Security Affairs

FEBRUARY 16, 2025

Russia-linked group Storm-2372 used the device code phishing technique since Aug 2024 to steal login tokens from governments, NGOs, and industries. ” Device code phishing attacks exploit authentication flows to steal tokens, granting attackers access to accounts and data. ” continues the report.

Phishing 113

Phishing Authentication Telecommunications Accountability 113

The Last Watchdog

DECEMBER 5, 2024

5, 2024, CyberNewswire — One Identity proudly announces it has been named a winner in the Hot Company: Privileged Access Management (PAM) category in the 12th annual Cyber Defense Awards by Cyber Defense Magazine (CDM), the industrys leading information security magazine. Alisa Viejo, Calif.,

InfoSec 130

InfoSec Cyber Risk CISO Cybersecurity 130

Penetration Testing

DECEMBER 16, 2024

Tracked as CVE-2024-55661, this vulnerability could allow authenticated... The post CVE-2024-55661: RCE Vulnerability Discovered in Laravel Pulse Monitoring Tool appeared first on Cybersecurity News.

Authentication 109

Authentication Cybersecurity 109

Webroot

OCTOBER 31, 2024

Steam the Webinar on demand HERE As we look back on the cybersecurity landscape of 2024, it’s clear that the world of digital threats continues to evolve at an alarming pace in parallel with AI. The saga of LockBit in 2024 exemplifies the resilience and adaptability of these cybercriminal groups.

Malware 108

Malware Ransomware Passwords Healthcare 108

Krebs on Security

MAY 14, 2024

CVE-2024-30051 is an “elevation of privilege” bug in a core Windows library. ” CVE-2024-30040 is a security feature bypass in MSHTML , a component that is deeply tied to the default Web browser on Windows systems. . First, the zero-days.

Social Engineering 278

Social Engineering Backups Malware Software 278

Penetration Testing

DECEMBER 25, 2024

The Apache Software Foundation has disclosed a critical vulnerability, CVE-2024-43441, affecting Apache HugeGraph-Server, a widely used open-source graph database system.

Authentication 76

Authentication Software Cybersecurity 76

Tech Republic Security

MARCH 26, 2024

Authenticator apps provide an extra layer of security. Learn about the best authenticator apps to secure your online accounts and protect your privacy.

Authentication 189

Authentication Accountability 189

Penetration Testing

NOVEMBER 2, 2024

On October 30, 2024, Okta announced a critical security advisory addressing a vulnerability in its AD/LDAP Delegated Authentication (DelAuth) system.

Authentication 83

Authentication Cybersecurity 83

Krebs on Security

OCTOBER 30, 2024

Change Healthcare says it has notified approximately 100 million Americans that their personal, financial and healthcare records may have been stolen in a February 2024 ransomware attack that caused the largest ever known data breach of protected health information. A post about the Change breach from RansomHub on April 8, 2024.

Healthcare 297

Healthcare Insurance Computers and Electronics Data breaches 297

Krebs on Security

FEBRUARY 13, 2024

Top of the heap on this Fat Patch Tuesday is CVE-2024-21412 , a “security feature bypass” in the way Windows handles Internet Shortcut Files that Microsoft says is being targeted in active exploits. Microsoft Corp. msi) that in turn unloads a remote access trojan (RAT) onto infected Windows systems.

Engineering 286

Engineering Internet Internet Software 286

Penetration Testing

OCTOBER 28, 2024

Designated as CVE-2024-46483, this pre-authentication... The post CVE-2024-46483 (CVSS 9.8): Xlight FTP Server Flaw Leaves Users Exposed to Remote Attacks, PoC Published appeared first on Cybersecurity News.

Authentication 98

Authentication Cybersecurity 98

Penetration Testing

SEPTEMBER 22, 2024

Tracked as CVE-2024-8698,... The post CVE-2024-8698: Keycloak Vulnerability Puts SAML Authentication at Risk appeared first on Cybersecurity News.

Authentication 145

Authentication Risk Cybersecurity 145

Tech Republic Security

MARCH 20, 2024

Explore top multi-factor authentication solutions for enhanced security and user authentication. Learn about the benefits and features of leading MFA providers.

Authentication 193

Authentication 193

Tech Republic Security

APRIL 2, 2024

Discover the top passwordless authentication solutions that can enhance security and user experience. Find the best solution for your business needs.

Authentication 186

Authentication 186

Security Affairs

NOVEMBER 7, 2024

Google as usual did not share details about the attacks exploiting the above vulnerability, however, it added that another issue, tracked as CVE-2024-43047, is actively exploited in the wild. CVE-2024-43093 CVE-2024-43047″ reads the security bulletin published by Google. Versions up to 2.3.6 and unpatched 2.3.7

Firewall 124

Firewall Authentication Accountability Risk 124

Security Affairs

OCTOBER 20, 2024

F5 addressed two vulnerabilities in BIG-IP and BIG-IQ enterprise products, respectively tracked as CVE-2024-45844 and CVE-2024-47139. An authenticated attacker, with Manager role privileges or higher, could exploit the vulnerability CVE-2024-45844 to elevate privileges and compromise the BIG-IP system.

Authentication 136

Authentication Hacking Technology Information Security 136

SecureList

MARCH 12, 2025

Regions and industries of incident response requests In 2024, we saw the share of incident response requests rise in most of the regions, with the majority of investigations conducted in the CIS (50.6%), the Middle East (15.7%) and Europe (10.8%). from the 2023 numbers and amounted to 41.6% of incidents overall.

Ransomware 90

Ransomware Passwords Government Security Awareness 90

Security Boulevard

DECEMBER 27, 2024

The post Best of 2024: AT&T Says 110M Customers Data Leaked Yep, its Snowflake Again appeared first on Security Boulevard. Shouldve used MFA: $T loses yet more customer datathis time, from almost all of them.

Authentication 121

Authentication 121

Security Affairs

OCTOBER 19, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added the Veeam Backup and Replication flaw CVE-2024-40711 (CVSS score of 9.8) This week, Sophos researchers warned that ransomware operators are exploiting the critical vulnerability CVE-2024-40711 in Veeam Backup & Replication to create rogue accounts and deploy malware.

Backups 129

Backups VPN Ransomware Authentication 129

SecureList

MARCH 25, 2025

Key findings Phishing Banks were the most popular lure in 2024, accounting for 42.58% of financial phishing attempts. Amazon Online Shopping was mimicked by 33.19% of all phishing and scam pages targeting online store users in 2024. Cryptocurrency phishing saw an 83.37% year-over-year increase in 2024, with 10.7

Phishing 73

Phishing Banking Scams Mobile 73

Security Affairs

NOVEMBER 13, 2024

Two of these vulnerabilities, tracked as CVE-2024-45421 and CVE-2024-45419, are high-severity issues that remote attackers could exploit to escalate privileges or leak sensitive information. The vulnerability CVE-2024-45421 (CVSS score of 8.5) is a buffer overflow issue that an authenticated attacker could exploit.

Authentication 114

Authentication Mobile Hacking Information Security 114

Krebs on Security

FEBRUARY 11, 2025

Tenable senior staff research engineer Satnam Narang noted that since 2022, there have been nine elevation of privilege vulnerabilities in this same Windows component — three each year — including one in 2024 that was exploited in the wild as a zero day (CVE-2024-38193).

Artificial Intelligence 199

Artificial Intelligence Engineering Software Internet 199

Security Affairs

DECEMBER 11, 2024

Ivanti addressed a critical authentication bypass vulnerability impacting its Cloud Services Appliance (CSA) solution. Ivanti addressed a critical authentication bypass vulnerability, tracked as CVE-2024-11639 (CVSS score of 10), in its Cloud Services Appliance (CSA) solution. ” reads the advisory published by the company.

Authentication 105

Authentication Software Hacking Information Security 105

Krebs on Security

NOVEMBER 21, 2024

The targeted SMS scams asked employees to click a link and log in at a website that mimicked their employer’s Okta authentication page. In January 2024, KrebsOnSecurity broke the news that Urban had been arrested in Florida in connection with multiple SIM-swapping attacks. police as part of an FBI investigation into the MGM hack.

Identity Theft 254

Identity Theft Phishing Cryptocurrency Accountability 254

Penetration Testing

NOVEMBER 18, 2024

These vulnerabilities, ranging from authentication bypass to potential cross-site... The post Trio of Apache Tomcat Flaws Disclosed: Authentication Bypass, HTTP/2 Request Mix-Up, and XSS Flaw appeared first on Cybersecurity News.

Authentication 96

Authentication Software Cybersecurity 96

Security Affairs

NOVEMBER 2, 2024

Hackers are exploiting two zero-day vulnerabilities, tracked as CVE-2024-8956 and CVE-2024-8957, in PTZOptics cameras. Threat actors are attempting to exploit two zero-day vulnerabilities, tracked as CVE-2024-8956 and CVE-2024-8957 , in PTZOptics pan-tilt-zoom (PTZ) live streaming cameras, GretNoise researchers warn.

Firmware 120

Firmware Manufacturing IoT Healthcare 120

Security Affairs

FEBRUARY 19, 2025

Palo Alto Networks warns that threat actors are chaining the vulnerability CVE-2025-0111 with two other vulnerabilities, tracked as CVE-2025-0108 with CVE-2024-9474 , to compromise PAN-OS firewalls. Attackers are chaining them with the CVE-2025-0108 with CVE-2024-9474 issues. ” reads the updated bulletin published by the vendor.

Firewall 105

Firewall Authentication Architecture Internet 105

Responsible Cyber

NOVEMBER 23, 2024

Overview of Vendor Breaches in 2024 In 2024, the cybersecurity landscape has faced an alarming rise in vendor-related breaches, underscoring the vulnerabilities associated with third-party service providers. A common characteristic among the vendor breaches reported in 2024 is the exploitation of weak security protocols.

Risk 81

Risk Healthcare Education Cybersecurity 81

The Last Watchdog

DECEMBER 12, 2023

What should I be most concerned about – and focus on – in 2024? In 2024, we will see more targeted, sophisticated business email compromise (BEC) attacks, including VIP impersonation, vendor email compromise (VEC), and autonomous agents used for malicious purposes. The comments we received were uniformly insightful and helpful.

Cybersecurity 258

Cybersecurity Social Engineering Cyber threats Software 258

Security Affairs

OCTOBER 23, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added the Fortinet FortiManager missing authentication vulnerability CVE-2024-47575 (CVSS v4 score: 9.8) A missing authentication flaw in FortiManager and FortiManager Cloud versions allows attackers to execute arbitrary code or commands through specially crafted requests.

Authentication 124

Authentication Malware Risk Cybersecurity 124

Krebs on Security

NOVEMBER 1, 2024

Booking.com said it now requires 2FA , which forces partners to provide a one-time passcode from a mobile authentication app (Pulse) in addition to a username and password. .” The phony booking.com website generated by visiting the link in the text message. SecureWorks said these attacks had been going on since at least March 2023.

Phishing 263

Phishing Accountability Artificial Intelligence Cybercrime 263

Security Affairs

DECEMBER 6, 2024

Cybersecurity and Infrastructure Security Agency (CISA)added the CyberPanelflaw CVE-2024-51378 (CVSS score: 10.0) Remote attackers could bypass authentication and execute arbitrary commands by exploiting a flaw in secMiddleware , which only validates POST requests. . to its Known Exploited Vulnerabilities (KEV) catalog.

DNS 108

DNS Authentication Ransomware Hacking 108

Security Affairs

FEBRUARY 19, 2025

The second vulnerability, tracked CVE-2025-26466 (CVSS score: 5.9), affects both the OpenSSH client and server, allowing a pre-authentication denial-of-service attack. ” The OpenSSH client and server are vulnerable (CVE-2025-26466) to a pre-authentication denial-of-service (DoS) attack.

Authentication 121

Authentication System Administration DNS Hacking 121

Security Affairs

JANUARY 19, 2025

A severe vulnerability, tracked as CVE-2024-12365 (CVSS score of 8.5) The vulnerability allows authenticated attackers with Subscriber access to exploit a missing capability check, leading to information disclosure. in the WordPress W3 Total Cache plugin could expose metadata from internal services and cloud apps.

Consumer Services 124

Consumer Services Authentication Hacking 124

The Last Watchdog

AUGUST 12, 2024

LAS VEGAS – Here’s what I discovered last week here at Black Hat USA 2024 : GenAI is very much in the mix as a potent X-factor in cybersecurity. After strolling the exhibits floor at Black Hat USA 2024 and speaking with the solution providers, I jotted down two categories of cybersecurity advancements: ‘coding level’ and ‘operational level.’

Software 290

Software Technology Mobile Cybersecurity 290

Security Affairs

FEBRUARY 3, 2025

The February 2025 Android security updates addressed 48 vulnerabilities, including a zero-day flaw, tracked as CVE-2024-53104 , which is actively exploited in attacks in the wild. “There are indications that CVE-2024-53104 may be under limited, targeted exploitation.” ” reads Google’s bulletin.

Media 114

Media Authentication Hacking Accountability 114

The Last Watchdog

DECEMBER 13, 2023

We drilled down on a few significant developments expected to play out in 2024 and beyond. Each time we use a mobile app or website-hosted service, digital certificates and the Public Key Infrastructure ( PKI ) come into play — to assure authentication and encrypt sensitive data transfers. We met at DigiCert Trust Summit 2023.

Encryption 311

Encryption Technology CISO IoT 311