881 matches found
Protecting user identities
This is a blog series that responds to common questions we receive from customers about the deployment of Microsoft 365 security solutions. In this series, youll find context, answers, and guidance for deployment and driving adoption within your organization. Check out Cybersecurity threats: How ...
Microsoft Flaw Allows Full Multi-Factor Authentication Bypass
A vulnerability in Microsoft’s Active Directory Federation Services ADFS has been uncovered that would allow malicious actors to bypass multi-factor authentication MFA safeguards. Many organizations rely on ADFS to manage identities and resources across their entire enterprise, and ADFS functions...
Kubernetes Dashboard Public WAN (Internet) / Public LAN Accessible
The script checks if the Kubernetes Dashboard UI is accessible from a public WAN Internet / public LAN. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
Mesosphere Marathon Web UI Public WAN (Internet) / Public LAN Accessible
The script checks if the Mesosphere Marathon Web UI is accessible from a public WAN Internet / public LAN. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
Phabricator: Administrator can create user without entering high security mode
When an administrator wants to create a user, he can go to https://phabricator.example.com/people/create/ and will be required to enter his MFA token in order to enter high security mode. However, if an administrator goes to https://phabricator.example.com/people/new/standard/ he will bypass the...
Who is doing what on your network?
Over the past few months, while talking to customers, the topic of Zero Trust Architecture keeps coming up. Seemingly everyone is thinking of implementing the model - which we fully encourage! One of the core components of the principle is the ability to inspect and log all network and system...
Akamai and Duo have announced a technology partnership for Zero Trust
Akamai continues to build a zero trust ecosystem by integrating it's Enterprise Application Access EAA with Duo's Multi-Factor Authentication MFA solution. Duo now natively integrates into EAA and augments access with push-based MFA, phone call delivery of MFA tokens, and additional device level...
Working towards a more diverse future in security
Last year I embarked on an exercise to examine diversity in cybersecurity. As one full year has passed, I decided to revisit this topic and the ongoing challenges of recruiting AND retaining diverse talent in the cybersecurity field. This past year saw the MeToo movement in the spotlight, and whi...
CVE-2017-8978
A Remote Unauthorized Disclosure of Information vulnerability in HPE IceWall Products version MFA 4.0 proxy was found...
CVE-2017-8978
A Remote Unauthorized Disclosure of Information vulnerability in HPE IceWall Products version MFA 4.0 proxy was found...
Information disclosure
A Remote Unauthorized Disclosure of Information vulnerability in HPE IceWall Products version MFA 4.0 proxy was found...
CVE-2017-8978
A Remote Unauthorized Disclosure of Information vulnerability in HPE IceWall Products version MFA 4.0 proxy was found...
August 16, 2017—KB4034661 (OS Build 14393.1613)
August 16, 2017—KB4034661 OS Build 14393.1613 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: This package contains d3dcompiler47.dll; for more information, read the blog post,HLSL, FXC, a...
AWS Auditing & Hardening Tool: Zeus
Zeus is a powerful tool for AWS EC2 / S3 / CloudTrail / CloudWatch / KMS best hardening practices. It checks security settings according to the profiles the user creates and changes them to recommended settings based on the CIS AWS Benchmark source at request of the user. Identity and Access...
PingID MFA Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Product: PingID MFA 1 Vendor: Ping Identity Corporation CSNC ID: CSNC-2017-013 Subject: Reflected Cross-Site Scripting Risk: High Effect: Remotely exploitable Author: Stephan Sekula Date: 18.04.2017 Introduction: ------------- With PingID MFA,...
PingID MFA Cross Site Scripting
COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: PingID MFA 1 Vendor: Ping Identity Corporation CSNC ID: CSNC-2017-013 Subject: Reflected Cross-Site Scripting Risk: High Effect: Remotely exploitable Author: Stephan Sekula Date: 18.04.2017 Introduction:...
Uber: Stored XSS on any page in most Uber domains
Due to two IDOR vulnerabilities in Tealium, it was possible to compromise an administrator’s account and inject arbitrary Javascript into https://tags.tiqcdn.com/utag/uber/, which an attacker could leverage for a stored XSS attack on several Uber domains. Additionally, a Tealium user’s password a...
ŠKODA MFA Pro - Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application ŠKODA MFA Pro published at the 'play' market has multiple vulnerabilities...
mfa.gov.cy XSS vulnerability
Vulnerable URL: http://www.mfa.gov.cy/mfa/embassies/embassystockholm.nsf/indexen/indexen?OpenDocument="';--=GO Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 360672 Google Pagerank...
Security auditing tool for AWS: AWS Scout2
Scout2 is an open source tool that helps assessing the security posture of AWS environments. Using the AWS API, the Scout2 Python scripts fetch CloudTrail, EC2, IAM, RDS, and S3, configuration data. The gathered configuration is analysed and stored as JSON objects in several JavaScript files. The...