Security Affairs

MAY 22, 2024

A critical security vulnerability in Veeam Backup Enterprise Manager could allow threat actors to bypass authentication. A critical vulnerability, tracked as CVE-2024-29849 (CVSS score: 9.8), in Veeam Backup Enterprise Manager could allow attackers to bypass authentication.

Backups 131

Backups Authentication Accountability Software 131

Security Affairs

SEPTEMBER 8, 2022

Cisco fixed new security flaws affecting its products, including a recently disclosed high-severity issue in NVIDIA Data Plane Development Kit. The vulnerability affects: Cisco Catalyst 8000V Edge Software Adaptive Security Virtual Appliance (ASAv) Secure Firewall Threat Defense Virtual (formerly FTDv). respectively. .”

Authentication 143

Authentication Small Business Software Firewall 143

Security Affairs

FEBRUARY 15, 2025

. “Organizations relying on PAN-OS firewalls should assume that unpatched devices are being targeted andtake immediate steps to secure them.“ An unauthenticated attacker on the network couple exploit the vulnerability to bypass authentication and invoke certain PHP scripts. ” reads the report published by Assetnote.

Firewall 103

Firewall Authentication Architecture Risk 103

Security Affairs

SEPTEMBER 11, 2024

The software firm released security updates to address a maximum security vulnerability, tracked as CVE-2024-29847, in its Endpoint Management software (EPM). The software firm released security updates to address a maximum security vulnerability, tracked as CVE-2024-29847, in its Endpoint Management software (EPM).

Software 131

Software Authentication IoT Hacking 131

Security Affairs

SEPTEMBER 30, 2023

Progress Software has addressed a critical severity vulnerability in its WS_FTP Server software used by thousands of IT teams worldwide. A pre-authenticated, remote attacker could leverage a.NET deserialization issue in the Ad Hoc Transfer module to execute arbitrary commands on the underlying WS_FTP Server operating system.

Software 131

Software Authentication Hacking Information Security 131

Security Affairs

DECEMBER 30, 2024

Cisco confirmed the authenticity of the 4GB of leaked data, the data was compromised in a recent security breach, marking the second leak in the incident. Cisco confirmed the authenticity of the 4GB of leaked data, which was compromised in a recent security breach, marking it as the second leak in the incident.

Data breaches 125

Data breaches Cybercrime Authentication Technology 125

Security Affairs

JULY 29, 2022

Therefore, strong authentication methods are needed. Therefore, strong authentication methods are needed to improve security without hindering user convenience. What is Strong Authentication? The IAM Security Boundary Strong authentication is a critical component of modern-day identity and access management.

Authentication 126

Authentication Passwords Data privacy Identity Theft 126

Security Affairs

OCTOBER 29, 2024

. “Investigations into RedLine and Meta started after victims came forward and a security company notified authorities about possible servers in the Netherlands linked to the software. “Through Eurojust, authorities were able to quickly exchange information and coordinate actions to take down the infostealers.”

Identity Theft 126

Identity Theft Passwords Malware Banking 126

Security Affairs

DECEMBER 27, 2024

Palo Alto Networks addressed a high-severity flaw, tracked as CVE-2024-3393 (CVSS score: 8.7), in PAN-OS software that could cause a denial-of-service (DoS) condition. when access is limited to authenticated end users via Prisma Access. Repeated exploitation forces the firewall into maintenance mode. ” reads the advisory.

DNS 114

DNS Firewall Spyware Software 114

Security Affairs

OCTOBER 11, 2024

.” The Internet Archive is an American nonprofit digital library website that provides free access to collections of digitized materials including websites, software applications, music, audiovisual, and print materials. Hunt will add the information of the impacted users to HIBP very soon.

Data breaches 122

Data breaches Internet Internet DDOS 122

The Last Watchdog

DECEMBER 18, 2024

Part three of a four-part series In 2024, global pressure on companies to implement advanced data protection measures intensified, with new standards in encryption and software transparency raising the bar. Similarly, software bills of materials (SBOMs) underscore the need for better accountability in third-party software.

Cybersecurity 130

Cybersecurity CISO Risk Government 130

Security Affairs

FEBRUARY 14, 2024

Zoom addressed seven vulnerabilities in its desktop and mobile applications, including a critical flaw (CVE-2024-24691) affecting the Windows software. The company also addressed a high-severity escalation of privilege vulnerability, tracked as CVE-2024-24697, impacting Windows software. ” reads the advisory. excluding 5.15.15

Software 139

Software Authentication Mobile Hacking 139

Daniel Miessler

MAY 14, 2020

A password manager is a piece of software that creates all these for you, keeps them stored safely, and then fills them in for you automatically when you need to log in. Keep your firmware and software updated. Keep all of your software and hardware religiously updated. Enable two-factor authentication on all critical accounts.

Risk 345

Risk Passwords Password Management Accountability 345

Security Affairs

MARCH 5, 2024

Two new security flaws in JetBrains TeamCity On-Premises software can allow attackers to take over affected systems. Rapid7 researchers disclosed two new critical security vulnerabilities, tracked as CVE-2024-27198 (CVSS score: 9.8) and CVE-2024-27199 (CVSS score:7.3), in JetBrains TeamCity On-Premises.

Software 136

Software Authentication Hacking Information Security 136

Security Affairs

FEBRUARY 6, 2025

A remote attacker authenticated with read-only administrative privileges could exploit the flaws to execute arbitrary commands on flawed devices. “This vulnerability is due to insecure deserialization of user-supplied Java byte streams by the affected software.” ” reads the advisory. ” reads the advisory.

Engineering 78

Engineering Authentication Software Hacking 78

Security Affairs

APRIL 22, 2025

To avoid falling victim to unauthorized trading caused by stolen login credentials, users should follow key precautions: never click links in emails or SMS, always access brokerage sites via pre-saved bookmarks, and enable security features like multi-factor authentication and login notifications.

Financial Services 121

Financial Services Passwords Accountability Antivirus 121

Security Affairs

JULY 25, 2024

Progress Software addressed a critical remote code execution vulnerability, tracked as CVE-2024-6327, in the Telerik Report Server. It provides tools for report design, scheduling, and secure delivery, allowing organizations to centralize their reporting processes. ” reads the report published by the company.

Software 124

Software Authentication Hacking Accountability 124

Security Affairs

NOVEMBER 15, 2024

Glove Stealer is a.NET-based information stealer that targets browser extensions and locally installed software to steal sensitive data. The malware could harvest a huge trove of data from infected systems, including cookies, autofill, cryptocurrency wallets, 2FA authenticators, password managers, and email client information.

Encryption 117

Encryption Password Management Cryptocurrency Social Engineering 117

Security Affairs

MAY 5, 2025

Sansec discovered that threat actors behind the attack breached the download servers of Tigren, Magesolution (MGS) and Meetanshi and injected backdoors in their software that allowed them to take over their customers’ e-stores. In older versions (2019), this required no authentication, but newer versions require a secret key.

eCommerce 95

eCommerce Hacking Authentication Software 95

Security Affairs

FEBRUARY 7, 2025

Cybersecurity and Infrastructure Security Agency (CISA) added a Trimble Cityworks vulnerability, tracked as CVE-2025-0994 , to its Known Exploited Vulnerabilities (KEV) catalog. Trimble Cityworks is a GIS-centric asset management and permitting software designed for local governments, utilities, and public works organizations.

Authentication 93

Authentication Internet Internet Hacking 93

Krebs on Security

APRIL 27, 2023

Salesforce Community is a widely-used cloud-based software product that makes it easy for organizations to quickly create websites. Customers can access a Salesforce Community website in two ways: Authenticated access (requiring login), and guest user access (no login required). Akiri said he notified the Washington D.C. ”

Banking 343

Banking Government Information Security Authentication 343

Security Affairs

DECEMBER 5, 2024

Cisco released security patches for a vulnerability, tracked as CVE-2024-20397 (CVSS score of 5.2), in the NX-OS softwares bootloader that could be exploited by attackers to bypass image signature verification. “A successful exploit could allow the attacker to bypassNX-OSimage signature verificationand loadunverified software.”

Software 83

Software Authentication Hacking Information Security 83

Security Affairs

FEBRUARY 28, 2025

“A vulnerability in the software upgrade process of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker with validAdministratorcredentials to execute a command injection attack on the underlying operating system of an affected device.”

Software 103

Software Authentication Hacking Information Security 103

Security Affairs

MARCH 15, 2022

“Multiple vulnerabilities (CVE-2022-26500, CVE-2022-26501) in Veeam Backup & Replication allow executing malicious code remotely without authentication. The post Critical flaws affect Veeam Data Backup software appeared first on Security Affairs. This may lead to gaining control over the target system.”

Backups 134

Backups Software Authentication Hacking 134

Security Affairs

JUNE 4, 2025

has been discovered in the Roundcube webmail software. allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.” A critical flaw, tracked as CVE-2025-49113 (CVSS score of 9.9) x before 1.6.11

Authentication 67

Authentication Risk Hacking Technology 67

The Last Watchdog

JANUARY 6, 2022

As a result, The majority of businesses (55 percent) are using some sort of a tool to monitor for insider threats; including data leak prevention (DLP) software (54 percent), user behavior analytics (UBA) software (50 percent), and employee monitoring and surveillance (47 percent). Yes, they are cheap to apply. They can be dynamic.

Marketing 279

Marketing Software Surveillance Information Security 279

Joseph Steinberg

JANUARY 20, 2022

Zero Trust is a concept, an approach to information security that dramatically deviates from the approach commonly taken at businesses worldwide by security professionals for many years. And, of course, they must know, and be able to strongly authenticate, any human users as well.

Cybersecurity 363

Cybersecurity Artificial Intelligence Ransomware Social Engineering 363

Joseph Steinberg

JANUARY 4, 2023

The term Zero Trust refers to a concept, an approach to information security that dramatically deviates from the common approach of yesteryear; Zero Trust states that no request for service is trusted, even if it is issued by a device owned by the resource’s owner, and is made from an internal, private network belonging to the same party.

Architecture 361

Architecture Artificial Intelligence Encryption Cybersecurity 361

Security Affairs

AUGUST 21, 2023

Ivanti warned customers of a new critical Sentry API authentication bypass vulnerability tracked as CVE-2023-38035. The software company Ivanti released urgent security patches to address a critical-severity vulnerability, tracked as CVE-2023-38035 (CVSS score 9.8), in the Ivanti Sentry (formerly MobileIron Sentry) product.

Authentication 98

Authentication Internet Internet Mobile 98

Security Affairs

JANUARY 10, 2025

“Individuals in the recruitment process should verify the authenticity of CrowdStrike communications and avoid downloading unsolicited files.” And, in reference to the campaign detailed above, we do not ask candidates to download software for interviews.” ” concludes the report.

Phishing 113

Phishing Scams Malware Authentication 113

Security Affairs

JANUARY 12, 2025

Microsoft filed a complaint with the Eastern District Court of Virginia against ten individuals for using stolen credentials and custom software to breach computers running Microsofts Azure OpenAI services to generate content for harmful purposes. Defendants then used Microsofts computers and software for harmful purposes.”

Authentication 67

Authentication Software Hacking Accountability 67

Security Affairs

FEBRUARY 21, 2025

.” “If you can’t update to a patched version, then rotating your security key and ensuring its privacy will help to migitgate the issue.” An authenticated attacker with network access to the management web interface could exploit the flaw to read files that are readable by the nobody user.

Authentication 80

Authentication Firewall Cybersecurity Hacking 80

SecureList

DECEMBER 9, 2024

A software update in April caused problems in a number of distributions, such as Red Hat, Debian and Rocky. Linux is the operating system used by many key infrastructure and security facilities. XZ backdoor to bypass SSH authentication What happened? However, delegating tasks also introduces new information security challenges.

Internet 112

Internet Internet Risk Social Engineering 112

Security Affairs

FEBRUARY 10, 2025

CVE-2024-57968 allows remote authenticated users to upload files to unintended folders, while CVE-2025-25181 is an SQL injection flaw enabling remote SQL execution (no patch available). The group was also observed exploiting vulnerabilities in Telerik UI such as CVE-2017-9248 and CVE-2019-18935.

Manufacturing 111

Manufacturing Cybercrime Passwords Authentication 111

Security Affairs

APRIL 6, 2025

BleepingComputer reported that multiple companies confirmed the leaked Oracle data as authentic, including accurate LDAP names, emails, and other identifiers. Its the second cybersecurity breach that the software company has acknowledged to clients in the last month.” The published credentials are not for the Oracle Cloud.

Data breaches 126

Data breaches Encryption Hacking Passwords 126

Security Affairs

NOVEMBER 19, 2024

Experts noticed that due to this vulnerability, user credentials remain in process memory after a user authenticates to the VPN. Volexity reported the vulnerability to the security vendor in July, however the flaw has yet to be addressed. SoftwareList List installed software, folders, and files recursively from a base location.

VPN 119

VPN Malware Spyware Passwords 119

Security Affairs

MAY 26, 2025

Below is the description of the flaws: CVE-2025-4427 (CVSS score: 5.3) An authentication bypass in Endpoint Manager Mobileallowingattackers to access protected resources without proper credentials. CERT-EU reported both vulnerabilities to the software firm. CERT-EU reported both vulnerabilities to the software firm.

Mobile 93

Mobile Telecommunications Authentication Internet 93