Penetration Testing

SEPTEMBER 6, 2024

Red Hat has issued a critical security advisory warning of an authentication bypass vulnerability (CVE-2024-7923) in Pulpcore, a content management system used in Red Hat Satellite deployments.

Authentication 121

Authentication Cybersecurity 121

Penetration Testing

OCTOBER 26, 2024

A critical authentication bypass vulnerability has been discovered in wpDiscuz, a widely used WordPress plugin with over 80,000 active installations.

Authentication 108

Authentication Risk Cybersecurity 108

Penetration Testing

SEPTEMBER 27, 2024

Cybersecurity firm RedTeam Pentesting GmbH has disclosed two critical vulnerabilities, CVE-2024-6592 and CVE-2024-6593, in WatchGuard’s Authentication Gateway (also known as Single Sign-On Agent) and Single Sign-On Client software, potentially impacting... The post Critical WatchGuard Vulnerabilities Discovered: CVE-2024-6592 and (..)

Authentication 115

Authentication Software Cybersecurity 115

Security Boulevard

JANUARY 17, 2024

As AI becomes available and robust, malicious actors have already used it to develop more advanced attack methods; defenders must also leverage AI in 2024. The post AI’s Role in Cybersecurity for Attackers and Defenders in 2024 appeared first on Security Boulevard.

Cybersecurity 126

Cybersecurity Artificial Intelligence Threat Detection Data privacy 126

Security Affairs

OCTOBER 24, 2024

The “FortiJump” flaw (CVE-2024-47575) has been exploited in zero-day attacks since June 2024, impacting over 50 servers, says Mandiant. A new report published by Mandiant states that the recently disclosed Fortinet FortiManager flaw “FortiJump” CVE-2024-47575 (CVSS v4 score: 9.8) This week the U.S.

Authentication 131

Authentication Internet Internet Hacking 131

Penetration Testing

JUNE 27, 2024

In a recent cybersecurity advisory, Juniper Networks disclosed a critical vulnerability identified as CVE-2024-2973, which has earned a severity rating of 10 on the CVSS scale.

Authentication 95

Authentication Cybersecurity 95

Security Affairs

JANUARY 31, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Apple improper authentication bug to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added an Apple improper authentication bug, tracked as CVE-2022-48618 , to its Known Exploited Vulnerabilities (KEV) catalog.

Authentication 132

Authentication Cybersecurity Risk Information Security 132

IT Security Guru

DECEMBER 20, 2023

As 2023 draws to a close, it’s time for cybersecurity experts to gaze into their crystal balls and predict what the next year has set in store for the security industry. AI will dominate the cyber landscape in 2024 in ways few people can imagine. If they thought this year was bad, they ain’t seen nothing yet.”

Cybersecurity 142

Cybersecurity Phishing Scams Cloud Migration 142

The Last Watchdog

DECEMBER 5, 2024

5, 2024, CyberNewswire — One Identity proudly announces it has been named a winner in the Hot Company: Privileged Access Management (PAM) category in the 12th annual Cyber Defense Awards by Cyber Defense Magazine (CDM), the industrys leading information security magazine. Alisa Viejo, Calif.,

InfoSec 130

InfoSec Cyber Risk CISO Cybersecurity 130

Penetration Testing

DECEMBER 16, 2024

Tracked as CVE-2024-55661, this vulnerability could allow authenticated... The post CVE-2024-55661: RCE Vulnerability Discovered in Laravel Pulse Monitoring Tool appeared first on Cybersecurity News.

Authentication 104

Authentication Cybersecurity 104

eSecurity Planet

DECEMBER 19, 2023

As 2023 draws to an end and cybersecurity budgeting is nearly complete, it helps to consider the year’s events and try to predict next year’s trends. After receiving input from industry experts and doing my own analysis of the year’s driving forces, I identified five major cybersecurity trends. Bottom line: Prepare now based on risk.

Cybersecurity 139

Cybersecurity CISO Government Technology 139

Thales Cloud Protection & Licensing

FEBRUARY 1, 2024

Passkeys and The Beginning of Stronger Authentication madhav Fri, 02/02/2024 - 05:23 How passkeys are rewriting the current threat landscape Lillian, an experienced CISO, surveyed the threat landscape. Despite solid cybersecurity defenses within her enterprise, the reliance on age-old passwords left it vulnerable.

Authentication 138

Authentication Passwords CISO Password Management 138

The Last Watchdog

SEPTEMBER 24, 2024

The data began leaking in April 2024, and by summer, it was being sold on the dark web for $3.5 About the essayist: Ambuj Kumar is Co-founder and CEO of Simbian , AI Agents for cybersecurity The post GUEST ESSAY: Massive NPD breach tells us its high time to replace SSNs as an authenticator first appeared on The Last Watchdog.

Authentication 216

Authentication Identity Theft Banking Data breaches 216

Penetration Testing

SEPTEMBER 6, 2024

IBM has issued a critical security advisory for its webMethods Integration Server, revealing multiple vulnerabilities that could allow authenticated users to execute arbitrary commands, escalate privileges, and access sensitive files....

Authentication 121

Authentication Cybersecurity 121

Penetration Testing

OCTOBER 3, 2024

A high-severity vulnerability, CVE-2024-9313 ((CVSS 8.8)), has been discovered in Authd, an authentication daemon used for secure identity and access management in Ubuntu machines.

Authentication 111

Authentication Cybersecurity 111

Penetration Testing

SEPTEMBER 5, 2024

OpenStack’s Ironic project, which provisions bare metal machines, has been found vulnerable to a critical security flaw (CVE-2024-44082) that could allow authenticated users to exploit unvalidated image data.

Authentication 110

Authentication Cybersecurity 110

Security Affairs

OCTOBER 11, 2024

Sophos researchers warn that ransomware operators are exploiting the critical vulnerability CVE-2024-40711 in Veeam Backup & Replication to create rogue accounts and deploy malware. Florian Hauser, cybersecurity researcher at CODE WHITE Gmbh, reported this vulnerability. impacting Veeam Backup & Replication (VBR).

Backups 130

Backups Ransomware VPN Authentication 130

Penetration Testing

DECEMBER 25, 2024

The Apache Software Foundation has disclosed a critical vulnerability, CVE-2024-43441, affecting Apache HugeGraph-Server, a widely used open-source graph database system.

Authentication 68

Authentication Software Cybersecurity 68

Penetration Testing

SEPTEMBER 17, 2024

The flaw, identified as CVE-2024-45409, carries a CVSS... The post GitLab Releases Critical Security Patch for CVE-2024-45409 (CVSS 10) Vulnerability appeared first on Cybersecurity News.

Cybersecurity 130

Cybersecurity Authentication 130

The Last Watchdog

JULY 11, 2024

Passwords have been the cornerstone of basic cybersecurity hygiene for decades. But as secure and user-friendly as these authentication methods are, cybercriminals are already busily sidestepping all forms of authentication – passwords, MFA, and passkeys – to sometimes devastating effect.

Authentication 124

Authentication Passwords Malware Accountability 124

SecureWorld News

JULY 17, 2024

As the 2024 Olympics approach, the world's eyes will turn to Paris. The event not only showcases athletic prowess but also presents a significant challenge for cybersecurity professionals. Public safety: Coordinating between cybersecurity teams and physical security personnel will be crucial to address potential hybrid threats.

Cybersecurity 107

Cybersecurity Phishing Mobile Media 107

Penetration Testing

OCTOBER 28, 2024

Designated as CVE-2024-46483, this pre-authentication... The post CVE-2024-46483 (CVSS 9.8): Xlight FTP Server Flaw Leaves Users Exposed to Remote Attacks, PoC Published appeared first on Cybersecurity News.

Authentication 98

Authentication Cybersecurity 98

Krebs on Security

OCTOBER 30, 2024

Change Healthcare says it has notified approximately 100 million Americans that their personal, financial and healthcare records may have been stolen in a February 2024 ransomware attack that caused the largest ever known data breach of protected health information. A post about the Change breach from RansomHub on April 8, 2024.

Healthcare 283

Healthcare Insurance Computers and Electronics Data breaches 283

eSecurity Planet

MAY 2, 2024

The 2023 vendor surveys arriving this quarter paint a picture of a cybersecurity landscape under attack, with priority issues affecting deployment, alert response, and exposed vulnerabilities. Most organizations express confidence in their current status and budgets, but also expect to experience at least one data breach in 2024.

Cybersecurity 103

Cybersecurity DDOS Penetration Testing Passwords 103

Security Affairs

NOVEMBER 7, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Palo Alto Expedition, Android, CyberPanel and Nostromo nhttpd bugs to its Known Exploited Vulnerabilities catalog. CVE-2024-43093 CVE-2024-43047″ reads the security bulletin published by Google. Versions up to 2.3.6 and unpatched 2.3.7 reads the advisory.

Firewall 125

Firewall Authentication Accountability Risk 125

Centraleyes

DECEMBER 16, 2024

As we approach 2025, the cybersecurity landscape is evolving rapidly, shaped by technological advancements, regulatory shifts, and emerging threats. Below is an exhaustive list of key cybersecurity trends to watch out for in 2025. Lets explore the top current cybersecurity trends this year. The challenge?

Cybersecurity 98

Cybersecurity Insurance Cyber Insurance Risk 98

Security Affairs

OCTOBER 19, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Veeam Backup and Replication vulnerability to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added the Veeam Backup and Replication flaw CVE-2024-40711 (CVSS score of 9.8) reads the advisory.

Backups 130

Backups VPN Ransomware Authentication 130

Security Affairs

JANUARY 24, 2024

Researchers released PoC exploit code for a recently disclosed critical authentication bypass flaw in Fortra’s GoAnywhere MFT (Managed File Transfer). Researchers with cybersecurity firm Horizon3’s Attack Team published technical details of the recently disclosed vulnerability CVE-2024-0204 impacting Fortra GoAnywhere MFT.

Authentication 134

Authentication Hacking Engineering Encryption 134

Penetration Testing

NOVEMBER 2, 2024

On October 30, 2024, Okta announced a critical security advisory addressing a vulnerability in its AD/LDAP Delegated Authentication (DelAuth) system.

Authentication 77

Authentication Cybersecurity 77

Security Affairs

MARCH 9, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds a JetBrains TeamCity vulnerability to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2024-27198 (CVSS Score 9.8) CISA orders federal agencies to fix this vulnerability by March 28, 2024.

Authentication 136

Authentication Cybersecurity Hacking Risk 136

Security Affairs

JULY 1, 2024

Experts spotted threat actors exploiting the critical vulnerability CVE-2024-0769 affects all D-Link DIR-859 WiFi routers. Researchers from cybersecurity firm GreyNoise have spotted exploitation attempts for the critical vulnerability CVE-2024-0769 (CVSS score 9.8) impacting all D-Link DIR-859 WiFi routers.

Passwords 133

Passwords Accountability Authentication Internet 133

Penetration Testing

SEPTEMBER 5, 2024

A critical vulnerability, CVE-2024-7012, has been discovered in Foreman, a widely used open-source lifecycle management tool. This authentication bypass flaw, with a CVSS score of 9.8 (the

Authentication 93

Authentication Cybersecurity 93

Penetration Testing

OCTOBER 6, 2024

A serious vulnerability has been identified in the OATH-Toolkit’s PAM module, exposing systems to potential root-level exploits when handling one-time password (OTP) authentication.

Authentication 93

Authentication Passwords Cybersecurity 93

The Last Watchdog

SEPTEMBER 10, 2024

10, 2024, CyberNewsWire — Seventh Sense , a pioneer in advanced cybersecurity solutions, announces the launch of SenseCrypt , a revolutionary new platform that sets a new standard in secure, privacy-preserving identity verification. Singapore, Sept.

Computers and Electronics 278

Computers and Electronics Encryption Government Authentication 278

Security Affairs

JUNE 14, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Android Pixel, Microsoft Windows, Progress Telerik Report Server bugs to its Known Exploited Vulnerabilities catalog. CVE-2024-26169 is an elevation of privilege issue in the Microsoft Windows Error Reporting Service that can be exploited to could gain SYSTEM privileges.

Firmware 130

Firmware Authentication Hacking Cybersecurity 130

SecureList

JUNE 25, 2024

Despite adopting digital technology for remote work, production, and sales, SMBs often lack robust cybersecurity measures. SMBs face significant cybersecurity challenges due to limited resources and expertise. Human error, often stemming from a lack of cybersecurity awareness, can lead to severe security breaches.

Cybersecurity 118

Cybersecurity Phishing Media Software 118

Penetration Testing

DECEMBER 18, 2024

Hitachi Vantara has disclosed a critical authentication bypass vulnerability (CVE-2024-10205) affecting its Infrastructure Analytics Advisor and Ops Center Analyzer.

Authentication 58

Authentication Cybersecurity 58