36 matches found
PT-2026-29542
Improper access control in the multi-factor authentication MFA management API in Devolutions Server allows an authenticated attacker to delete their own configured MFA factors and reduce account protection to password-only authentication via crafted HTTP requests. This issue affects Server: from...
CVE-2019-2183
In generateServicesMap of RegisteredServicesCache.java, there is a possible account protection bypass due to a caching optimization. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
EUVD-2018-5261
Malware in sbrugna...
EUVD-2019-11825
Malware in sbrugna...
EUVD-2025-23291
Malicious code in bioql PyPI...
Access code - Moderately critical - Access bypass - SA-CONTRIB-2025-028
This module enables users to log in using a short access code instead of providing a username/password combination. The module doesn't sufficiently protect against brute force attacks to guess a user's access code. This vulnerability is mitigated by the fact that access code based logins are off ...
Hackers Hijack YouTube Channels to Target CS2 Fans with Fake Giveaways
Bitdefender warns CS2 fans of scams using hijacked YouTube channels, fake giveaways, and crypto fraud. Protect your Steam account and avoid phishing traps...
Way Too Vulnerable: Join this Webinar to Understand and Strengthen Identity Attack Surface
In today's digital age, it's not just about being online but how securely your organization operates online. Regardless of size or industry, every organization heavily depends on digital assets. The digital realm is where business takes place, from financial transactions to confidential data...
Wanted Dead or Alive: Real-Time Protection Against Lateral Movement
Just a few short years ago, lateral movement was a tactic confined to top APT cybercrime organizations and nation-state operators. Today, however, it has become a commoditized tool, well within the skillset of any ransomware threat actor. This makes real-time detection and prevention of lateral...
"It's The Service Accounts, Stupid": Why Do PAM Deployments Take (almost) Forever To Complete?
Privileged Access Management PAM solutions are regarded as the common practice to prevent identity threats to administrative accounts. In theory, the PAM concept makes absolute sense: place admin credentials in a vault, rotate their passwords, and closely monitor their sessions. However, the hars...
Wordfence WooCommerce 2FA: Set Up This New Feature To Protect Your Customers
On February 15, we made the exciting announcement that the latest release of Wordfence, version 7.9.0, includes a new feature: WooCommerce 2FA two-factor authentication for customer level users. What does this mean for you as an e-commerce store operator? And how can you start using this feature?...
Threat Source newsletter (Feb. 23, 2023) — Social media sites are making extra security a paid feature
Welcome to this weeks edition of the Threat Source newsletter. Social medias latest business plan seems to be charging for security. Twitter recently announced a plan to make SMS-based two-factor authentication a paid service as part of Twitter Blue -- asking users to pay either $8 or $11 monthly...
Webinar: Learn How to Comply with New Cyber Insurance Identity Security Requirements
Have you ever stopped to think about the potential consequences of a cyberattack on your organization? It's getting more intense and destructive every day, and organizations are feeling the heat. That's why more and more businesses are turning to cyber insurance to find some much-needed peace of...
Microsoft Accounts Targeted by Russian-Themed Credential Harvesting
While legitimate concerns abound about the Russian-Ukrainian conflict sparking a far-reaching cyberwarfare conflagration around the globe, small-time crooks are also ramping up their efforts amid the crisis. Phishing emails to Microsoft users warning of Moscow-led account hacking have started to...
accounts: Hash account number using Salt
@alovak found that currently when we build hash of account number we do not "salt" it. Which makes it vulnerable to rainbow table attack. What did you expect to see? I expected salt some random number from configuration to be used in hash.AccountNumber I would generate salt per tenant at least...
Gamers level up with rewards for better security
There was a time when stolen gaming accounts were almost treated as a fact of life. Console hacks weren’t taken particularly seriously. Security research in this area was occasionally derided as unimportant or trivial. Gaming accounts had an essence of innate disposability to them, even if this...
How Organizations Can Prevent Users from Using Breached Passwords
There is no question that attackers are going after your sensitive account data. Passwords have long been a target of those looking to compromise your environment. Why would an attacker take the long, complicated way if they have the keys to the front door? No matter how extensive your security...
Google Android Information Disclosure Vulnerability (CNVD-2019-36404)
Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. An information disclosure vulnerability exists in Google Android 9 and 10. The vulnerability stems from an account protection bypass issue caused by cache...
CVE-2019-2183
In generateServicesMap of RegisteredServicesCache.java, there is a possible account protection bypass due to a caching optimization. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
UBUNTU-CVE-2019-2183
In generateServicesMap of RegisteredServicesCache.java, there is a possible account protection bypass due to a caching optimization. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...