Lucene search
+L

258 matches found

CVE
CVE
added 2024/10/09 2:47 p.m.51 views

CVE-2024-7292

Progress Telerik Report Server up to version 10.2.24.709 (pre-2024 Q3) is affected by CVE-2024-7292 due to improper restriction of excessive login attempts, enabling credential stuffing and potential unauthorized access. The issue is reported for versions prior to 2024 Q3 (10.2.24.806). The docum...

8.8CVSS7.7AI score0.00315EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/09 2:47 p.m.12 views

CVE-2024-7292 Account Controller allows high count of login attempts

In Progress® Telerik® Report Server versions prior to 2024 Q3 10.2.24.806, a credential stuffing attack is possible through improper restriction of excessive login attempts...

7.5CVSS7AI score0.00315EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/09 2:47 p.m.42 views

CVE-2024-7292 Account Controller allows high count of login attempts

In Progress® Telerik® Report Server versions prior to 2024 Q3 10.2.24.806, a credential stuffing attack is possible through improper restriction of excessive login attempts...

7.5CVSS0.00315EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/09 12:0 a.m.10 views

PT-2024-38241 · Progress · Progress Telerik Report Server

Name of the Vulnerable Software and Affected Versions: In Progress Telerik Report Server versions prior to 2024 Q3 10.2.24.806 Description: A credential stuffing attack is possible through improper restriction of excessive login attempts. This issue allows attackers to attempt multiple logins...

8.8CVSS7.3AI score0.00315EPSS
Exploits0References7
The Hacker News
The Hacker News
added 2024/10/07 11:25 a.m.25 views

Vulnerable APIs and Bot Attacks Costing Businesses Up to $186 Billion Annually

Organizations are losing between $94 - $186 billion annually to vulnerable or insecure APIs Application Programming Interfaces and automated abuse by bots. That's according to The Economic Impact of API and Bot Attacks report from Imperva, a Thales company. The report highlights that these securi...

7.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/10/03 12:6 p.m.12 views

Radiology provider exposed tens of thousands of patient files

An anonymous person has disclosed that they gained online access to a radiologist's platform that hosted patient information using stolen credentials. I-MED Radiology is Australia’s leading medical imaging provider. Their clinics offer a range of imaging procedures including MRI, CT, x-ray,...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2024/09/26 1:0 p.m.28 views

Simple Mail Transfer Pirates: How threat actors are abusing third-party infrastructure to send spam

Attackers are abusing normal features of legitimate web sites to transmit spam, such as the traditional method of verifying the creation of a new account. This web infrastructure and its associated email infrastructure is otherwise used for legitimate purposes, which makes blocking these messages...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2024/09/16 11:33 a.m.18 views

From Breach to Recovery: Designing an Identity-Focused Incident Response Playbook

Imagine this... You arrive at work to a chaotic scene. Systems are down, panic is in the air. The culprit? Not a rogue virus, but a compromised identity. The attacker is inside your walls, masquerading as a trusted user. This isn't a horror movie, it's the new reality of cybercrime. The question...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2024/09/13 11:17 a.m.17 views

Say Goodbye to Phishing: Must-Haves to Eliminate Credential Theft

Even as cyber threats become increasingly sophisticated, the number one attack vector for unauthorized access remains phished credentials Verizon DBIR, 2024. Solving this problem resolves over 80% of your corporate risk, and a solution is possible. However, most tools available on the market toda...

7.9AI score
Exploits0
NVD
NVD
added 2024/07/30 3:15 p.m.19 views

CVE-2024-4188

Unprotected Transport of Credentials vulnerability in OpenText™ Documentum™ Server could allow Credential Stuffing.This issue affects Documentum™ Server: from 16.7 through 23.4...

7.1CVSS0.00154EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/30 2:35 p.m.25 views

CVE-2024-4188 Security vulnerability exists in Documentum server cloud releases that could allow access to sensitive information which can impact system Operation.

Unprotected Transport of Credentials vulnerability in OpenText™ Documentum™ Server could allow Credential Stuffing.This issue affects Documentum™ Server: from 16.7 through 23.4...

7.1CVSS0.00154EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/30 2:35 p.m.13 views

CVE-2024-4188 Security vulnerability exists in Documentum server cloud releases that could allow access to sensitive information which can impact system Operation.

Unprotected Transport of Credentials vulnerability in OpenText™ Documentum™ Server could allow Credential Stuffing.This issue affects Documentum™ Server: from 16.7 through 23.4...

7.1CVSS7AI score0.00154EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/07/30 12:0 a.m.5 views

PT-2024-29610 · Opentext · Opentext Documentum Server

Name of the Vulnerable Software and Affected Versions: OpenText Documentum Server versions 16.7 through 23.4 Description: The issue is related to an Unprotected Transport of Credentials vulnerability in OpenText Documentum Server, which could allow Credential Stuffing. Recommendations: For versio...

7.1CVSS7.1AI score0.00154EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2024/06/12 11:25 a.m.15 views

Lessons from the Snowflake Breaches

Last week, the notorious hacker gang, ShinyHunters, sent shockwaves across the globe by allegedly plundering 1.3 terabytes of data from 560 million users. This colossal breach, with a price tag of $500,000, could expose the personal information of a massive swath of a live event company's...

7.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/06/11 11:38 a.m.24 views

23andMe data breach under joint investigation in two countries

The British and Canadian privacy authorities have announced they will undertake a joint investigation into the data breach at global genetic testing company 23andMe that was discovered in October 2023. On Friday October 6, 2023, 23andMe confirmed via a somewhat opaque blog post that cybercriminal...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2024/05/30 6:52 a.m.12 views

Okta Warns of Credential Stuffing Attacks Targeting Customer Identity Cloud

Okta is warning that a cross-origin authentication feature in Customer Identity Cloud CIC is susceptible to credential stuffing attacks orchestrated by threat actors. "We observed that the endpoints used to support the cross-origin authentication feature being attacked via credential stuffing for...

7.6AI score
Exploits0
Imperva Blog
Imperva Blog
added 2024/05/23 4:22 a.m.41 views

Frida-JIT-unPacker: An Imperva Contribution to the Security Research Community, Presented at Black Hat Asia 2024

In the ever-evolving landscape of cybersecurity threats, the battle against malicious bots is a critical concern for web applications. These bots, in addition to their ability to circumvent application security measures, are usually protected with advanced source code protection to prevent the...

7.2AI score
Exploits0
Imperva Blog
Imperva Blog
added 2024/05/17 11:33 p.m.32 views

The Importance of Bot Management in Your Marketing Strategy

Marketing teams need a comprehensive bot management solution to address the challenges posed by bot traffic and protect marketing analytics. Bot management is designed to protect marketing efforts from bot-generated invalid traffic by accurately and efficiently classifying traffic and stopping...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2024/04/28 1:52 p.m.83 views

Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing Attacks

Identity and access management IAM services provider Okta has warned of a spike in the "frequency and scale" of credential stuffing attacks aimed at online services. These unprecedented attacks, observed over the last month, are said to be facilitated by "the broad availability of residential pro...

6.8AI score
Exploits0
Wallarm Lab
Wallarm Lab
added 2024/03/25 6:44 p.m.21 views

Top 4 Industries at Risk of Credential Stuffing and Account Takeover (ATO) attacks

All industries are at risk of credential stuffing and account takeover ATO attacks. However, some industries are at a greater risk because of the sensitive information or volume of customer data they possess. While cyber-attacks come in all forms and techniques, credential stuffing involves an...

6.9AI score
Exploits0
Rows per page
Query Builder