Lucene search
K

1378 matches found

CVE
CVE
added 2022/04/15 6:50 p.m.114 views

CVE-2022-24857

CVE-2022-24857 affects django-mfa3 prior to 0.5.0 where the admin login view was not modified, allowing bypass of MFA for users with both django-mfa3 (

8.8CVSS8AI score0.01068EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/04/15 6:50 p.m.27 views

CVE-2022-24857 Multi factor authentication bypass in django-mfa3

django-mfa3 is a library that implements multi factor authentication for the django web framework. It achieves this by modifying the regular login view. Django however has a second login view for its admin area. This second login view was not modified, so the multi factor authentication can be...

7.3CVSS8.7AI score0.01068EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/04/15 12:0 a.m.33 views

django-mfa3 授权问题漏洞

django-mfa3 is a stubborn Django application that handles multi-factor authentication MFA via FIDO2, TOTP and recovery code. A security vulnerability exists in django-mfa3. No information about this vulnerability is available at this time, so please stay tuned to CNNVD or the vendor announcement...

8.8CVSS7.8AI score0.01068EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/04/15 12:0 a.m.8 views

PT-2022-16931 · Django +1 · Django +1

Name of the Vulnerable Software and Affected Versions: django-mfa3 versions prior to 0.5.0 Description: The issue is related to a library that implements multi-factor authentication for the Django web framework. It modifies the regular login view but does not modify the second login view for the...

8.8CVSS8.6AI score0.01068EPSS
Exploits0References10
Citrix
Citrix
added 2022/04/07 12:0 a.m.8 views

AL 21.12: Office 365 users are prompted to login, use MFA, during every login

When a user logs off the VDI desktop then logs back in, opening any Office 365 app prompts for two-factor authentication login. This was not happening before the upgrade...

7.3AI score
Exploits0
ThreatPost
ThreatPost
added 2022/03/30 5:14 p.m.165 views

Cyberattackers Target UPS Back-Up Power Devices in Mission-Critical Environments

Cyberattackers are targeting uninterruptible power supply UPS devices, which provide battery backup power during power surges and outages. UPS devices are usually used in mission-critical environments, safeguarding critical infrastructure installations and important computer systems and IT...

9.2AI score
Exploits0References3
The Hacker News
The Hacker News
added 2022/03/30 6:3 a.m.19 views

CISA Warns of Ongoing Cyber Attacks Targeting Internet-Connected UPS Devices

The U.S. Cybersecurity and Infrastructure Security Agency CISA and the Department of Energy DoE are jointly warning of attacks against internet-connected uninterruptible power supply UPS devices by means of default usernames and passwords. "Organizations can mitigate attacks against their UPS...

2.7AI score
Exploits0
hivepro
hivepro
added 2022/03/25 10:18 a.m.9 views

LAPSUS$ – New extortion group involved in the breach against Nvidia, Microsoft, Okta and Samsung

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Lapsus$ DEV-0537 is an extortion threat group that first appeared on December 10, 2021, and has since breached the Brazilian Ministry of Health, NVIDIA, Samsung, Vodafone, Ubisoft, Octa, and Microsoft. Unlike other extortionis...

Exploits0
Akamai Blog
Akamai Blog
added 2022/03/24 1:0 p.m.14 views

What's Driving Multi-Factor Authentication Adoption?

The need for businesses to deploy MFA for the protection of employee accounts has never been greater — according to the latest Verizon Data Breach report, nearly 80% of data breaches involve the use of stolen or compromised employee credentials and brute force logins...

7.1AI score
Exploits0
ICS
ICS
added 2022/03/24 12:0 p.m.24 views

Tactics, Techniques, and Procedures of Indicted State-Sponsored Russian Cyber Actors Targeting the Energy Sector

Summary Actions to Take Today to Protect Energy Sector Networks: • Implement and ensure robust network segmentation between IT and ICS networks. • Enforce MFA to authenticate to a system. • Manage the creation of, modification of, use of—and permissions associated with—privileged accounts. This...

9.5AI score
Exploits0References183
Malwarebytes
Malwarebytes
added 2022/03/23 4:56 p.m.16 views

White House urges US businesses: Protect against potential Russian cyberattacks

On Monday, the White House told US business leaders to toughen up their cybersecurity defenses against a potential cyberattack from Russia. "The Biden-Harris Administration has warned repeatedly about the potential for Russia to engage in malicious cyber activity against the United States in...

1.1AI score
Exploits0
The Hacker News
The Hacker News
added 2022/03/22 12:51 p.m.22 views

U.S. Government Warns Companies of Potential Russian Cyber Attacks

The U.S. government on Monday once again cautioned of potential cyber attacks from Russia in retaliation for economic sanctions imposed by the west on the country following its military assault on Ukraine last month. "It's part of Russia's playbook," U.S. President Joe Biden said in a statement,...

1.4AI score
Exploits0
CNNVD
CNNVD
added 2022/03/18 12:0 a.m.6 views

Glewlwyd SSO server 安全漏洞

Glewlwyd SSO server is a single sign-on SSO server for multi-factor authentication for OAuth2 and OpenID Connect authentication. A security vulnerability exists in babelouest Glewlwyd SSO server versions 2.x through 2.6.2, which stems from a buffer overflow in the scheme/webauthn.c file in the...

9.8CVSS8.6AI score0.01496EPSS
Exploits0References3
hivepro
hivepro
added 2022/03/17 4:27 a.m.25 views

Russia under Attack from New RURansom Wiper

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here A series of Wiper Malware attacks have been launched in the continuing cyber war between Russia and Ukraine. Researchers have discovered the RURansom wiper malware, which adds to the current collection of harmful malware. The...

1.6AI score
Exploits0
ThreatPost
ThreatPost
added 2022/03/16 4:0 a.m.88 views

Phony Instagram ‘Support Staff’ Emails Hit Insurance Company

A phishing campaign used the guise of Instagram technical support to steal login credentials from employees of a prominent U.S. life insurance company headquartered in New York, researchers have revealed. According to a report published by Armorblox on Wednesday, the attack combined brand...

8.9AI score
Exploits0References4
hivepro
hivepro
added 2022/03/10 5:54 a.m.10 views

RangnarLocker Ransomware hits Critical Infrastructure Compromising 50+ Organizations

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here The Federal Bureau of Investigation FBI has released an alert on Ragnarlocker campaign that has affected nearly 52 organizations encompassing 10 critical infrastructure sectors, including entities in significant manufacturing,...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/03/04 2:57 p.m.18 views

Tips to protect your data, security, and privacy from a hands-on expert

This post was authored by one of the most active helpers on the Malwarebytes forums who wishes to remain anonymous. Back in the early days of personal computing, perhaps one of the only real concerns was data loss from a drive failure. That risk still exists, but we all face many other threats...

7.3AI score
Exploits0
Talos Blog
Talos Blog
added 2022/03/04 9:10 a.m.12 views

Threat Advisory: Cyclops Blink

Update Feb. 25, 2022In our ongoing research into activity surrounding Ukraine and in cooperation with Cisco Duo data scientists Talos discovered compromised MikroTik routers inside of Ukraine being leveraged to conduct brute force attacks on devices protected by multi-factor authentication. This...

3.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/03/03 10:37 a.m.13 views

Four key cybersecurity practices during geopolitical upheaval

Russia’s continued invasion of Ukraine has altered the landscape of cybersecurity threats facing organizations both near and far from the physical threat of war. Disinformation is spreading and being actively fought. The old hacker group Anonymous promised “cyber war” against Russia. One ransomwa...

7AI score
Exploits0
ICS
ICS
added 2022/03/01 12:0 p.m.98 views

Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure

Summary Actions Critical Infrastructure Organizations Should Implement to Immediately Strengthen Their Cyber Posture. • Patch all systems. Prioritize patching known exploited vulnerabilities. • Implement multi-factor authentication. • Use antivirus software. • Develop internal contact lists and...

10CVSS9.9AI score0.99999EPSS
Exploits449References104
Rows per page
Query Builder