Lucene search
K

881 matches found

Microsoft Secure
Microsoft Secure
added 2018/09/04 9:20 p.m.58 views

Protecting user identities

This is a blog series that responds to common questions we receive from customers about the deployment of Microsoft 365 security solutions. In this series, youll find context, answers, and guidance for deployment and driving adoption within your organization. Check out Cybersecurity threats: How ...

1AI score
Exploits0
ThreatPost
ThreatPost
added 2018/08/14 5:9 p.m.36 views

Microsoft Flaw Allows Full Multi-Factor Authentication Bypass

A vulnerability in Microsoft’s Active Directory Federation Services ADFS has been uncovered that would allow malicious actors to bypass multi-factor authentication MFA safeguards. Many organizations rely on ADFS to manage identities and resources across their entire enterprise, and ADFS functions...

4.3CVSS0.5AI score0.07584EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2018/07/20 12:0 a.m.24 views

Kubernetes Dashboard Public WAN (Internet) / Public LAN Accessible

The script checks if the Kubernetes Dashboard UI is accessible from a public WAN Internet / public LAN. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

7.2AI score
Exploits0References1
OpenVAS
OpenVAS
added 2018/07/20 12:0 a.m.18 views

Mesosphere Marathon Web UI Public WAN (Internet) / Public LAN Accessible

The script checks if the Mesosphere Marathon Web UI is accessible from a public WAN Internet / public LAN. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

7.2AI score
Exploits0References1
Hacker One
Hacker One
added 2018/05/14 9:56 a.m.21 views

Phabricator: Administrator can create user without entering high security mode

When an administrator wants to create a user, he can go to https://phabricator.example.com/people/create/ and will be required to enter his MFA token in order to enter high security mode. However, if an administrator goes to https://phabricator.example.com/people/new/standard/ he will bypass the...

0.9AI score
Exploits0
Akamai Blog
Akamai Blog
added 2018/04/25 7:49 p.m.36 views

Who is doing what on your network?

Over the past few months, while talking to customers, the topic of Zero Trust Architecture keeps coming up. Seemingly everyone is thinking of implementing the model - which we fully encourage! One of the core components of the principle is the ability to inspect and log all network and system...

7.2AI score
Exploits0
Akamai Blog
Akamai Blog
added 2018/04/13 1:0 p.m.30 views

Akamai and Duo have announced a technology partnership for Zero Trust

Akamai continues to build a zero trust ecosystem by integrating it's Enterprise Application Access EAA with Duo's Multi-Factor Authentication MFA solution. Duo now natively integrates into EAA and augments access with push-based MFA, phone call delivery of MFA tokens, and additional device level...

2.3AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2018/03/28 4:0 p.m.53 views

Working towards a more diverse future in security

Last year I embarked on an exercise to examine diversity in cybersecurity. As one full year has passed, I decided to revisit this topic and the ongoing challenges of recruiting AND retaining diverse talent in the cybersecurity field. This past year saw the MeToo movement in the spotlight, and whi...

6.7AI score
Exploits0
NVD
NVD
added 2018/02/15 10:29 p.m.16 views

CVE-2017-8978

A Remote Unauthorized Disclosure of Information vulnerability in HPE IceWall Products version MFA 4.0 proxy was found...

4.9CVSS4.8AI score0.00569EPSS
Exploits0References1
OSV
OSV
added 2018/02/15 10:29 p.m.3 views

CVE-2017-8978

A Remote Unauthorized Disclosure of Information vulnerability in HPE IceWall Products version MFA 4.0 proxy was found...

4.6CVSS5.8AI score0.00569EPSS
Exploits0References1
Prion
Prion
added 2018/02/15 10:29 p.m.13 views

Information disclosure

A Remote Unauthorized Disclosure of Information vulnerability in HPE IceWall Products version MFA 4.0 proxy was found...

4.9CVSS4.9AI score0.00569EPSS
Exploits0References1Affected Software3
Cvelist
Cvelist
added 2018/02/15 10:0 p.m.17 views

CVE-2017-8978

A Remote Unauthorized Disclosure of Information vulnerability in HPE IceWall Products version MFA 4.0 proxy was found...

4.8AI score0.00569EPSS
Exploits0References1
Microsoft KB
Microsoft KB
added 2017/10/16 12:0 a.m.31 views

August 16, 2017—KB4034661 (OS Build 14393.1613)

August 16, 2017—KB4034661 OS Build 14393.1613 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: This package contains d3dcompiler47.dll; for more information, read the blog post,HLSL, FXC, a...

7.6AI score
Exploits0
n0where
n0where
added 2017/07/03 4:25 p.m.20 views

AWS Auditing & Hardening Tool: Zeus

Zeus is a powerful tool for AWS EC2 / S3 / CloudTrail / CloudWatch / KMS best hardening practices. It checks security settings according to the profiles the user creates and changes them to recommended settings based on the CIS AWS Benchmark source at request of the user. Identity and Access...

0.1AI score
Exploits0References1
0day.today
0day.today
added 2017/05/19 12:0 a.m.114 views

PingID MFA Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Product: PingID MFA 1 Vendor: Ping Identity Corporation CSNC ID: CSNC-2017-013 Subject: Reflected Cross-Site Scripting Risk: High Effect: Remotely exploitable Author: Stephan Sekula Date: 18.04.2017 Introduction: ------------- With PingID MFA,...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2017/05/17 12:0 a.m.64 views

PingID MFA Cross Site Scripting

COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: PingID MFA 1 Vendor: Ping Identity Corporation CSNC ID: CSNC-2017-013 Subject: Reflected Cross-Site Scripting Risk: High Effect: Remotely exploitable Author: Stephan Sekula Date: 18.04.2017 Introduction:...

Exploits0
Hacker One
Hacker One
added 2017/04/01 11:18 p.m.29 views

Uber: Stored XSS on any page in most Uber domains

Due to two IDOR vulnerabilities in Tealium, it was possible to compromise an administrator’s account and inject arbitrary Javascript into https://tags.tiqcdn.com/utag/uber/, which an attacker could leverage for a stored XSS attack on several Uber domains. Additionally, a Tealium user’s password a...

0.7AI score
Exploits0
hackapp
hackapp
added 2016/04/01 9:32 a.m.5 views

ŠKODA MFA Pro - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application ŠKODA MFA Pro published at the 'play' market has multiple vulnerabilities...

0.9AI score
Exploits0References1Affected Software1
Openbugbounty
Openbugbounty
added 2015/11/17 5:11 p.m.15 views

mfa.gov.cy XSS vulnerability

Vulnerable URL: http://www.mfa.gov.cy/mfa/embassies/embassystockholm.nsf/indexen/indexen?OpenDocument="';--=GO Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 360672 Google Pagerank...

6.3AI score
Exploits0
n0where
n0where
added 2015/01/19 7:53 a.m.17 views

Security auditing tool for AWS: AWS Scout2

Scout2 is an open source tool that helps assessing the security posture of AWS environments. Using the AWS API, the Scout2 Python scripts fetch CloudTrail, EC2, IAM, RDS, and S3, configuration data. The gathered configuration is analysed and stored as JSON objects in several JavaScript files. The...

0.9AI score
Exploits0References1
Rows per page
Query Builder