service. This trick allows attackers to obtain bypass authentication. ” wrote Netsecfish.

Internet 133

Internet Internet DNS Hacking 133

Security Affairs

NOVEMBER 27, 2023

Ukraine’s intelligence service announced the hack of the Russian Federal Air Transport Agency, ‘Rosaviatsia.’ ’ Ukraine’s intelligence service announced they have hacked Russia’s Federal Air Transport Agency, ‘Rosaviatsia.’ ” reads the announcement. ” reads the announcement.

Hacking 110

Hacking Engineering Manufacturing Government 110

Security Affairs

MAY 12, 2024

Recommendations provided in the report include installing updates promptly, using phishing-resistant multi-factor authentication (MFA), securing remote access software, making backups, and applying mitigations from the #StopRansomware Guide.

Ransomware 112

Ransomware Hacking Healthcare Retail 112

SecureList

AUGUST 14, 2023

Another tactic, popular with scammers big and small, phishers included, is hacking websites and placing malicious content on those, rather than registering new domains. Besides tucking a phishing page inside the website they hack, scammers can steal all of the data on the server and completely disrupt the site’s operation.

Phishing 73

Phishing Hacking Banking Scams 73

Security Affairs

MAY 11, 2023

Industrial and IoT cybersecurity firm Claroty disclosed technical details of five vulnerabilities that be exploited to hack some Netgear router models. “Team82 disclosed five vulnerabilities in NETGEAR’s Nighthawk RAX30 routers as part of its research and participation in last December’s Pwn2Own Toronto hacking competition.”

Hacking 95

Hacking Firmware Authentication DNS 95

The Last Watchdog

APRIL 4, 2022

They are often unaware of the risks they take on, which can include hacking, fraud, phishing, and more. SMBs and enterprises alike have been struggling with APIs as a mechanism for information security. The fact that there are so many different APIs is the main challenge for enterprises when it comes to API security.

Hacking 222

Hacking Penetration Testing Data breaches Authentication 222

Security Affairs

MAY 30, 2023

PyPI is going to enforce two-factor authentication (2FA) for all project maintainers by the end of this year over security concerns. Due to security concerns, PyPI will be mandating the use of two-factor authentication (2FA) for all project maintainers by the end of this year. ” continues the announcement. .

Authentication 84

Authentication Accountability Hacking Malware 84

Security Affairs

SEPTEMBER 15, 2021

Microsoft announced that users can access their consumer accounts without providing passwords and using more secure authentication methods. SecurityAffairs – hacking, passwordless authentication). The post Microsoft announces passwordless authentication for consumer accounts appeared first on Security Affairs.

Authentication 96

Authentication Accountability Passwords Phishing 96

Security Affairs

SEPTEMBER 25, 2023

Sonar’s Vulnerability Research Team discovered a critical security vulnerability, tracked as CVE-2023-42793 (CVSS score of 9.8), in TeamCity. The vulnerability is an authentication bypass issue affecting the on-premises version of TeamCity. ” The link for the Security patch plugin are for TeamCity 2018.2

Hacking 118

Hacking Software Authentication Internet 118

Security Affairs

MARCH 27, 2022

Sophos has fixed an authentication bypass vulnerability, tracked as CVE-2022-1040, that resides in the User Portal and Webadmin areas of Sophos Firewall. “An authentication bypass vulnerability allowing remote code execution was discovered in the User Portal and Webadmin of Sophos Firewall and responsibly disclosed to Sophos. .”

Firewall 86

Firewall Authentication VPN Hacking 86

Security Affairs

AUGUST 21, 2023

Ivanti warned customers of a new critical Sentry API authentication bypass vulnerability tracked as CVE-2023-38035. The software company Ivanti released urgent security patches to address a critical-severity vulnerability, tracked as CVE-2023-38035 (CVSS score 9.8), in the Ivanti Sentry (formerly MobileIron Sentry) product.

Authentication 81

Authentication Internet Internet Mobile 81

Security Affairs

MARCH 11, 2022

Anonymous announced to have hacked the Russian Federal Service for Supervision of Communications, Information Technology and Mass Media, also known as Roskomnadzor. Anonymous linked group Ghostsec also announced to have hacked the Department of Information Projects ( [link] ). SecurityAffairs – hacking, Anonymous).

Hacking 109

Hacking Media Authentication Technology 109

Security Affairs

FEBRUARY 18, 2023

Twitter has announced that the platform will allow using the SMS-based two-factor authentication (2FA) only to its Blue subscribers. To date, Twitter has offered three methods of 2FA : text message, authentication app, and security key. ” reads the post published by the social media and social networking service.

Authentication 94

Authentication Accountability Media Hacking 94

Security Affairs

SEPTEMBER 19, 2022

Uber hack update: There is no evidence that users’ private information was compromised in the data breach. Uber provided an update regarding the recent security breach of its internal computer systems, the company confirmed that there is no evidence that intruders had access to users’ private information.

Data breaches 92

Data breaches Hacking Engineering Authentication 92

Security Affairs

APRIL 24, 2022

Atlassian fixed a critical flaw in its Jira software, tracked as CVE-2022-0540 , that could be exploited to bypass authentication. Atlassian has addressed a critical vulnerability in its Jira Seraph software, tracked as CVE-2022-0540 (CVSS score 9.9), that can be exploited by an unauthenticated attacker to bypass authentication.

Authentication 80

Authentication Software Hacking Risk 80

Security Affairs

NOVEMBER 8, 2022

Citrix released security updates to address a critical authentication bypass vulnerability in Citrix ADC and Citrix Gateway. Citrix is urging customers to install security updates to address a critical authentication bypass issue, tracked as CVE-2022-27510, in Citrix ADC and Citrix Gateway. ” concludes the bulletin.

Authentication 97

Authentication VPN Phishing Hacking 97

Security Affairs

OCTOBER 7, 2022

Fortinet addressed a critical authentication bypass vulnerability that impacted FortiGate firewalls and FortiProxy web proxies. Fortinet addressed a critical authentication bypass flaw, tracked as CVE-2022-40684, that impacted FortiGate firewalls and FortiProxy web proxies. SecurityAffairs – hacking, authentication bypass).

Authentication 98

Authentication Firewall Hacking Risk 98

Security Affairs

AUGUST 10, 2022

The user had enabled password syncing via Google Chrome and had stored their Cisco credentials in their browser, enabling that information to synchronize to their Google account.” SecurityAffairs – hacking, Yanluowang ransomware). The post Cisco was hacked by the Yanluowang ransomware gang appeared first on Security Affairs.

Ransomware 124

Ransomware Hacking VPN Phishing 124

Security Affairs

JANUARY 20, 2022

Cisco pointed out that an attacker would need to perform detailed reconnaissance to allow for unauthenticated access, the issue could be also exploited by an authenticated attacker. Cisco’s Product Security Incident Response Team (PSIRT) confirmed that the company is not aware of attacks in the wild exploiting this vulnerability.

Software 100

Software Authentication Hacking Information Security 100

Security Affairs

SEPTEMBER 8, 2022

” The fourth issue fixed by the vendor is an authentication bypass flaw, tracked CVE-2022-20923 (CVSS score: 4.0) SecurityAffairs – hacking, NVIDIA). The post Cisco will not fix the authentication bypass flaw in EoL routers appeared first on Security Affairs. Follow me on Twitter: @securityaffairs and Facebook.

Authentication 135

Authentication Small Business Software Firewall 135

Security Affairs

AUGUST 22, 2023

The Akira ransomware has been active since March 2023, the threat actors behind the malware claim to have already hacked multiple organizations in multiple industries, including education, finance, and real estate. Bleeping Computer reported that information shared by the incident responder as ‘Aura’ on Twitter.

VPN 88

VPN Ransomware Hacking Education 88

Security Affairs

APRIL 12, 2024

Roku announced that 576,000 accounts were hacked in new credential stuffing attacks, threat actors used credentials stolen from third-party platforms. Roku also plans to refund unauthorized purchases and is implementing two-factor authentication (2FA) for all accounts.

Accountability 108

Accountability Passwords Data breaches Authentication 108

Security Affairs

MARCH 2, 2023

At the end of 2022, a security researcher discovered the stolen data on an unsecured server belonging to a group of hackers. TechCrunch was able to verify the authenticity of the data for a sample they analyzed, however it is unclear how recent the data is. New breach: GunAuction[.]com 83% were already in @haveibeenpwned.

Accountability 81

Accountability Hacking Data breaches Passwords 81

Security Affairs

FEBRUARY 27, 2021

A critical authentication bypass vulnerability could be exploited by remote attackers to Rockwell Automation programmable logic controllers (PLCs). “An attacker who is able to extract the secret key would be able to authenticate to any Rockwell Logix controller.” SecurityAffairs – hacking, PLC). Pierluigi Paganini.

Authentication 122

Authentication Software Engineering Manufacturing 122

Security Affairs

DECEMBER 16, 2022

“No Gemini account information or systems were impacted as a result of this third-party incident, and all funds and customer accounts remain secure.” Users are recommended to activating two-factor authentication (2FA) protection use hardware security keys to access their accounts. million Gemini users.

Hacking 82

Hacking Phishing Accountability Authentication 82

Security Affairs

JANUARY 18, 2021

It is not known how the account was accessed: the account had a good password, but did not have two-factor authentication enabled.” “The intruder was able to download a copy of the user list that contains email addresses, handles, and other statistical information about the users of the forum. ” states the advisory.

Hacking 129

Hacking Data breaches Passwords Accountability 129

Security Affairs

JANUARY 10, 2022

Several EA Sports FIFA 22 players claim to have been hacked, they say to have lost access to their personal EA and email accounts. A growing number of EA Sports FIFA 22 players reported that their EA accounts were hacked, including famous streamers such as Jamie Bateson (AKA Bateson87), NickRTFM, Trymacs, TisiSchubecH and FUT FG.

Hacking 102

Hacking Accountability Social Engineering Media 102

Security Affairs

JANUARY 12, 2024

The database was closed after researchers informed Liquipedia’s admins about the issue. According to researchers, the leak revealed an authentication server with login details and information on Liquipedia’s users along with authentication details for Liquipedia admins. Our team contacted Liquipedia in late October.

Authentication 115

Authentication Media Accountability Encryption 115

Security Affairs

AUGUST 13, 2023

Multiple vulnerabilities in CyberPower PowerPanel Enterprise DCIM platform and Dataprobe PDU could expose data centers to hacking. This platform serves as an integrated hub of information and control for all interconnected devices. CVE-2023-3266: Improperly Implemented Security Check for Standard (Auth Bypass; CVSS 7.5)

Hacking 86

Hacking Firmware Authentication Software 86

Security Affairs

MARCH 7, 2023

Recently, the password management software firm disclosed a “second attack,” a threat actor used data stolen from the August security breach and combined it with information available from a third-party data breach. “We have recently been made aware of a security vulnerability related to Plex Media Server.

Software 97

Software Hacking Data breaches Media 97

Security Affairs

NOVEMBER 24, 2020

Microsoft released an out-of-band update for Windows to address authentication flaws related to a recently patched Kerberos vulnerability. Microsoft released an out-of-band update to address authentication issues in Windows related to a recently patched Kerberos vulnerability tracked as CVE-2020-17049. “An Pierluigi Paganini.

Authentication 126

Authentication Hacking Information Security Malware 126