Duo's Security Blog

FEBRUARY 8, 2021

Setting Up an Instant Registration Database You don’t know who’s going to sign up and register, and you don’t have time to integrate it with any databases you have with citizen data in order to uniquely identify and authenticate them. This does a bit of authentication by proving possession of the email address that was registered.

CISO 120

CISO Passwords Authentication Accountability 120

Security Affairs

FEBRUARY 4, 2024

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Identity Theft 122

Identity Theft VPN Malware Ransomware 122

Security Affairs

MAY 4, 2023

The Sandworm group (aka BlackEnergy , UAC-0082 , Iron Viking , Voodoo Bear , and TeleBots ) has been active since 2000, it operates under the control of Unit 74455 of the Russian GRU’s Main Center for Special Technologies (GTsST). The CERT also provided Indicators of Compromise (IoCs) for these attacks.

VPN 98

VPN Education Accountability Cyber Attacks 98

Malwarebytes

JANUARY 10, 2024

From today until December 31, 2023, the price for a subscription to Atomic MacOs Stealer is only $2000. Stealing browser cookies can sometimes be even better than having the victim’s password, enabling authentication into accounts via session tokens. Happy New Year!

Passwords 139

Passwords Antivirus Malware Encryption 139

Security Affairs

APRIL 26, 2023

Horizon3 found that at least 2000 servers are running with a dangerous default configuration. “Session Validation attacks in Apache Superset versions up to and including 2.0.1. The application then validates the signature on the cookie to re-authenticate the user prior to processing the request. ” reads the advisory.

Authentication 98

Authentication Education Media Hacking 98

Herjavec Group

AUGUST 26, 2021

They hack into their teacher’s account and leave messages making fun of him. Air Force research facility, discover a password “sniffer” has been installed onto their network, compromising more than 100 user accounts. 2000 — Lou Cipher — Barry Schlossberg, aka Lou Cipher, successfully extorts $1.4

Cybercrime 135

Cybercrime Computers and Electronics Banking Hacking 135

Security Affairs

MARCH 15, 2019

The initial vulnerability that we discovered in October 2012 was related to the “Internet Key Exchange and Authenticated Internet Protocol Keying Modules”. Those modules are used for authentication and key exchange in Internet Protocol security. The problem was that they try to load a DLL which doesn’t exist. That’s all for today.

Authentication 110

Authentication Engineering Internet Internet 110

Fox IT

MARCH 19, 2020

Both network segments were able to connect to domain controllers in the same domain and could interact with objects, authenticate users, query information and more. In Active Directory, user accounts are objects to which extra information can be added. By default, user accounts have write permissions on some of these attributes.

Accountability 73

Accountability Architecture Penetration Testing Authentication 73

Security Boulevard

OCTOBER 21, 2022

For example, if the breach is confirmed to be exploiting SSH, any system that is accessible via SSH and all SSH keys need to be accounted for in the network. This is true for all types of key and certificate compromises, including those used for SSL, SSH, mobile, and authentication. Alexa Hernandez. Data Breach.

Data breaches 40

Data breaches Digital transformation Mobile Passwords 40

SecureList

SEPTEMBER 3, 2024

The backdoor hooks the password authentication function to allow the attacker to use any username/password to log in to the infected server without any further verification. It does the same with public key authentication. If the script detects that it’s running on Windows 2000, XP, 2003 or Vista, it shuts down.

Malware 110

Malware Passwords Ransomware Encryption 110

eSecurity Planet

JUNE 17, 2021

For control access, authorization grants users least privilege while the Azure Active Directory manages authentication at the database level. With several attacks in the last year due to a breach of an administrator or personnel’s account, organizations must take a zero trust approach to protect data security.

Firewall 120

Firewall Encryption Computers and Electronics Software 120

NopSec

APRIL 30, 2023

Researchers determined that authenticated threat actors could leverage the AutoDiscovery or OWA Exchange endpoints to trigger the deserialization sink. Exploitation is only possible if an attacker can reach port eighty (80) and the PowerShell entry point must use Kerberos for authentication.

Authentication 52

Authentication Internet Internet Software 52

Malwarebytes

APRIL 5, 2023

In fact, an October 2022 Government Accountability Office (GAO) report found that loss of learning following a cyberattack ranged from three days to three weeks, with recovery time taking anywhere from two to nine months. Require all accounts with credentialed logins to comply with NIST standards for password policies.

Education 77

Education Ransomware Cybersecurity Risk 77

ForAllSecure

OCTOBER 29, 2020

Vamosi: Bowen’s public inquiry revealed findings of multiple buffer overflows, software updates without authentication, and inadequate randomization of the ballots so that valid secrecy can be compromised -- among other vulnerabilities. Bee: I have to put in 16 letters and digits to get into my FreshDirect account. Bee: Great.

Hacking 52

Hacking Mobile Software Technology 52

ForAllSecure

OCTOBER 29, 2020

Vamosi: Bowen’s public inquiry revealed findings of multiple buffer overflows, software updates without authentication, and inadequate randomization of the ballots so that valid secrecy can be compromised -- among other vulnerabilities. Bee: I have to put in 16 letters and digits to get into my FreshDirect account. Bee: Great.

Hacking 52

Hacking Mobile Software Technology 52

ForAllSecure

OCTOBER 20, 2020

Vamosi: Bowen’s public inquiry revealed findings of multiple buffer overflows, software updates without authentication, and inadequate randomization of the ballots so that valid secrecy can be compromised -- among other vulnerabilities. Bee: I have to put in 16 letters and digits to get into my FreshDirect account. Bee: Great.

Hacking 40

Hacking Mobile Software Technology 40

Troy Hunt

JANUARY 16, 2019

The post on the forum referenced "a collection of 2000+ dehashed databases and Combos stored by topic" and provided a directory listing of 2,890 of the files which I've reproduced here. Take logging onto a mobile app with @1Password on iOS: tap the email field, choose the account, Face ID, login button, job done!

Data breaches 280

Data breaches Passwords Password Management Accountability 280

Security Affairs

SEPTEMBER 20, 2019

There is the same group behind the hack of the celebrity Instagram accounts, attackers used the same attack pattern to push scams. The same threat actor continues to target celebrity Instagram accounts to push scam sites to their wide audience. Recently the Instagram account of the popular actor Robert Downey Jr.

Scams 101

Scams Accountability Hacking Advertising 101

McAfee

AUGUST 24, 2021

CVE-2021-33885 – Insufficient Verification of Data Authenticity (CVSS 9.7). CVE-2021-33882 – Missing Authentication for Critical Function (CVSS 8.2). CVE-2021-33883 – Cleartext Transmission of Sensitive Information (CVSS 7.1). CVE-2021-33884 – Unrestricted Upload of File with Dangerous Type (CVSS 5.8).

Computers and Electronics 145

Computers and Electronics Authentication Software Risk 145

SC Magazine

MAY 5, 2021

The FBI Internet Crime Complaint Center (IC3) in March released its 2020 Internet Crime Report with updated statistics on Business Email Compromise (BEC), Email Account Compromise (EAC), and COVID-19 scams. Authenticate all workflows.

Internet 53

Internet Internet Scams Cybercrime 53

ForAllSecure

NOVEMBER 9, 2022

A proximity authenticate, and CC by forwarding the data from a baseband to the link layer. And even after using that token a few times for authentication responses, like positive, at least at that point, the car should go ahead and say alright, I do and I make a new token so that the next time the phone key has to respond differently.

Hacking 40

Hacking Computers and Electronics Manufacturing Wireless 40

ForAllSecure

JANUARY 15, 2021

In 2011, researcher Ang Cui showed how updates to common laser printers were not signed or otherwise authenticated, meaning that you might think you’re doing the right thing by applying an update when in reality you might be unintentionally installing malware. Supply chain compromises have been talked about for a few years now.

Healthcare 52

Healthcare Hacking InfoSec Software 52

ForAllSecure

JANUARY 15, 2021

In 2011, researcher Ang Cui showed how updates to common laser printers were not signed or otherwise authenticated, meaning that you might think you’re doing the right thing by applying an update when in reality you might be unintentionally installing malware. Supply chain compromises have been talked about for a few years now.

Healthcare 52

Healthcare Hacking InfoSec Software 52