Penetration Testing

FEBRUARY 9, 2024

Dubbed CVE-2024-22394, this vulnerability exposes... The post CVE-2024-22394 Exposed: SonicWall SSL-VPN’s Authentication Flaw appeared first on Penetration Testing.

Authentication 87

Authentication Penetration Testing VPN 87

Penetration Testing

APRIL 27, 2024

This exploit allows authenticated attackers to escalate privileges to the SYSTEM level, granting them... The post Windows Kernel EoP Vulnerability (CVE-2024-21345) Gets PoC Exploit Code appeared first on Penetration Testing.

Penetration Testing 145

Penetration Testing Authentication 145

Penetration Testing

NOVEMBER 7, 2023

pmkidcracker This program is a tool written in Python to recover the pre-shared key of a WPA2 WiFi network without any de-authentication or requiring any clients to be on the network.

Authentication 93

Authentication Penetration Testing Wireless 93

SecureWorld News

JUNE 28, 2020

With many organizations now planning their annual penetration tests ("pentest" for short), a change is needed in order to accommodate remote workers. It also begs what are you allowed to test versus what is now considered taboo considering end-users may be operating with their own personal equipment?

Penetration Testing 95

Penetration Testing Social Engineering VPN Phishing 95

Penetration Testing

MAY 12, 2024

A new study by Dor Segal, a security researcher at Silverfort, has revealed a critical vulnerability in FIDO2, the popular passwordless authentication standard designed to protect against phishing and man-in-the-middle (MITM) attacks.

Penetration Testing 91

Penetration Testing Phishing Authentication 91

Penetration Testing

FEBRUARY 6, 2024

AuthLogParser AuthLogParser is a powerful Digital Forensics and Incident Response tool designed specifically for analyzing Linux authentication logs, commonly known as auth.log.

Authentication 45

Authentication Penetration Testing 45

Penetration Testing

APRIL 30, 2024

SonicWall has released a security patch for its Global Management System (GMS) software, addressing two vulnerabilities that could be exploited by attackers to gain unauthorized access to sensitive data (CVE-2024-29010) and bypass authentication mechanisms... The post SonicWall Patches GMS Flaws to Block Data Breaches and Bypass Attacks (..)

Data breaches 114

Data breaches Penetration Testing Authentication Software 114

Penetration Testing

MAY 7, 2024

Attackers are weaponizing two critical vulnerabilities, CVE-2023-46805 (authentication bypass) and CVE-2024-21887... The post Mirai Botnet Exploits Ivanti Vulnerabilities (CVE-2023-46805 & CVE-2024-21887) appeared first on Penetration Testing.

Penetration Testing 95

Penetration Testing Authentication Malware 95

Penetration Testing

MAY 1, 2024

API keys, OAuth tokens, and authentication information... The post Dropbox Sign Data Breach: What You Need to Know and How to Protect Yourself appeared first on Penetration Testing.

Data breaches 102

Data breaches Penetration Testing Authentication Passwords 102

Penetration Testing

MARCH 13, 2024

These security updates address five vulnerabilities, including potential remote code execution, unauthorized data access, and improper authentication... The post CVE-2024-27135: Apache Pulsar Remote Code Execution Vulnerability appeared first on Penetration Testing.

Penetration Testing 132

Penetration Testing Authentication Software 132

Penetration Testing

APRIL 18, 2024

Keycloak, a widely used open-source solution for authentication and authorization, has released important security updates addressing multiple vulnerabilities.

DDOS 107

DDOS Penetration Testing Risk Authentication 107

Penetration Testing

MARCH 28, 2024

Security researchers have uncovered a serious vulnerability in Okta Verify for Windows, a popular multifactor authentication (MFA) app. This flaw rated 7.1

Penetration Testing 126

Penetration Testing Authentication 126

Penetration Testing

FEBRUARY 27, 2024

A critical security vulnerability was recently discovered within the platform’s authentication system. This means an immediate... The post CVE-2024-1403 (CVSS 10): Critical Progress OpenEdge Vulnerability appeared first on Penetration Testing.

Penetration Testing 135

Penetration Testing Authentication 135

Penetration Testing

MARCH 10, 2024

The vulnerability, labeled CVE-2023-41313, allows attackers to exploit weaknesses in the authentication process within Apache Doris... The post CVE-2023-41313: Timing Attack Flaw in Apache Doris Database Puts Data at Risk appeared first on Penetration Testing.

Penetration Testing 129

Penetration Testing Risk Authentication 129

Penetration Testing

MARCH 29, 2024

This vulnerability could allow attackers to bypass SSH authentication on certain Linux... The post CVE-2024-3094 (CVSS 10): Backdoor Flaw Discovered in Popular Linux Compression Tool appeared first on Penetration Testing. A severe backdoor vulnerability (designated CVE-2024-3094) has been unearthed in versions 5.6.0

Penetration Testing 114

Penetration Testing Authentication 114

Penetration Testing

JANUARY 25, 2024

GitLab has addressed a critical severity vulnerability that could allow an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace.

Penetration Testing 141

Penetration Testing Authentication 141

Penetration Testing

APRIL 25, 2024

Postman, the tool beloved by developers for testing and building APIs, is unwittingly becoming a treasure trove for hackers. Security firm Truffle Security uncovered a shocking problem: thousands of live API keys, authentication tokens,... The post Thousands of API Secrets Exposed on Postman – Are Your Credentials At Risk?

Penetration Testing 89

Penetration Testing Risk Authentication 89

Penetration Testing

FEBRUARY 29, 2024

This vulnerability allows authenticated attackers with contributor-level permissions or higher to upload arbitrary... The post Urgent Security Alert: Avada WordPress Theme Vulnerability (CVE-2024-1468) appeared first on Penetration Testing. A high-severity security vulnerability (CVE-2024-1468, CVSS score 8.8)

Penetration Testing 112

Penetration Testing Authentication 112

Penetration Testing

FEBRUARY 20, 2024

VMware has released an urgent security advisory regarding two critical vulnerabilities within its now-deprecated Enhanced Authentication Plug-in (EAP).

Penetration Testing 107

Penetration Testing Authentication 107

Zigrin Security

JULY 19, 2023

One of the most effective ways to identify vulnerabilities in web applications is through web application penetration testing. By conducting web application penetration testing, companies can proactively address security issues and reduce the risk of a successful cyber attack.

Authentication 52

Authentication Penetration Testing Cybersecurity Passwords 52

Penetration Testing

MARCH 18, 2024

Spring Security, a widely used framework for securing Java-based applications, has a serious vulnerability that could allow attackers to bypass authentication and gain unauthorized access to sensitive systems.

Penetration Testing 110

Penetration Testing Authentication 110

Penetration Testing

MARCH 14, 2024

These flaws could allow attackers to bypass authentication mechanisms,... The post Critical Vulnerabilities in Arcserve UDP Software Demand Urgent Action appeared first on Penetration Testing.

Software 101

Software Penetration Testing Backups Authentication 101

Penetration Testing

DECEMBER 26, 2023

OFBiz provides a foundation... The post CVE-2023-51467: Apache OFBiz Pre-Authentication RCE Vulnerability appeared first on Penetration Testing. It includes framework components and business applications for ERP, CRM, E-Business/E-Commerce, Supply Chain Management, and Manufacturing Resource Planning.

Authentication 45

Authentication Penetration Testing Manufacturing 45

Penetration Testing

MARCH 6, 2024

enables attackers to execute authentication coercion... The post CVE-2024-21320 PoC Published- How Microsoft Themes Can Compromise Your Credentials appeared first on Penetration Testing. This vulnerability, with a CVSS score of 6.5,

Penetration Testing 111

Penetration Testing Authentication 111

Penetration Testing

APRIL 18, 2024

This vulnerability could allow authenticated attackers with... The post Public Exploit Released for Cisco IMC Flaw – Update Immediately to Halt Takeover Attacks appeared first on Penetration Testing.

Penetration Testing 84

Penetration Testing Authentication Risk 84

Penetration Testing

MARCH 5, 2024

that could allow attackers to bypass authentication and gain unauthorized access to your organization’s most valuable secrets. Understanding... The post CVE-2024-2048: HashiCorp’s Vault Vulnerability Puts Secrets at Risk appeared first on Penetration Testing.

Penetration Testing 97

Penetration Testing Risk Authentication 97

Penetration Testing

APRIL 4, 2024

These releases address three vulnerabilities, one rated ‘critical,’ that could allow attackers to bypass authentication,... The post Apache CloudStack Releases Critical Security Patches – Update Immediately appeared first on Penetration Testing.

Penetration Testing 79

Penetration Testing Authentication Software 79

Penetration Testing

MAY 13, 2024

The most critical vulnerability, CVE-2024-25641, could allow authenticated attackers... The post Cacti Network Monitoring Software Patched for Critical Security Flaws (CVE-2024-25641) appeared first on Penetration Testing.

Penetration Testing 43

Penetration Testing Software Authentication 43

Penetration Testing

MAY 4, 2024

V’ger V’ger is an interactive command-line application for post-exploitation of authenticated Jupyter instances with a focus on AI/ML security operations.

Penetration Testing 56

Penetration Testing Authentication 56

Penetration Testing

DECEMBER 9, 2023

The vulnerability, identified as an ‘authenticated arbitrary file upload’ issue, was initially discovered... The post CVE-2023-48777: Critical Vulnerability in Elementor Affecting Over 5 Million Websites appeared first on Penetration Testing.

Penetration Testing 112

Penetration Testing Authentication 112

Penetration Testing

FEBRUARY 20, 2024

The most severe of these bugs, an authentication... The post Critical Security Vulnerabilities in ConnectWise ScreenConnect Demand Immediate Patching appeared first on Penetration Testing.

Penetration Testing 84

Penetration Testing Authentication Software 84

Penetration Testing

FEBRUARY 20, 2024

Organizations leveraging Spring Security for authentication and authorization should prioritize mitigation to address the... The post Spring Security Vulnerability (CVE-2024-22234): Mitigating Broken Access Control appeared first on Penetration Testing.

Penetration Testing 84

Penetration Testing Authentication 84

Penetration Testing

JANUARY 4, 2024

Teleport, a renowned platform offering centralized authentication and auditing for servers and cloud applications, has recently found itself in the cybersecurity spotlight.

Penetration Testing 93

Penetration Testing Authentication Cybersecurity 93

Penetration Testing

FEBRUARY 2, 2024

Despite the unsettling access gained by hackers, AnyDesk assured its user base that no authentication tokens were compromised,... The post AnyDesk’s Cybersecurity Breach: Unveiling the Recent Attack appeared first on Penetration Testing.

Penetration Testing 84

Penetration Testing Cybersecurity Authentication Software 84

Penetration Testing

MARCH 8, 2024

The... The post CVE-2024-21899 (CVSS 9.8): Critical QNAP Flaw Opens Door to Hackers appeared first on Penetration Testing. These vulnerabilities, if left unaddressed, could provide attackers with various avenues for compromising affected devices. What’s the Risk?

Penetration Testing 132

Penetration Testing Software Risk Authentication 132

Penetration Testing

DECEMBER 3, 2023

That tool is based on impacket, which allows attackers to authenticate to databases using clear-text passwords NTLM... The post MSSqlPwner: pentesting tool designed to seamlessly interact and pwn MSSQL servers appeared first on Penetration Testing.

Penetration Testing 94

Penetration Testing Authentication Passwords 94

The Last Watchdog

FEBRUARY 20, 2024

Authentication and authorization vulnerabilities: Weak authentication methods and compromised access tokens can provide unauthorized access. Multi-factor authentication: Implement multi-factor authentication for administration and privileged users to enhance access control and prevent unauthorized entry.

Cybersecurity 273

Cybersecurity Penetration Testing Authentication Social Engineering 273