938 matches found
GitLab Patches Critical SAML Authentication Bypass Flaw in CE and EE Editions
GitLab has released patches to address a critical flaw impacting Community Edition CE and Enterprise Edition EE that could result in an authentication bypass. The vulnerability is rooted in the ruby-saml library CVE-2024-45409, CVSS score: 10.0, which could allow an attacker to log in as an...
New Android Malware Ajina.Banker Steals 2FA Codes, Spreads via Telegram
A new Android malware called Trojan Ajina.Banker is targeting Central Asia - Discover how this malicious malware disguises…...
New Android Malware 'Ajina.Banker' Steals Financial Data and Bypasses 2FA via Telegram
Bank customers in the Central Asia region have been targeted by a new strain of Android malware codenamed Ajina.Banker since at least November 2023 with the goal of harvesting financial information and intercepting two-factor authentication 2FA messages. Singapore-headquartered Group-IB, which...
WordPress Mandates Two-Factor Authentication for Plugin and Theme Developers
WordPress.org has announced a new account security measure that will require accounts with capabilities to update plugins and themes to activate two-factor authentication 2FA mandatorily. The enforcement is expected to come into effect starting October 1, 2024. "Accounts with commit access can pu...
WordPress Mandates 2FA, SVN Passwords for Plugin, Theme Authors
Starting October 2024, WordPress requires plugin and theme authors to enable two-factor authentication 2FA and use SVN-specific passwords…...
New QR Code Phishing Campaign Exploits Microsoft Sway to Steal Credentials
Cybersecurity researchers are calling attention to a new QR code phishing aka quishing campaign that leverages Microsoft Sway infrastructure to host fake pages, once again highlighting the abuse of legitimate cloud offerings for malicious purposes. "By using legitimate cloud applications, attacke...
Siemens SCALANCE M-800, RUGGEDCOM RM1224 Insertion of Sensitive Information Into Log File (CVE-2024-41978)
A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU 6GK6108-4AM00-2BA2 All versions V8.1, RUGGEDCOM RM1224 LTE4G NAM 6GK6108-4AM00-2DA2 All versions V8.1, SCALANCE M804PB 6GK5804-0AP00-2AA2 All versions V8.1, SCALANCE M812-1 ADSL- Router family All versions V8.1, SCALANCE M816-1...
GitLab: Login email verification bypass via `/oauth/token`.
Vulnerability description not provided...
CVE-2024-39398 OTP 2FA can be bruteforced
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to perform brute force attacks and...
CVE-2024-39398 OTP 2FA can be bruteforced
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to perform brute force attacks and...
CVE-2024-41978
A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU 6GK6108-4AM00-2BA2 All versions V8.1, RUGGEDCOM RM1224 LTE4G NAM 6GK6108-4AM00-2DA2 All versions V8.1, SCALANCE M804PB 6GK5804-0AP00-2AA2 All versions V8.1, SCALANCE M812-1 ADSL-Router family All versions V8.1, SCALANCE M816-1...
CVE-2024-41978
A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU 6GK6108-4AM00-2BA2 All versions V8.1, RUGGEDCOM RM1224 LTE4G NAM 6GK6108-4AM00-2DA2 All versions V8.1, SCALANCE M804PB 6GK5804-0AP00-2AA2 All versions V8.1, SCALANCE M812-1 ADSL-Router family All versions V8.1, SCALANCE M816-1...
CVE-2024-41978
A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU 6GK6108-4AM00-2BA2 All versions V8.1, RUGGEDCOM RM1224 LTE4G NAM 6GK6108-4AM00-2DA2 All versions V8.1, SCALANCE M804PB 6GK5804-0AP00-2AA2 All versions V8.1, SCALANCE M812-1 ADSL-Router family All versions V8.1, SCALANCE M816-1...
CVE-2024-41978
CVE-2024-41978 affects Siemens SCALANCE M-800 family and RUGGEDCOM RM1224 devices (and related models) where 2FA token generation data is logged. Root cause: insertion of sensitive information about 2FA token generation into log files on affected devices. Impact: authenticated remote attackers co...
Siemens SCALANCE M-800, RUGGEDCOM RM1224
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
CVE-2024-41958
mailcow: dockerized is an open source groupware/email suite based on docker. A vulnerability has been discovered in the two-factor authentication 2FA mechanism. This flaw allows an authenticated attacker to bypass the 2FA protection, enabling unauthorized access to other accounts that are otherwi...
CVE-2024-41958 Two-Factor Authentication (2FA) Bypass in mailcow: dockerized
mailcow: dockerized is an open source groupware/email suite based on docker. A vulnerability has been discovered in the two-factor authentication 2FA mechanism. This flaw allows an authenticated attacker to bypass the 2FA protection, enabling unauthorized access to other accounts that are otherwi...
CVE-2024-41958 Two-Factor Authentication (2FA) Bypass in mailcow: dockerized
mailcow: dockerized is an open source groupware/email suite based on docker. A vulnerability has been discovered in the two-factor authentication 2FA mechanism. This flaw allows an authenticated attacker to bypass the 2FA protection, enabling unauthorized access to other accounts that are otherwi...
CVE-2024-41958
CVE-2024-41958 affects mailcow: dockerized. An authenticated attacker who has access to a user account and knows a target account’s credentials (with 2FA enabled) can bypass the 2FA protection and access the protected account. Affected: mailcow: dockerized (versions prior to 2024-07). Root cause:...
Advisory ROSA-SA-2024-2456
Software: selinux-policy 3.14.3 OS: ROSA Virtualization 2.1 packageevrstring: selinux-policy-3.14.3 CVE-ID: CVE-2020-24612 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A problem was detected in the selinux-policy package because the .config/Yubico directory is not handled correctly. Consequently, whe...