Krebs on Security

JUNE 15, 2023

The directive applies to any networking devices — such as firewalls, routers and load balancers — that allow remote authentication or administration. “This is reachable pre-authentication, on every SSL VPN appliance,” French vulnerability researcher Charles Fol tweeted. “Patch your #Fortigate.”

Risk 243

Risk VPN Internet Internet 243

SecureList

MAY 6, 2024

Amid the current threat landscape, Kaspersky has conducted a comprehensive analysis of the financial risks, pinpointing key trends and providing recommendations to effectively mitigate risks and enhance security posture. Cryptocurrency phishing saw a 16% year-on-year increase in 2023, with 5.84 million detections compared to 5.04

Phishing 138

Phishing Banking Mobile Scams 138

SecureList

MAY 14, 2024

Incident response analyst report 2023 As an information security company, our services include incident response and investigation, and malware analysis. Our annual Incident Response Report presents anonymized statistics on the cyberattacks we investigated in 2023. This attack vector was among the three most frequently seen in 2023.

Ransomware 134

Ransomware Authentication Passwords Government 134

The Last Watchdog

MARCH 1, 2023

The IT world relies on digital authentication credentials, such as API keys, certificates, and tokens, to securely connect applications, services, and infrastructures. In January 2023, CircleCI was breached. The increasing prevalence of code and services means that software- and code-related risks will not dissipate any time soon.

Authentication 222

Authentication CISO Passwords Software 222

Security Affairs

AUGUST 31, 2023

Cisco is aware of attacks conducted by Akira ransomware threat actors targeting Cisco ASA VPNs that are not configured for multi-factor authentication. “This highlights the importance of enabling multi-factor authentication (MFA) in VPN implementations. . ” reads a post published by Cisco PSIRT. 200 and 162.35.92[.]242

Authentication 141

Authentication Ransomware VPN Hacking 141

The Last Watchdog

SEPTEMBER 24, 2024

The breach was initially caused by a third-party malicious actor who infiltrated NPD’s systems in December 2023. This drives public awareness of the risks associated with identity theft. Related: Class-action lawsuits pile up in wake of NPD hack So what’s the connection? NPD reported the exposure of over 2.7 billion records.

Authentication 215

Authentication Identity Theft Banking Data breaches 215

Security Affairs

OCTOBER 25, 2023

Citrix warned of attacks actively exploiting the vulnerability CVE-2023-4966 in NetScaler ADC and Gateway appliances. Citrix is urging administrators to secure all NetScaler ADC and Gateway appliances against the CVE-2023-4966 vulnerability, which is actively exploited in attacks. reported Citrix. reported Citrix. NetScaler ADC 13.1-FIPS

Authentication 140

Authentication VPN Hacking Government 140

Thales Cloud Protection & Licensing

OCTOBER 2, 2023

Cybersecurity Awareness Month 2023 – What it is and why we should be aware madhav Tue, 10/03/2023 - 05:33 The inception of Cybersecurity Awareness Month in 2004 came at a critical juncture in our technological history. Implement Passwordless Strong Authentication Strong authentication is crucial in enhancing cybersecurity.

Cybersecurity 148

Cybersecurity Cyber threats Authentication Phishing 148

Security Affairs

OCTOBER 18, 2023

Experts reported that the vulnerability CVE-2023-4966 in Citrix NetScaler ADC/Gateway devices has been exploited in attacks since late August. On October 10, Citrix published a security bulletin related to a critical vulnerability, tracked as CVE-2023-4966, in Citrix NetScaler ADC/Gateway devices. ” reported Citrix.

Authentication 138

Authentication VPN Hacking Government 138

CyberSecurity Insiders

DECEMBER 23, 2022

This year, organizations have spent significant time and resources attempting to mitigate the risks associated with Business Communication Compromise, including phishing attacks and Personally-Identifiable Information leakages. Below are my top 5 predictions for Business Communication Compromise in 2023.

Social Engineering 142

Social Engineering Phishing Risk Engineering 142

The Last Watchdog

JULY 11, 2024

Related: Passwordless workpace long way off However, as users engage with more applications across multiple devices, the digital security landscape is shifting from passwords and password managers towards including passwordless authentication, such as multi-factor authentication (MFA), biometrics, and, as of late, passkeys.

Authentication 124

Authentication Passwords Malware Accountability 124

Security Affairs

OCTOBER 4, 2023

Software giant Atlassian released emergency security updates to address a critical zero-day vulnerability, tracked as CVE-2023-22515 (CVSS score 10), in its Confluence Data Center and Server software. The flaw CVE-2023-22515 is a privilege escalation vulnerability that affects Confluence Data Center and Server 8.0.0 and later.

Software 144

Software Accountability Authentication Internet 144

The Last Watchdog

MARCH 4, 2024

Assess risks. Creating a solid cybersecurity foundation begins with understanding the organization’s risks. A recent study found only 27% of charities undertook risk assessments in 2023 and only 11% said they reviewed risks posed by suppliers. Strengthen authentication. Train staff regularly.

Social Engineering 213

Social Engineering Risk Cybersecurity Authentication 213

eSecurity Planet

DECEMBER 7, 2022

But for 2023, cybersecurity will be a “key pillar” of the company’s focus – particularly data compliance and protection. There are many issues like API security, authentication, data residency, privacy and compliance. An area that Kakran is bullish on for 2023 is Kubernetes security and observability.

Cybersecurity 137

Cybersecurity Risk Technology Ransomware 137

CyberSecurity Insiders

DECEMBER 18, 2022

A look ahead to 2023 we can expect to see changes in MFA, continued Hactivism from non-state actors, CISOs lean in on more proactive security and crypto-jackers will get more savvy. In 2023, crypto-jackers will get more savvy and we might start to see the detrimental effects of what is usually considered inevitable or negligible.

Cybersecurity 125

Cybersecurity CISO Insurance Ransomware 125

The Last Watchdog

FEBRUARY 20, 2024

billion work hours in 2023 and helped raise customer satisfaction to 69% for $0.50 Authentication and authorization vulnerabilities: Weak authentication methods and compromised access tokens can provide unauthorized access. This helps them improve their performance over time by gaining data from interactions. per interaction.

Cybersecurity 273

Cybersecurity Penetration Testing Authentication Social Engineering 273

Jane Frankland

NOVEMBER 20, 2023

My Predictions for Cybersecurity in 2023 were… Technology enables opportunities as fast as it introduces threats. Here are my predictions for 2023. By swapping implicit trust for identity-and context-based risk appropriate trust (users, devices, and services), companies will realise greater safeguards. Types of attacks.

Cybersecurity 130

Cybersecurity Digital transformation Artificial Intelligence Architecture 130

Malwarebytes

OCTOBER 6, 2023

Recently, Amazon announced that it will require all privileged Amazon Web Services (AWS) accounts to use multi-factor authentication (MFA) , starting in mid-2024. Multi-factor authentication is so much more secure, and with that a lot more forgiving, than passwords alone. So we wholeheartedly agree with Amazon on this.

Authentication 140

Authentication Passwords Social Engineering Accountability 140

Krebs on Security

JULY 12, 2024

AT&T also acknowledged the customer records were exposed in a cloud database that was protected only by a username and password (no multi-factor authentication needed). c) of the SEC Rule, due to potential risks to national security and/or public safety. In a regulatory filing with the U.S.

Data breaches 336

Data breaches Passwords Authentication Accountability 336

Security Affairs

AUGUST 21, 2023

Ivanti warned customers of a new critical Sentry API authentication bypass vulnerability tracked as CVE-2023-38035. The software company Ivanti released urgent security patches to address a critical-severity vulnerability, tracked as CVE-2023-38035 (CVSS score 9.8), in the Ivanti Sentry (formerly MobileIron Sentry) product.

Authentication 98

Authentication Internet Internet Mobile 98

CyberSecurity Insiders

JANUARY 6, 2023

Here are some API security predictions for 2023: Prediction #1: There will be a major API security breach that forces faster regulatory action. Prediction #2: Leaders will see APIs as representing both security and business risks. Prediction #4: Organizations will right-size data storage to reduce risks.

CISO 118

CISO Financial Services Risk Unstructured Data 118

Malwarebytes

OCTOBER 31, 2023

Tech company F5 has warned customers about a critical authentication bypass vulnerability impacting its BIG-IP product line that could result in unauthenticated remote code execution. This CVEs is listed as: CVE-2023-46747 ( CVSS score 9.8 Cybersecurity risks should never spread beyond a headline.

Authentication 121

Authentication DDOS Software Firewall 121

CyberSecurity Insiders

DECEMBER 6, 2022

To avoid these risks, companies need to develop a culture of cybersecurity that will lead to sustainable behavioral change whether employees are in the office or not. 2 – The proliferation of attack vectors will put companies at risk. Companies should also provide clear channels for reporting suspicious incidents.

Cybersecurity 129

Cybersecurity VPN Digital transformation Education 129

eSecurity Planet

SEPTEMBER 11, 2023

September 5, 2023 Atlas VPN Leaks Users’ IP Addresses Type of attack: Zero-Day Vulnerability, a new vulnerability that is often difficult to fix since no patch is available on the market yet. Alarmingly, this API lacks any form of authentication, allowing virtually anyone, even a malicious website you might visit, to send commands to the CLI.

VPN 114

VPN Authentication Firmware Phishing 114

eSecurity Planet

JANUARY 30, 2024

Cloud storage risks involve potential external threats and vulnerabilities that jeopardize the security of stored data. Risks can lead to issues, but at the same time, you can prevent the risks by addressing these issues. Migration challenges result in incomplete transfers, which expose critical information to risk.

Risk 123

Risk DDOS Data breaches Encryption 123

eSecurity Planet

OCTOBER 11, 2023

Microsoft’s Patch Tuesday for October 2023 covers a total of 103 CVEs, including three zero-day vulnerabilities affecting WordPad, Skype and the HTTP/2 “ Rapid Reset ” DDoS vulnerability. CVE-2023-41763 , an elevation of privilege vulnerability in Skype for Business with a CVSS score of 5.3

DDOS 107

DDOS Engineering Authentication Social Engineering 107

Cisco Security

JANUARY 10, 2023

As the majority of the global Covid fog finally started lifting in 2022, other events – and their associated risks – started to fill the headspace of C-level execs the world over. Here are the topics that I think will be top of mind in 2023, and what CISOs can do to prepare. CISO in the firing line. Third party dependency.

CISO 127

CISO Insurance Cyber Insurance Phishing 127

CyberSecurity Insiders

DECEMBER 6, 2022

Netwrix, a cybersecurity vendor that makes data security easy, today released key IT security trends that will affect organizations of all sizes in 2023. Here are five specific trends for 2023 that you need to be aware of: The business of cybercrime will be further professionalized. Supply chain attacks will intensify. About Netwrix .

Cybersecurity 116

Cybersecurity Cybercrime Social Engineering Risk 116

eSecurity Planet

FEBRUARY 5, 2024

Vendor risk management and collaboration within the industry further enhance your system’s resiliency. January 29, 2024 Juniper Releases Updates for Critical RCE Vulnerabilities Type of vulnerability: Missing authentication flaw and cross-site scripting (XSS) vulnerability. Both affect J-Web and all Junos OS versions.

Risk 104

Risk Penetration Testing Authentication Software 104

Security Affairs

JANUARY 11, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added an Ivanti Connect Secure and Policy Secure flaws, tracked as CVE-2024-21887 and CVE-2023-46805 , and Microsoft SharePoint Server flaw CVE-2023-29357 to its Known Exploited Vulnerabilities (KEV) catalog. The flaw CVE-2023-46805 (CVSS score 8.2)

Authentication 135

Authentication Hacking Cybersecurity Software 135

Security Affairs

AUGUST 24, 2023

Proof-of-concept exploit code for critical Ivanti Sentry authentication bypass flaw CVE-2023-38035 has been released. Researchers released a proof-of-concept (PoC) exploit code for critical Ivanti Sentry authentication bypass vulnerability CVE-2023-38035 (CVSS score 9.8). and prior. “If

Internet 98

Internet Internet Authentication Risk 98

eSecurity Planet

SEPTEMBER 5, 2023

Collectively, these episodes highlight the need for comprehensive cybersecurity defenses and timely patch management for risk mitigation. CVE-2023-3519 was used by the attackers to infect computers, including misleading PowerShell scripts, malware payloads within normal processes, and PHP web shells for remote control. are affected.

VPN 102

VPN Authentication Ransomware Antivirus 102

Security Affairs

NOVEMBER 1, 2023

US CISA added two vulnerabilities, tracked as CVE-2023-46747 and CVE-2023-46748, in BIG-IP to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerabilities CVE-2023-46747 and CVE-2023-46748 in BIG-IP to its Known Exploited Vulnerabilities catalog.

Authentication 137

Authentication Hacking Risk Cybersecurity 137

Pen Test Partners

FEBRUARY 20, 2024

TL;DR The VMware Enhanced Authentication plugin that is offered as part of VMware vSphere’s seamless login experience for the web console contains multiple vulnerabilities relating to Kerberos authentication relay. The general recommendation is to simply remove the enhanced authentication plugin from all client devices.

Authentication 138

Authentication Risk 138

eSecurity Planet

DECEMBER 18, 2023

December 11, 2023 Sonar Finds Three Vulnerabilities in Open-Source Firewall pfSense Type of vulnerability: Cross-site scripting and command injection. NIST has cataloged the three vulnerabilities as CVE-2023-42325 , CVE-2023-42327 , and CVE-2023-42326. pfSense CE 2.7.0 and below and pfSense Plus 23.05.1 Versions 2.7.1

Backups 110

Backups Firewall Engineering Software 110

The Last Watchdog

SEPTEMBER 25, 2023

million in 2023, according to IBM’s Cost of a Data Breach Report, and over 700,000 small businesses were targeted in cybersecurity attacks in 2020, according to the Small Business Association. Nonprofits are equally at risk, and often lack cybersecurity measures. The average cost of a cybersecurity breach was $4.45

Small Business 222

Small Business Cybersecurity Technology Accountability 222

Malwarebytes

NOVEMBER 2, 2023

Atlassian has released an advisory about a critical severity authentication vulnerability in the Confluence Server and Data Center. Instances accessible over the public internet, including those with user authentication, should be restricted from external network access until they have been patched.

Authentication 134

Authentication CISO Internet Internet 134