Security Affairs

MARCH 8, 2024

The three flaws fixed are: CVE-2024-21899 : an improper authentication vulnerability could allow users to compromise the security of the system via a network. CVE-2024-21900 : an injection vulnerability could allow authenticated users to execute commands via a network.

Authentication 335

Authentication IT Access Security 335

Security Affairs

FEBRUARY 24, 2025

A botnet of 130,000+ devices is attacking Microsoft 365 accounts via password-spraying, bypassing MFA by exploiting basic authentication. The attackers targeted accounts protected with basic authentication bypassing multi-factor authentication. The attackers used basic authentication methods. ” continues the report.

Passwords 298

Passwords Authentication Access Cybersecurity 298

Security Affairs

FEBRUARY 20, 2025

The company pointed out that only authenticated users with existing access to the NetScaler Console can exploit this vulnerability. “The issue arises due to inadequate privilege management and could be exploited by an authenticated malicious actor to execute commands without additional authorization. NetScaler Console 14.1

Authentication 293

Authentication Cloud Access Security 293

Security Affairs

MAY 29, 2024

The advisory published by the company states that the attacks targeted the endpoints supporting the cross-origin authentication feature, the attacks hit several customers. The identity and access management firm observed suspicious activity that started on April 15. ” reads advisory. ” reads advisory.

Authentication 311

Authentication IT Passwords Cloud 311

Security Affairs

JULY 4, 2024

Twilio states that threat actors have identified the phone numbers of users of its two-factor authentication app, Authy, TechCrunch reported. This week the messaging firm told TechCrunch that “threat actors” identified data of Authy users, a two-factor authentication app owned by Twilio, including their phone numbers.

Authentication 330

Authentication Phishing Communications Access 330

Security Affairs

JANUARY 19, 2025

The vulnerability allows authenticated attackers with Subscriber access to exploit a missing capability check, leading to information disclosure. It is installed on over one million WordPress sites, owners use this plugin to enhance user experience, boost SEO rankings, and reduce server load. ” reads the advisory published by WordPress.

Metadata 311

Metadata Authentication Consumer Services Cloud 311

Security Affairs

NOVEMBER 7, 2024

CVE-2024-51567 – is an incorrect default permissions vulnerability in CyberPanel (prior to patch 5b08cd6) that allows remote attackers to bypass authentication and execute arbitrary commands through /dataBases/upgrademysqlstatus by manipulating the statusfile property with shell metacharacters, bypassing secMiddleware.

IT 311

IT Authentication Cybersecurity Risk 311

Security Affairs

OCTOBER 19, 2024

Attackers accessed targets via VPN gateways lacking multifactor authentication, some of which ran outdated software. In each of the cases, attackers initially accessed targets using compromised VPN gateways without multifactor authentication enabled. Overlapping indicators link these cases to prior Fog and Akira ransomware attacks.

IT 323

IT Ransomware Authentication Cybersecurity 323

Security Affairs

FEBRUARY 16, 2025

” Device code phishing attacks exploit authentication flows to steal tokens, granting attackers access to accounts and data. Upon clicking the meeting invitation embedded in the message, recipients are prompted to authenticate using a threat actor-generated device code. ” continues the report.

Phishing 284

Phishing Authentication Access Government 284

Collaboration 2.0

APRIL 1, 2025

Two-factor authentication is a crucial security measure that requires an extra step for signing in to high-value services. Want to avoid having your online accounts hacked? Here's how to set up 2FA and which accounts to focus on.

Authentication 197

Authentication Security 197

Security Affairs

NOVEMBER 8, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added a Palo Alto Expedition Missing Authentication Vulnerability, tracked as CVE-2024-5910 , to its Known Exploited Vulnerabilities (KEV) catalog.

Authentication 289

Authentication Cybersecurity Access Communications 289

Security Affairs

JANUARY 16, 2025

The botnet uses compromised MikroTik devices as SOCKS proxies, masking malicious traffic origins and enabling other actors to exploit them without authentication, amplifying its scale. The botnet’s SOCKS proxy setup enables access for hundreds of thousands of compromised machines. ” reads the report published by Infoblox.

File names 347

File names Authentication Access Archiving 347

Security Affairs

NOVEMBER 15, 2024

The malware could harvest a huge trove of data from infected systems, including cookies, autofill, cryptocurrency wallets, 2FA authenticators, password managers, and email client information. Glove Stealer is a.NET-based information stealer that targets browser extensions and locally installed software to steal sensitive data.

Encryption 289

Encryption File names Phishing Passwords 289

Security Affairs

JANUARY 30, 2025

.” The researchers noted that the leak could have allowed attackers to take full control of the database and potentially escalate privileges within the DeepSeek environment, without any authentication. The experts used ClickHouses HTTP interface and accessed the /play path to execute arbitrary SQL queriesvia the browser.

Metadata 299

Metadata Authentication Access Passwords 299

Security Affairs

MARCH 13, 2025

GitLab addressed two critical authentication bypass vulnerabilities in Community Edition (CE) and Enterprise Edition (EE). The company addressed nine vulnerabilities, including the two critical ruby-saml authentication bypass issues respectively tracked as CVE-2025-25291 and CVE-2025-25292. . ” continues the analysis.

Authentication 168

Authentication Libraries Data breaches Security 168

Security Affairs

FEBRUARY 4, 2025

The two flaws are, respectively, a remote code execution issue and an authentication bypass vulnerability. The authentication bypass security vulnerability PSV-2021-0117 impacts the following product models: WAX206, the issue was fixed in firmware version 1.0.5.3 XR1000v2, the issue was fixed in firmware version 1.1.0.22

Authentication 269

Authentication Security IT Information Security 269

Security Affairs

JANUARY 31, 2025

In October 2024, VMware warned customers of the availability of a proof-of-concept (PoC) exploit code for another authentication bypass vulnerability, tracked as CVE-2023-34051 , in VMware Aria Operations for Logs (formerly known as vRealize Log Insight). is an authentication bypass vulnerability in VMware Aria Operations for Logs.

Authentication 264

Authentication Cloud Cybersecurity Access 264

Security Affairs

NOVEMBER 17, 2024

The Really Simple Security plugin, formerly Really Simple SSL, is a popular WordPress tool that enhances website security with features like login protection, vulnerability detection, and two-factor authentication. ” This vulnerability only impacts WordPress sites who have enabled “Two-Factor Authentication” in the plugin settings.

Security 183

Security Authentication Access IT 183

Security Affairs

OCTOBER 28, 2024

The correct IAM solution is that roof and can allow you to integrate: Policy configuration Multi-factor authentication (MFA) Single sign-on (SSO) And more, for all cloud and web-based apps. Integrations As you’re looking to expand your security influence, it helps to have things under one roof.

B2B 311

B2B Cybersecurity Risk Access 311

Security Affairs

OCTOBER 12, 2024

Since April 2021, Russian state-sponsored hackers have exploited vulnerabilities, including Zimbra’s CVE-2022-27924 for injecting commands to access credentials and emails, and JetBrains TeamCity’s CVE-2023-42793 for arbitrary code execution through an authentication bypass.

Data collection 338

Data collection Authentication Access Cybersecurity 338

Security Affairs

JANUARY 24, 2025

The vulnerability is a Pre-authentication deserialization of untrusted data issue in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC) that has been likely exploited in attacks in the wild as a zero-day. reads the advisory.

IT 241

IT Authentication Cybersecurity Access 241

Security Affairs

DECEMBER 19, 2024

.” The experts added that FortiWLM’s verbose logs expose session IDs, enabling attackers to exploit log file read vulnerabilities to hijack sessions and access authenticated endpoints. Authenticated users’ session ID tokens in FortiWLM remain static per device boot.

Authentication 260

Authentication Education Access IT 260

Security Affairs

JANUARY 15, 2025

Instead, only an HMAC (hash-based message authentication code) is logged in AWS CloudTrail. Even compute nodes outside the AWS cloud can make authenticated calls without long-term AWS credentials using the Roles Anywhere feature. The ransomware group Codefinger utilizes an AES-256 encryption key they generate and store locally.

Encryption 291

Encryption Ransomware Authentication Cloud 291

Security Affairs

FEBRUARY 6, 2025

A remote attacker authenticated with read-only administrative privileges could exploit the flaws to execute arbitrary commands on flawed devices. In a single-node deployment, new devices will not be able to authenticate during the reload time.” and CVE-2025-20125 (CVSS score of 9.1), in Identity Services Engine (ISE).

IT 187

IT Authentication Information Security Security 187

Security Affairs

FEBRUARY 21, 2024

VMware urges customers to uninstall the deprecated Enhanced Authentication Plugin (EAP) after the disclosure of a critical flaw CVE-2024-22245. VMware is urging users to uninstall the deprecated Enhanced Authentication Plugin (EAP) after the discovery of an arbitrary authentication relay flaw CVE-2024-22245 (CVSS score: 9.6).

Authentication 351

Authentication IT Ransomware Access 351

Security Affairs

MARCH 11, 2024

Researchers released technical specifics and a PoC exploit for a recently disclosed flaw in Progress Software OpenEdge Authentication Gateway and AdminServer. ” The vulnerability CVE-2024-1403 (CVSS score 10) is an authentication bypass issue that impacts OpenEdge versions 11.7.18 If a match occurs, authentication is granted.

Authentication 340

Authentication Passwords Libraries Access 340

Security Affairs

JANUARY 2, 2025

Clickjacking attacks trick users into unintended clicks, this practice has declined as modern browsers enforce “SameSite: Lax” cookies, blocking cross-site authentication. Attackers can exploit the technique to facilitate clickjacking attacks and account takeovers on almost all major websites.

Authentication 292

Authentication IT Security Access 292

Security Affairs

OCTOBER 11, 2024

Hunt also verified the authenticity of the information included in the stolen archive. Read more: [link] — Have I Been Pwned (@haveibeenpwned) October 9, 2024 Hunt noticed that most recent timestamp on the database records is September 28th, 2024, which is likely the date of the data exfiltration.

Archiving 300

Archiving Data breaches Passwords File names 300

Data Breach Today

FEBRUARY 17, 2025

Surge in Attack Attempts Spotted After Palo Alto Networks Details and Patches Flaw Attackers have stepped up efforts to exploit a vulnerability in the software that runs Palo Alto Networks firewall appliances that could give them direct access to the underlying software.

Authentication 213

Authentication Access 213

Security Affairs

SEPTEMBER 16, 2024

. “If exploited, this vulnerability would allow an authenticated user to abuse the service, resulting in remote code execution.” Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.”

Access 335

Access Authentication Security Information Security 335

Security Affairs

AUGUST 13, 2024

Ivanti warned of a critical authentication bypass flaw in its Virtual Traffic Manager (vTM) appliances that can allow attackers to create rogue administrator accounts. “Successful exploitation could lead to authentication bypass and creation of an administrator user.”

Authentication 330

Authentication Access Security IT 330

Security Affairs

DECEMBER 28, 2023

Experts warn of an authentication bypass zero-day flaw that affects Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system. Experts warn of a zero-day flaw that affects Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system. For this reason, removing the XML RPC code did not completely patch the flaw.

Authentication 347

Authentication Libraries Passwords Information Security 347

Security Affairs

SEPTEMBER 11, 2024

could allow a remote authenticated attacker with admin privileges to execute arbitrary code on the core server. AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CWE-89 CVE-2024-8320 Missing authentication in Network Isolation of Ivanti EPM before {fix version} allows a remote unauthenticated attacker to spoof Network Isolation status of managed devices.

Authentication 323

Authentication IT IoT Security 323