Security Affairs

JANUARY 12, 2024

Researchers published a proof-of-concept (PoC) code for the recently disclosed critical flaw CVE-2023-51467 in the Apache OfBiz. Researchers from cybersecurity firm VulnCheck have created a proof-of-concept (PoC) exploit code for the recently disclosed critical flaw CVE-2023-51467 (CVSS score: 9.8) in the Apache OfBiz.

Authentication 145

Authentication Software Passwords Hacking 145

The Last Watchdog

APRIL 28, 2023

“Stronger together” was the theme of RSA Conference 2023 , which returned to its pre-Covid grandeur under the California sunshine last week at San Francisco’s Moscone Center. Here are three evolving themes reverberating from RSAC 2023 that struck me: Getting a grip on identities Password enabled access will endure for the foreseeable future.

Mobile 211

Mobile Cloud Migration Penetration Testing Authentication 211

Krebs on Security

JULY 12, 2024

AT&T also acknowledged the customer records were exposed in a cloud database that was protected only by a username and password (no multi-factor authentication needed). For its part, Snowflake says it now requires all new customers to use multi-factor authentication. In a regulatory filing with the U.S.

Data breaches 336

Data breaches Passwords Authentication Accountability 336

Security Affairs

SEPTEMBER 16, 2023

Iran-linked Peach Sandstorm APT is behind password spray attacks against thousands of organizations globally between February and July 2023. The campaign targeted thousands of organizations worldwide between February and July 2023. ” Microsoft concludes.

Passwords 142

Passwords Accountability Authentication Hacking 142

The Last Watchdog

MARCH 1, 2023

The IT world relies on digital authentication credentials, such as API keys, certificates, and tokens, to securely connect applications, services, and infrastructures. Related: The coming of agile cryptography These secrets work similarly to passwords, allowing systems to interact with one another.

Authentication 222

Authentication CISO Passwords Software 222

Krebs on Security

SEPTEMBER 12, 2023

Apple says the iOS flaw ( CVE-2023-41064 ) does not seem to work against devices that have its ultra-paranoid “ Lockdown Mode ” enabled. Tracked as CVE-2023-36761 , it is flagged as an “information disclosure” vulnerability. ” The other Windows zero-day fixed this month is CVE-2023-36802. .

Spyware 279

Spyware Software Surveillance Authentication 279

SecureList

MAY 14, 2024

Incident response analyst report 2023 As an information security company, our services include incident response and investigation, and malware analysis. Our annual Incident Response Report presents anonymized statistics on the cyberattacks we investigated in 2023. This attack vector was among the three most frequently seen in 2023.

Ransomware 134

Ransomware Authentication Passwords Government 134

SecureList

MAY 6, 2024

Methodology In this report, we present an analysis of financial cyberthreats in 2023, focusing on banking Trojans and phishing pages that target online banking, shopping accounts, cryptocurrency wallets and other financial assets. Cryptocurrency phishing saw a 16% year-on-year increase in 2023, with 5.84 million in 2022.

Phishing 138

Phishing Banking Mobile Scams 138

Krebs on Security

SEPTEMBER 5, 2023

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. 15, 2022, LastPass said an investigation into the August breach determined the attacker did not access any customer data or password vaults.

Cryptocurrency 362

Cryptocurrency Passwords Encryption Accountability 362

Krebs on Security

NOVEMBER 29, 2023

20, 2023 that identity and authentication giant Okta had suffered a breach in its customer support department, Okta said the intrusion allowed hackers to steal sensitive data from fewer than one percent of its 18,000+ customers. For this reason, they can’t be locked down with multifactor authentication the way user accounts can.

Authentication 273

Authentication Accountability Passwords Antivirus 273

The Last Watchdog

JULY 11, 2024

Passwords have been the cornerstone of basic cybersecurity hygiene for decades. But as secure and user-friendly as these authentication methods are, cybercriminals are already busily sidestepping all forms of authentication – passwords, MFA, and passkeys – to sometimes devastating effect.

Authentication 124

Authentication Passwords Malware Accountability 124

Thales Cloud Protection & Licensing

OCTOBER 2, 2023

Cybersecurity Awareness Month 2023 – What it is and why we should be aware madhav Tue, 10/03/2023 - 05:33 The inception of Cybersecurity Awareness Month in 2004 came at a critical juncture in our technological history. Implement Passwordless Strong Authentication Strong authentication is crucial in enhancing cybersecurity.

Cybersecurity 148

Cybersecurity Cyber threats Authentication Phishing 148

Security Affairs

AUGUST 31, 2023

Cisco is aware of attacks conducted by Akira ransomware threat actors targeting Cisco ASA VPNs that are not configured for multi-factor authentication. “This highlights the importance of enabling multi-factor authentication (MFA) in VPN implementations. . ” reads a post published by Cisco PSIRT.

Authentication 141

Authentication Ransomware VPN Hacking 141

Security Affairs

OCTOBER 9, 2023

IBM observed a credential harvesting campaign that is targeting Citrix NetScaler gateways affected by the CVE-2023-3519 vulnerability. IBM’s X-Force researchers reported that threat actors are conducting a large-scale credential harvesting campaign exploiting the recent CVE-2023-3519 vulnerability (CVSS score: 9.8)

VPN 140

VPN Authentication Cyber Attacks Passwords 140

Krebs on Security

JANUARY 30, 2024

stole at least $800,000 from at least five victims between August 2022 and March 2023. The missives asked users to click a link and log in at a phishing page that mimicked their employer’s Okta authentication page. LastPass said criminal hackers had stolen encrypted copies of some password vaults, as well as other personal information.

Social Engineering 340

Social Engineering Mobile Passwords Cybercrime 340

Malwarebytes

OCTOBER 6, 2023

Recently, Amazon announced that it will require all privileged Amazon Web Services (AWS) accounts to use multi-factor authentication (MFA) , starting in mid-2024. Our regular readers will know that we feel that passwords alone are not adequate protection , especially not for your important accounts.

Authentication 140

Authentication Passwords Social Engineering Accountability 140

CyberSecurity Insiders

DECEMBER 21, 2022

However, while few things may be certain in life, with rising global conflicts, a looming recession, and the continued use of weak and breached credentials, we can be sure that more cyberattacks will be on the horizon in 2023.

Social Engineering 134

Social Engineering Passwords Password Management Engineering 134

Security Affairs

NOVEMBER 29, 2023

Cloud identity and access management solutions provider Okta revealed additional threat actor activity linked to the October 2023 breach. Okta provided additional details about the October 2023 breach and revealed additional threat actor malicious activities. On Thursday, October 19, Okta advised customers of a security incident.

Social Engineering 138

Social Engineering Authentication Engineering Accountability 138

The Hacker News

FEBRUARY 21, 2024

Cybersecurity researchers have identified two authentication bypass flaws in open-source Wi-Fi software found in Android, Linux, and ChromeOS devices that could trick users into joining a malicious clone of a legitimate network or allow an attacker to join a trusted network without a password.

Authentication 145

Authentication Passwords Software Cybersecurity 145

Krebs on Security

NOVEMBER 1, 2024

Booking.com said it now requires 2FA , which forces partners to provide a one-time passcode from a mobile authentication app (Pulse) in addition to a username and password. In November 2023, the security firm SecureWorks detailed how scammers targeted booking.com hospitality partners with data-stealing malware.

Phishing 239

Phishing Accountability Artificial Intelligence Cybercrime 239

Security Affairs

MAY 8, 2024

The issue is tracked as CVE-2023-49606 and received a CVSS score of 9.8. the code is only triggered after access list checks and authentication have succeeded. so if you use basic auth with a reasonably secure password or allow only specific trusted hosts you won’t have to worry. and Tinyproxy 1.10.0.

Internet 133

Internet Internet Authentication Passwords 133

CyberSecurity Insiders

JANUARY 25, 2023

In 2023, we should expect continued change as emerging tech and geopolitical conflicts meet to create an even more complicated and risky threat landscape. As these tools continue to advance in 2023, developers will need to balance innovation with security, or it could have real consequences for businesses, individuals, and governments.

Cyber threats 127

Cyber threats Cybercrime Malware Healthcare 127

Duo's Security Blog

JANUARY 26, 2024

In today’s complex IT landscape, one of the biggest problems faced by a Chief Information Security Officer (CISO) and their IT security team are forgotten and stolen passwords. On average, employees lose 11 hours per year resetting passwords and an average company spends ~$5M per year on setting and resetting passwords.

Passwords 93

Passwords Authentication Mobile CISO 93

SecureList

SEPTEMBER 21, 2023

We conducted an analysis of the IoT threat landscape for 2023, as well as the products and services offered on the dark web related to hacking connected devices. Attack vectors There are two main IoT infection routes: brute-forcing weak passwords and exploiting vulnerabilities in network services.

IoT 128

IoT DDOS Passwords Malware 128

Krebs on Security

JULY 15, 2024

New York City-based Squarespace purchased roughly 10 million domain names from Google Domains in June 2023, and it has been gradually migrating those domains to its service ever since. “And since there’s no password on the account, it just shoots them to the ‘create password for your new account’ flow.

Accountability 294

Accountability Cryptocurrency Passwords DNS 294

Krebs on Security

NOVEMBER 21, 2024

technology companies between 2021 and 2023, including LastPass , MailChimp , Okta , T-Mobile and Twilio. The targeted SMS scams asked employees to click a link and log in at a website that mimicked their employer’s Okta authentication page. Image: Amitai Cohen twitter.com/amitaico.

Identity Theft 228

Identity Theft Phishing Cryptocurrency Accountability 228

Malwarebytes

NOVEMBER 28, 2023

After you register your app and get authentication tokens for a user or service, you can make requests to the Microsoft Graph API. The CVEs of the found vulnerabilities are: CVE-2023-49105 ( CVSS score 9.8 CVE-2023-49104 (CVSS score 9 out of 10): An issue was discovered in ownCloud owncloud/oauth2 before 0.6.1, x before 0.2.1

Passwords 101

Passwords Authentication Ransomware Software 101

Security Affairs

DECEMBER 19, 2023

CitrixBleed is a critical vulnerability, tracked as CVE-2023-4966 , in Citrix NetScaler ADC (Application Delivery Controller) software. The vulnerability was discovered by security researchers at Positive Technologies and disclosed to Citrix in October 10, 2023. Threat actors exploited the flaw between October 16 and October 19, 2023.

Authentication 137

Authentication Data breaches Passwords Internet 137

Security Affairs

DECEMBER 28, 2023

Experts warn of an authentication bypass zero-day flaw that affects Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system. Experts warn of a zero-day flaw that affects Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system. ” reads the report published by SonicWall.

Authentication 143

Authentication Passwords Hacking Software 143

eSecurity Planet

SEPTEMBER 11, 2023

September 5, 2023 Atlas VPN Leaks Users’ IP Addresses Type of attack: Zero-Day Vulnerability, a new vulnerability that is often difficult to fix since no patch is available on the market yet. Alarmingly, this API lacks any form of authentication, allowing virtually anyone, even a malicious website you might visit, to send commands to the CLI.

VPN 114

VPN Authentication Firmware Phishing 114

CyberSecurity Insiders

DECEMBER 28, 2022

And if it is an app, please ensure that the account is enabled with a 2-Factor authentication. Avoid using easy guessing passwords and use only those that are of minimum 15 characters and are made of a mix of alphanumeric characters topped by 1-2 special characters. . Keep the Bluetooth and Wi-Fi ON only when required.

Cyber Attacks 131

Cyber Attacks Authentication Passwords Internet 131

Malwarebytes

JANUARY 16, 2024

As we can see from the description in the database, the root of the problem is that it’s possible to direct password reset emails to unverified email addresses. CVE-2023-7028 ( CVSS score 10 out of 10): an issue has been discovered in GitLab CE/EE affecting all versions from 16.1 This performs secure authentication on your behalf.

Accountability 139

Accountability Passwords Authentication Password Management 139

The Last Watchdog

JUNE 7, 2023

Related: A call to regulate facial recognition This was an early example of multifactor authentication (MFA). I learned about this at RSA Conference 2023 from company Co-founder and CEO Phani Nagarjuna , who explained how Circle extends the use of encryption keys fused to biometrics and decentralizes where copies of the keys are stored.

Authentication 188

Authentication Encryption Passwords Internet 188

Security Affairs

DECEMBER 25, 2023

— Microsoft Threat Intelligence (@MsftSecIntel) December 21, 2023 The use of FalseFont is a trademark of APT33’s operations and confirms that the nation-state actor continues to improve its arsenal. The recent attacks involving FalseFont were first observed in early November 2023. reads the report published by Microsoft.

Passwords 145

Passwords Accountability Authentication Malware 145

CyberSecurity Insiders

DECEMBER 6, 2022

Finally, employees should have all the tools necessary for safe remote work, such as VPN subscriptions, password managers, and devices equipped with multi-factor authentication. While there are plenty of unknowns as we head into 2023, one thing isn’t in doubt: cybersecurity will be more important than ever.

Cybersecurity 129

Cybersecurity VPN Digital transformation Education 129

The Last Watchdog

MARCH 4, 2024

A recent study found only 27% of charities undertook risk assessments in 2023 and only 11% said they reviewed risks posed by suppliers. Strengthen authentication. This means using longer passwords — at least 16 characters , as recommended by experts — in a random string of upper and lower letters, numbers, and symbols.

Social Engineering 213

Social Engineering Risk Cybersecurity Authentication 213

Security Affairs

OCTOBER 17, 2023

If your friend or colleague is suddenly asking you for money or to change your password, call them on the phone and ask if they really sent the message. Use a strong password and store it correctly: Strong passwords consist of a combination of uppercase and lowercase letters, numbers, and special symbols such as punctuation.

Social Engineering 142

Social Engineering Ransomware Engineering Phishing 142