PT-2025-46914

Name of the Vulnerable Software and Affected Versions Directus versions prior to 11.13.0 Description Directus allows authenticated users to search concealed or sensitive fields when they have read permissions. While the actual values are masked, successful matches can be detected through returned...

Take an Offensive Approach to Password Security by Continuously Monitoring for Breached Passwords

Passwords are at the core of securing access to an organization's data. However, they also come with security vulnerabilities that stem from their inconvenience. With a growing list of credentials to keep track of, the average end-user can default to shortcuts. Instead of creating a strong and...

CSO perspective: Why a strong IAM strategy is key to an organization’s cybersecurity approach

The security community is continuously changing, growing, and learning from each other to better position the world against cyberthreats. In the latest post of our Community Voices blog series, Microsoft Security Senior Product Marketing Manager Brooke Lynn Weenig talks with Alissa “Dr. Jay”...

CSO perspective: Why a strong IAM strategy is key to an organization’s cybersecurity approach

The security community is continuously changing, growing, and learning from each other to better position the world against cyberthreats. In the latest post of our Community Voices blog series, Microsoft Security Senior Product Marketing Manager Brooke Lynn Weenig talks with Alissa “Dr. Jay”...

Half-Billion Compromised Credentials Lurking on Open Cloud Server

According to the National Crime Agency’s National Cyber Crime Unit in the U.K., nearly 586 million sets of credentials had been collected in a compromised cloud storage facility, free for the taking by any cybercrime yahoo who happened to stop by. The credentials were a mixed bag in terms of...

Millions of GoDaddy customer data compromised in breach

Domain name registrar giant and hosting provider GoDaddy yesterday disclosed to the Securities and Exchange Commission SEC that it had suffered a security breach. In the notice, it explained it had been compromised via an "unauthorized third-party access to our Managed WordPress hosting...

Unspecified Vulnerability in Fortinet FortiSIEM Windows Agent

Fortinet FortiSIEM Windows Agent is an agent program for collecting logs and other behaviors from Windows servers from Fortinet, Inc. A security vulnerability exists in Fortinet FortiSIEM Windows Agent versions 4.1.4 and earlier, which can be exploited by an attacker to obtain compromised agent...

Is it still a good idea to require users to change their passwords?

For as long as corporate IT has been in existence, users have been required to change their passwords periodically. In fact, the need for scheduled password changes may be one of the most long-standing of all IT best practices. Recently, however, things have started to change. Microsoft has...

Google’s Chrome 86: Critical Payments Bug, Password Checker Among Security Notables

Google’s latest version of its browser, Chrome 86, is now being rolled out with 35 security fixes – including a critical bug – and a feature that checks if users have any compromised passwords. As of Tuesday, Chrome 86 is being promoted to the stable channel for Windows, Mac and Linux and will ro...

Have I Been Pwned No Longer For Sale

After announcing last year that he was looking to sell Have I Been Pwned HIPB, Troy Hunt said this week that the popular service has been pulled off the market and will instead continue to be run independently. HIBP offers a free service for consumers to check if their usernames and passwords hav...

Google Adds Password Checkup Feature to Chrome Browser

Google will soon alert Chrome browser users of weak or compromised passwords. The checks will be in real time as Chrome users visit a password protected website. Bad passwords will trigger a red dialogue box alerting users to take action to better protect their account. The move integrates a...

Troy Hunt Looks to Sell Have I Been Pwned

Citing overwhelming demands on his time, Troy Hunt is looking for a buyer for his site, Have I Been Pwned HIBP. HIBP offers a free service for consumers wanting to know if their user names and passwords have been compromised in a data breach; it also offers commercial services that include alerts...

A week in security (February 18 – 24)

Last week on Malwarebytes Labs, we explored the world of crack hunting, gave you a 101 on the world of bots and their threats and advantages, and took a look at some clever phishing scams. We also explained how a Mac fends off malware, posted a handy “lazy person's guide to cybersecurity,” and du...

Opera server breach incident

News Opera server breach incident Share August 26th, 2016 Earlier this week, we detected signs of an attack where access was gained to the Opera sync system. This attack was quickly blocked. Our investigations are ongoing, but we believe some data, including some of our sync users’ passwords and...

St. Louis Federal Reserve Falls Victim to DNS Hijack

The St. Louis Federal Reserve Bank confirmed this week that it fell victim to a DNS hijack last month. The attack may have redirected users to bogus webpages and for a period of time exposed customers to phishing, malware and other attacks that potentially could have duped users into giving away...

Tor-Based Dark Web Email Service Targeted by Government Spies

The administrator of the popular Darknet email service, SIGAINT, is warning its users that the email service has become a target of a suspected law enforcement agency who tried to compromise it. About a week ago, SIGAINT has been targeted by an attacker who tried to hack the service by using near...

LinkedIn was not Hacked, suffered outage due to DNS issue

The LinkedIn became inaccessible for an hour last night. Few Hours before App.net co-founder Bryan Berg posted that LinkedIn DNS was hijacked but later LinkedIn confirmed that they suffered outage due to DNS issue, not Hack. DNS Hijacking is an unauthorized modification of a DNS server or change ...

LinkedIn Confirms Millions of Account Passwords Hacked

LinkedIn Confirms Millions of Account Passwords Hacked LinkedIn Wednesday confirmed that at least some passwords compromised in a major security breach correspond to LinkedIn accounts. Norweigan IT website Dagens IT first reported the breach, noting that "Two days ago a package on the 6.5 million...

XBox Security Chief Says Account Hacks Linked To Phishing, Resale Schemes

In a pattern that is becoming more common, hackers are hijacking XBox Live accounts, then tricking them out with expansion modules and other add-ons before trying to resell them to unwitting third parties. Recent XBox Live account hijacks are most likely the product of phishing and identity theft...

Linux.com down again due to Security Breach

Linux.com down again due to Security Breach Linux Foundation infrastructure including LinuxFoundation.org, Linux.com, and their subdomains are again down for maintenance due to a security breach that was discovered on September 8, 2011. Investigators yet can't elaborate the source of attack...