Security Affairs

JANUARY 31, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Apple improper authentication bug to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added an Apple improper authentication bug, tracked as CVE-2022-48618 , to its Known Exploited Vulnerabilities (KEV) catalog.

Authentication 139

Authentication Cybersecurity Risk Information Security 139

Security Affairs

MAY 2, 2024

Threat actors breached the Dropbox Sign production environment and accessed customer email addresses and hashed passwords Cloud storage provider DropBox revealed that threat actors have breached the production infrastructure of the DropBox Sign eSignature service and gained access to customer information and authentication data.

Hacking 139

Hacking Passwords Authentication Accountability 139

Security Affairs

DECEMBER 26, 2023

The Rhysida ransomware group claimed to have hacked Abdali Hospital, a multi-specialty hospital located in Jordan. pic.twitter.com/6uHMDcNhTC — Dominic Alvieri (@AlvieriD) December 26, 2023 The group published images of stolen documents as proof of the hack. Abdali Hospital provides care to patients in numerous specialties.

Ransomware 143

Ransomware Hacking Manufacturing Healthcare 143

Security Affairs

APRIL 9, 2024

December 14, 2023: Vendor requests extension March 22, 2024: Patch release April 09, 2024: Public release of this report Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, smart TVs) Most of the Internet-facing devices are in South Korea, Hong Kong, the U.S.,

Hacking 143

Hacking Internet Internet Authentication 143

Security Affairs

NOVEMBER 25, 2023

The Rhysida ransomware group claimed to have hacked the Chinese state-owned energy conglomerate China Energy Engineering Corporation. The group relied on compromised credentials to authenticate to internal VPN access points. Energy China [link] TL;DR That's huuuge! Rhysida actors leverage external-facing remote services (e.g.

Ransomware 144

Ransomware Hacking Engineering Manufacturing 144

Krebs on Security

OCTOBER 20, 2023

Okta , a company that provides identity tools like multi-factor authentication and single sign-on to thousands of businesses, has suffered a security breach involving a compromise of its customer support unit, KrebsOnSecurity has learned. Maiffret said BeyondTrust followed up with Okta on Oct. But she said that by Oct.

Social Engineering 329

Social Engineering Engineering Accountability Hacking 329

Security Affairs

NOVEMBER 29, 2023

The Rhysida ransomware group claimed to have hacked King Edward VII’s Hospital in London. The Rhysida ransomware group claimed to have hacked King Edward VII’s Hospital in London and added it to the list of victims on its Tor leak site. The group relied on compromised credentials to authenticate to internal VPN access points.

Ransomware 143

Ransomware Hacking Manufacturing Healthcare 143

Security Affairs

NOVEMBER 21, 2024

Threat actors already hacked thousands of Palo Alto Networks firewalls exploiting recently patched zero-day vulnerabilities. CVE-2024-0012 is a vulnerability in Palo Alto Networks PAN-OS that allows unauthenticated attackers with network access to the management web interface to bypass authentication and gain administrator privileges.

Firewall 120

Firewall Hacking VPN Cybersecurity 120

Security Affairs

AUGUST 16, 2024

“The application fails to authenticate or verify a statically defined domain during retrieval of the application’s configuration file. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Android) ” continues the report.

Hacking 145

Hacking Firmware Mobile Penetration Testing 145

Security Affairs

MARCH 11, 2024

Researchers released technical specifics and a PoC exploit for a recently disclosed flaw in Progress Software OpenEdge Authentication Gateway and AdminServer. “The Progress OpenEdge team recently identified a security vulnerability in OpenEdge Release 11.7.18 If a match occurs, authentication is granted.

Software 141

Software Authentication Passwords Engineering 141

Security Affairs

OCTOBER 17, 2024

The vulnerability is an authenticated SQL injection vulnerability in HCX, it was privately reported to VMware by Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) through the Trend Micro Zero Day Initiative (ZDI). “An authenticated SQL injection vulnerability in HCX was privately reported to VMware. and 4.10.1.

Authentication 138

Authentication Mobile Hacking Information Security 138

Security Affairs

DECEMBER 11, 2024

has charged a Chinese national for hacking thousands of Sophos firewall devices worldwide in 2020. has charged the Chinese national Guan Tianfeng (aka gbigmao and gxiaomao) for hacking thousands of Sophos firewall devices worldwide in 2020. Tianfeng worked at Sichuan Silence Information Technology Co., ” The U.S.

Firewall 84

Firewall Hacking Malware Passwords 84

Security Affairs

DECEMBER 28, 2023

Experts warn of an authentication bypass zero-day flaw that affects Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Apache OFbiz)

Authentication 143

Authentication Passwords Hacking Software 143

Security Affairs

MARCH 20, 2024

The Pokemon Company resets some users’ passwords in response to hacking attempts against some of its users. The Pokemon Company announced it had reset the passwords for some accounts after it had detected hacking attempts, Techcrunch first reported. The company was likely the target of credential stuffing attacks.

Passwords 138

Passwords Accountability Authentication Hacking 138

Security Affairs

OCTOBER 21, 2024

The Internet Archive was breached again, attackers hacked its Zendesk email support platform through stolen GitLab authentication tokens. Internet Archive Zendesk emails sent by the threat actor Source: BleepingComputer The message highlights a poor security posture by the Internet Archive.

Internet 135

Internet Internet Data breaches Authentication 135

Security Affairs

SEPTEMBER 16, 2024

. “If exploited, this vulnerability would allow an authenticated user to abuse the service, resulting in remote code execution.” Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.”

Authentication 140

Authentication Hacking Information Security 140

Security Affairs

OCTOBER 20, 2024

An authenticated attacker, with Manager role privileges or higher, could exploit the vulnerability CVE-2024-45844 to elevate privileges and compromise the BIG-IP system. “An authenticated attacker may exploit this vulnerability by storing malicious HTML or JavaScript code in the BIG-IQ user interface.

Authentication 141

Authentication Hacking Technology Information Security 141

Daniel Miessler

MAY 14, 2020

What follows is a set of basic security hygiene steps that will significantly reduce your risk online. Many people get hacked from having guessable or previously compromised passwords. Enable two-factor authentication on all critical accounts. Use unique, strong passwords, and store them in a password manager. Everything.

Risk 345

Risk Password Management Passwords Accountability 345

Security Affairs

DECEMBER 6, 2024

Cybersecurity and Infrastructure Security Agency (CISA)added the CyberPanelflaw CVE-2024-51378 (CVSS score: 10.0) Remote attackers could bypass authentication and execute arbitrary commands by exploiting a flaw in secMiddleware , which only validates POST requests. to its Known Exploited Vulnerabilities (KEV) catalog. and ftp/views.py.

DNS 116

DNS Authentication Ransomware Hacking 116

Security Affairs

NOVEMBER 26, 2024

Attackers can exploit the SSL VPN gateway by accessing the filesystem via an HTTP header flags attribute and a vulnerable URL without authentication. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. ” reads the advisory.

VPN 118

VPN Authentication Hacking Cybersecurity 118

Security Affairs

JANUARY 13, 2024

NAS (Network-Attached Storage) servers that are often used for backups on the network have been hacked and wiped, as have automatic tape backup devices, and in almost every case we know of, all backups have been lost. Cisco investigated the hacking campaign with the help of Rapid7. concludes the alert.

Ransomware 141

Ransomware Backups VPN Authentication 141

Security Affairs

JANUARY 16, 2024

The issue is a missing access control vulnerability that can be exploited by an authenticated attacker actor to gain unauthorized access to remote organizations and workflows. “An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows.”

Authentication 140

Authentication Government Hacking Information Security 140

Security Affairs

JULY 10, 2024

An authenticated malicious user can exploit the flaw by entering specially crafted SQL queries and perform unauthorised read/write operations in the database. “An authenticated malicious user could enter specially crafted SQL queries and perform unauthorised read/write operations in the database.” ” read the advisory.

Authentication 140

Authentication Government Hacking Information Security 140

Security Affairs

MARCH 5, 2024

Below are the descriptions for these vulnerabilities: CVE-2024-27198 is an authentication bypass vulnerability in the web component of TeamCity that arises from an alternative path issue ( CWE-288 ) and has a CVSS base score of 9.8 ” reads the advisory published by JetBrains. ” reads the advisory published by JetBrains.

Software 141

Software Authentication Hacking Information Security 141

Security Affairs

APRIL 12, 2024

Roku announced that 576,000 accounts were hacked in new credential stuffing attacks, threat actors used credentials stolen from third-party platforms. Roku also plans to refund unauthorized purchases and is implementing two-factor authentication (2FA) for all accounts.

Accountability 139

Accountability Passwords Data breaches Authentication 139

Security Affairs

APRIL 16, 2024

Cisco Talos warns of large-scale brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services. Pierluigi Paganini Follow me on Twitter: @securityaffairs and Facebook and Mastodon ( SecurityAffairs – hacking, brute-force )

VPN 143

VPN Firewall Authentication Hacking 143

Security Affairs

NOVEMBER 7, 2024

CVE-2024-43093 CVE-2024-43047″ reads the security bulletin published by Google. Additionally, Expedition provides automation and best practice adoption to improve security posture and operational efficiency. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, CISA )

Firewall 133

Firewall Authentication Accountability Risk 133

Security Affairs

SEPTEMBER 25, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Virtual Traffic Manager vulnerability to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added Ivanti Virtual Traffic Manager authentication bypass vulnerability CVE-2024-7593 (CVSS score of 9.8)

Authentication 139

Authentication Software Internet Internet 139

Security Affairs

AUGUST 22, 2024

GitHub addressed three vulnerabilities in its GitHub Enterprise Server product, including a critical authentication flaw. GitHub addressed three security vulnerabilities impacting the GitHub Enterprise Server (GHES), including a critical flaw tracked as CVE-2024-6800 (CVSS score of 9.5).

Authentication 134

Authentication Hacking Accountability Information Security 134

Security Affairs

NOVEMBER 13, 2024

is a buffer overflow issue that an authenticated attacker could exploit. “Buffer overflow in some Zoom Apps may allow an authenticated user to conduct an escalation of privilege via network access.” is an improper input validation issue that can be exploited remotely without authentication.

Authentication 123

Authentication Mobile Hacking Information Security 123

Security Affairs

JANUARY 12, 2024

According to researchers, the leak revealed an authentication server with login details and information on Liquipedia’s users along with authentication details for Liquipedia admins. A part of the exposed information was contained in a user collection weighing 77MB, containing data on nearly 119,000 users.

Authentication 142

Authentication Media Accountability Encryption 142

Security Affairs

SEPTEMBER 18, 2024

To protect against attacks like Credential Flusher, it is essential to adopt a series of security measures: Use updated antivirus software: Ensure that your security software is always up to date to detect and block the latest threats. Always verify the authenticity of received communications.

Passwords 134

Passwords Identity Theft Education Authentication 134

Security Affairs

FEBRUARY 21, 2024

VMware urges customers to uninstall the deprecated Enhanced Authentication Plugin (EAP) after the disclosure of a critical flaw CVE-2024-22245. VMware is urging users to uninstall the deprecated Enhanced Authentication Plugin (EAP) after the discovery of an arbitrary authentication relay flaw CVE-2024-22245 (CVSS score: 9.6).

Authentication 144

Authentication Ransomware Software Information Security 144

Security Affairs

MARCH 29, 2024

Securing Default Remote Access VPN Profiles when the default remote access VPN connection profiles/tunnel groups DefaultRAGroup a nd DefaultWEBVPNGroup are not used. Use Certificate-based authentication for RAVPN Using certificates for authentication because provide a more robust approach compared to the use of credentials.

Firewall 138

Firewall Passwords VPN Authentication 138

Security Affairs

JUNE 14, 2024

CVE-2024-4358 is an authentication bypass vulnerability that an unauthenticated attacker can exploit to gain access to Telerik Report Server restricted functionality. Pierluigi Paganini Follow me on Twitter: @securityaffairs and Facebook and Mastodon ( SecurityAffairs – hacking, Android Pixel)

Firmware 137

Firmware Authentication Hacking Cybersecurity 137

Security Affairs

OCTOBER 19, 2024

Attackers accessed targets via VPN gateways lacking multifactor authentication, some of which ran outdated software. In each of the cases, attackers initially accessed targets using compromised VPN gateways without multifactor authentication enabled. Overlapping indicators link these cases to prior Fog and Akira ransomware attacks.

Backups 137

Backups VPN Ransomware Authentication 137

Security Affairs

MAY 26, 2024

. “A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.” ” reads the advisory.

Software 144

Software Authentication Hacking Information Security 144