Security Affairs

NOVEMBER 7, 2024

CVE-2024-43093 CVE-2024-43047″ reads the security bulletin published by Google. Additionally, Expedition provides automation and best practice adoption to improve security posture and operational efficiency. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, CISA )

Firewall 123

Firewall Authentication Accountability Risk 123

Security Affairs

OCTOBER 12, 2024

Since April 2021, Russian state-sponsored hackers have exploited vulnerabilities, including Zimbra’s CVE-2022-27924 for injecting commands to access credentials and emails, and JetBrains TeamCity’s CVE-2023-42793 for arbitrary code execution through an authentication bypass.

Data collection 134

Data collection Authentication Government Hacking 134

Security Affairs

NOVEMBER 13, 2024

is a buffer overflow issue that an authenticated attacker could exploit. “Buffer overflow in some Zoom Apps may allow an authenticated user to conduct an escalation of privilege via network access.” is an improper input validation issue that can be exploited remotely without authentication.

Authentication 113

Authentication Mobile Hacking Information Security 113

Security Affairs

DECEMBER 11, 2024

has charged a Chinese national for hacking thousands of Sophos firewall devices worldwide in 2020. has charged the Chinese national Guan Tianfeng (aka gbigmao and gxiaomao) for hacking thousands of Sophos firewall devices worldwide in 2020. Tianfeng worked at Sichuan Silence Information Technology Co., ” The U.S.

Firewall 74

Firewall Hacking Malware Passwords 74

Security Affairs

MAY 22, 2024

GitHub addressed a vulnerability in the GitHub Enterprise Server (GHES) that could allow an attacker to bypass authentication. GitHub has rolled out security fixes to address a critical authentication bypass issue, tracked as CVE-2024-4985 (CVSS score: 10.0), in the GitHub Enterprise Server (GHES).

Authentication 134

Authentication Encryption Hacking Information Security 134

Security Affairs

DECEMBER 6, 2024

Cybersecurity and Infrastructure Security Agency (CISA)added the CyberPanelflaw CVE-2024-51378 (CVSS score: 10.0) Remote attackers could bypass authentication and execute arbitrary commands by exploiting a flaw in secMiddleware , which only validates POST requests. to its Known Exploited Vulnerabilities (KEV) catalog. and ftp/views.py.

DNS 108

DNS Authentication Ransomware Hacking 108

Security Affairs

OCTOBER 19, 2024

Attackers accessed targets via VPN gateways lacking multifactor authentication, some of which ran outdated software. In each of the cases, attackers initially accessed targets using compromised VPN gateways without multifactor authentication enabled. Overlapping indicators link these cases to prior Fog and Akira ransomware attacks.

Backups 128

Backups VPN Ransomware Authentication 128

Security Affairs

FEBRUARY 16, 2025

” Device code phishing attacks exploit authentication flows to steal tokens, granting attackers access to accounts and data. Upon clicking the meeting invitation embedded in the message, recipients are prompted to authenticate using a threat actor-generated device code. ” continues the report.

Phishing 113

Phishing Authentication Telecommunications Accountability 113

Security Affairs

NOVEMBER 26, 2024

Attackers can exploit the SSL VPN gateway by accessing the filesystem via an HTTP header flags attribute and a vulnerable URL without authentication. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. ” reads the advisory.

VPN 110

VPN Authentication Hacking Cybersecurity 110

Security Affairs

MARCH 18, 2025

The vulnerability is an authentication bypass issue that could allow a remote attacker to gain super-admin privileges by making maliciously crafted CSF proxy requests. An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0

Authentication 113

Authentication Ransomware Firewall Hacking 113

Security Affairs

JANUARY 8, 2025

SonicWall warns customers to address an authentication bypass vulnerability in its firewall’s SonicOS that is “susceptible to actual exploitation.” ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking, SonicOS)

Firewall 113

Firewall Firmware VPN Authentication 113

Security Affairs

DECEMBER 11, 2024

Ivanti addressed a critical authentication bypass vulnerability impacting its Cloud Services Appliance (CSA) solution. Ivanti addressed a critical authentication bypass vulnerability, tracked as CVE-2024-11639 (CVSS score of 10), in its Cloud Services Appliance (CSA) solution. ” reads the advisory published by the company.

Authentication 104

Authentication Software Hacking Information Security 104

Security Affairs

OCTOBER 11, 2024

Starting from Wednesday, the website archive.org was displaying a message informing visitors that it was hacked. Internet Archive hacked. Hunt will add the information of the impacted users to HIBP very soon. Hunt also verified the authenticity of the information included in the stolen archive.

Data breaches 119

Data breaches Internet Internet DDOS 119

Security Affairs

MAY 22, 2024

A critical security vulnerability in Veeam Backup Enterprise Manager could allow threat actors to bypass authentication. A critical vulnerability, tracked as CVE-2024-29849 (CVSS score: 9.8), in Veeam Backup Enterprise Manager could allow attackers to bypass authentication.

Backups 128

Backups Authentication Accountability Software 128

The Last Watchdog

APRIL 4, 2022

They are often unaware of the risks they take on, which can include hacking, fraud, phishing, and more. SMBs and enterprises alike have been struggling with APIs as a mechanism for information security. The fact that there are so many different APIs is the main challenge for enterprises when it comes to API security.

Hacking 222

Hacking Penetration Testing Data breaches Authentication 222

Security Affairs

NOVEMBER 8, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added a Palo Alto Expedition Missing Authentication Vulnerability, tracked as CVE-2024-5910 , to its Known Exploited Vulnerabilities (KEV) catalog. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, RCE)

Firewall 115

Firewall Authentication Internet Internet 115

Security Affairs

FEBRUARY 19, 2025

The vulnerability CVE-2025-0111 is a file read issue in PAN-OS, an authenticated attacker with network access to the management web interface could exploit the flaw to read files that are readable by the “nobody” user. Palo Alto Networks addressed the flaw CVE-2025-0111 on February 12, 2025.

Firewall 104

Firewall Authentication Architecture Internet 104

Security Affairs

JANUARY 16, 2025

Over the years, multiple security experts have identified several vulnerabilities in MikroTik routers, such as a remote code execution vulnerability detailed by VulnCheck researchers here. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking, MikroTik botnet)

DNS 138

DNS Malware Firmware Authentication 138

Security Affairs

JANUARY 30, 2025

.” The researchers noted that the leak could have allowed attackers to take full control of the database and potentially escalate privileges within the DeepSeek environment, without any authentication. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking, DeepSeek )

Authentication 119

Authentication Passwords Hacking Risk 119

Security Affairs

MARCH 8, 2024

The three flaws fixed are: CVE-2024-21899 : an improper authentication vulnerability could allow users to compromise the security of the system via a network. CVE-2024-21900 : an injection vulnerability could allow authenticated users to execute commands via a network. x QTS 5.1.3.2578 build 20231110 and later QTS 4.5.x

Authentication 133

Authentication Hacking Internet Internet 133

Security Affairs

JUNE 16, 2024

Taiwanese manufacturer giant ASUS addressed a critical remote authentication bypass vulnerability impacting several router models. ASUS addresses a critical remote authentication bypass vulnerability, tracked as CVE-2024-3080 (CVSS v3.1 score: 9.8), impacting seven router models. impacting multiple devices.

Authentication 128

Authentication Firmware VPN Manufacturing 128

Security Affairs

FEBRUARY 4, 2025

The two flaws are, respectively, a remote code execution issue and an authentication bypass vulnerability. The unauthenticated RCE security vulnerability PSV-2023-0039 impacts the following product models: XR1000, the issue was fixed in firmware version 1.0.0.74 XR1000v2, the issue was fixed in firmware version 1.1.0.22

Firmware 107

Firmware Authentication Hacking Information Security 107

Security Affairs

FEBRUARY 15, 2025

. “Organizations relying on PAN-OS firewalls should assume that unpatched devices are being targeted andtake immediate steps to secure them.“ An unauthenticated attacker on the network couple exploit the vulnerability to bypass authentication and invoke certain PHP scripts. ” reads the report published by Assetnote.

Firewall 101

Firewall Authentication Architecture Risk 101

Security Affairs

FEBRUARY 19, 2025

The second vulnerability, tracked CVE-2025-26466 (CVSS score: 5.9), affects both the OpenSSH client and server, allowing a pre-authentication denial-of-service attack. ” The OpenSSH client and server are vulnerable (CVE-2025-26466) to a pre-authentication denial-of-service (DoS) attack.

Authentication 120

Authentication System Administration DNS Hacking 120

Security Affairs

FEBRUARY 18, 2025

Juniper Networks addressed a critical authentication bypass vulnerability, tracked as CVE-2025-21589 (CVSS score of 9.8), affecting its Session Smart Router product. The company discovered the vulnerability during internal product security testing or research. ” reads the advisory.

Authentication 85

Authentication Hacking Information Security 85

SecureWorld News

DECEMBER 12, 2024

The details of the Krispy Kreme hack are still emerging, but the companys Form 8-K filing brought the incident to light, offering a rare glimpse into the challenges businesses face when their systems are compromised. The Krispy Kreme hack is a sobering reminder that no industry is immune to cyber threats.

Password Management 108

Password Management Passwords CISO Cybersecurity 108

Security Affairs

NOVEMBER 29, 2024

Phishing tool Rockstar 2FA targets Microsoft 365 credentials, it uses adversary-in-the-middle (AitM) attacks to bypass multi-factor authentication. Rockstar 2FA targets Microsoft 365 accounts and bypasses multi-factor authentication with adversary-in-the-middle (AitM) attacks. .

Phishing 111

Phishing Accountability Authentication Advertising 111

Security Affairs

NOVEMBER 3, 2024

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Cryptocurrency 108

Cryptocurrency Hacking Phishing Cyber Attacks 108

Security Affairs

MAY 29, 2024

The advisory published by the company states that the attacks targeted the endpoints supporting the cross-origin authentication feature, the attacks hit several customers. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Okta) ” reads advisory.

Authentication 123

Authentication Accountability Passwords Data breaches 123

Security Affairs

JANUARY 31, 2025

In October 2024, VMware warned customers of the availability of a proof-of-concept (PoC) exploit code for another authentication bypass vulnerability, tracked as CVE-2023-34051 , in VMware Aria Operations for Logs (formerly known as vRealize Log Insight). is an authentication bypass vulnerability in VMware Aria Operations for Logs.

Authentication 105

Authentication Hacking Cybersecurity Information Security 105

Security Affairs

DECEMBER 19, 2024

.” The experts added that FortiWLM’s verbose logs expose session IDs, enabling attackers to exploit log file read vulnerabilities to hijack sessions and access authenticated endpoints. Authenticated users’ session ID tokens in FortiWLM remain static per device boot. ” concludes the report.

Wireless 104

Wireless Authentication Healthcare Education 104

Security Affairs

FEBRUARY 26, 2024

Recently the leak of a collection of files apparently stolen from the Chinese government hacking contractor, I-Soon, exposed Chinese hacking capabilities. Recently someone has leaked on GitHub [ 1 , 2 ] a collection of files apparently stolen from the Chinese hacking firm, I-Soon.

Hacking 132

Hacking Government Marketing Spyware 132

Security Affairs

MAY 2, 2024

Threat actors breached the Dropbox Sign production environment and accessed customer email addresses and hashed passwords Cloud storage provider DropBox revealed that threat actors have breached the production infrastructure of the DropBox Sign eSignature service and gained access to customer information and authentication data.

Hacking 131

Hacking Passwords Authentication Accountability 131

Security Affairs

OCTOBER 29, 2024

The two infostealers allowed operators to harvest usernames, passwords, contact info, and crypto-wallets from victims, the threat actors sold this data to criminals for financial theft and hacking. Use a password manager : Simplifies managing strong, unique passwords across accounts.

Identity Theft 123

Identity Theft Passwords Malware Banking 123

Security Affairs

MARCH 18, 2025

It should be noted that this vulnerability can be triggered without the need for authentication and is therefore more harmful.” “Security teams often prioritize patching only critical and high-severity vulnerabilities. ” reads the original disclosure. “The vulnerable code is located in the pictureproxy.php file.

Government 126

Government Healthcare Authentication Hacking 126

Security Affairs

FEBRUARY 3, 2025

Google as usual did not share details about the attacks exploiting the above vulnerability, The vulnerability is a privilege escalation security flaw in the Kernel’s USB Video Class driver. An authenticated local attacker could exploit the flaw to elevate privileges in low-complexity attacks. ” reads the advisory.

Media 113

Media Authentication Hacking Accountability 113

Security Affairs

NOVEMBER 15, 2024

Glove Stealer is a.NET-based information stealer that targets browser extensions and locally installed software to steal sensitive data. The malware could harvest a huge trove of data from infected systems, including cookies, autofill, cryptocurrency wallets, 2FA authenticators, password managers, and email client information.

Encryption 115

Encryption Password Management Cryptocurrency Social Engineering 115