Lucene search
K

1378 matches found

RedHat Linux
RedHat Linux
added 2022/01/17 9:45 p.m.1 views

keycloak-server-spi-private: ECP SAML binding bypasses authentication flows

A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's credentials. The...

6.8CVSS5.7AI score0.00874EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/01/17 9:33 p.m.6 views

keycloak-server-spi-private: ECP SAML binding bypasses authentication flows

A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's credentials. The...

6.8CVSS5.7AI score0.00874EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/01/17 9:33 p.m.3 views

keycloak-server-spi-private: ECP SAML binding bypasses authentication flows

A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's credentials. The...

6.8CVSS5.7AI score0.00874EPSS
Exploits0References5
CNVD
CNVD
added 2022/01/14 12:0 a.m.19 views

IBM Security Verify encryption issue vulnerability

IBM Security VerifyAccess ISAM is a service from IBM USA that improves user access security. The service enables secure and simple access to platforms such as Web, mobile, IoT, and cloud technologies through the use of risk-based access, single sign-on, integrated access management controls,...

7.5CVSS2.3AI score0.00665EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/14 12:0 a.m.22 views

IBM Security Verify Information Disclosure Vulnerability

IBM Security Verify Access is a service from IBM USA that improves user access security. The service enables secure and simple access to platforms such as Web, mobile, IoT and cloud technologies through the use of risk-based access, single sign-on, integrated access management controls, identity...

5CVSS2.7AI score0.00969EPSS
Exploits0Affected Software2
CNVD
CNVD
added 2022/01/14 12:0 a.m.19 views

IBM Security Verify Information Disclosure Vulnerability (CNVD-2022-08045)

IBM Security Verify Access is a service from IBM USA that improves user access security. The service enables secure and simple access to platforms such as Web, mobile, IoT, and cloud technologies through the use of risk-based access, single sign-on, integrated access management controls, identity...

4CVSS2.5AI score0.00935EPSS
Exploits0Affected Software2
Malwarebytes
Malwarebytes
added 2022/01/06 2:54 p.m.23 views

Hackers take over 1.1 million accounts by trying reused passwords

The New York State Office of the Attorney General has warned 17 companies that roughly 1.1 million customers have had their user accounts compromised in credential stuffing attacks. Credential stuffing is the automated injection of stolen username and password pairs in to website login forms, in...

0.3AI score
Exploits0
ThreatPost
ThreatPost
added 2021/12/29 7:13 p.m.39 views

Threat Advisory: E-commerce Bots Use Domain Registration Services for Mass Account Fraud

While researching a recent large-scale bot campaign with CQ Prime Threat Research team lead, Dean Lendrum, we found attackers using domain parking and monetization services to register multiple domains, creating a large number of fake eCommerce accounts per domain. TL; DR ------ Analysis of...

7.8AI score
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
added 2021/12/20 12:0 a.m.17 views

Improper Authentication

Authelia is a a single sign-on multi-factor portal for web apps. This affects uses who are using nginx ngxhttpauthrequestmodule with Authelia, it allows a malicious individual who crafts a malformed HTTP request to bypass the authentication mechanism. It additionally could theoretically affect...

10CVSS1.4AI score0.01868EPSS
Exploits1References4Affected Software1
Krebs on Security
Krebs on Security
added 2021/12/16 5:52 p.m.27 views

NY Man Pleads Guilty in $20 Million SIM Swap Theft

A 24-year-old New York man who bragged about helping to steal more than $20 million worth of cryptocurrency from a technology executive has pleaded guilty to conspiracy to commit wire fraud. Nicholas Truglia was part of a group alleged to have stolen more than $100 million from cryptocurrency...

6.8AI score
Exploits0
CISA
CISA
added 2021/12/09 12:0 a.m.14 views

CISA Releases Guidance on Protecting Organization-Run Social Media Accounts

CISA has released Capacity Enhancement Guide CEG: Social Media Account Protection, which details ways to protect the security of organization-run social media accounts. Malicious cyber actors that successfully compromise social media accounts—including accounts used by federal agencies—could spre...

6.8AI score
Exploits0References2
ThreatPost
ThreatPost
added 2021/12/07 1:24 p.m.30 views

SolarWinds Attackers Spotted Using New Tactics, Malware

One year after the notorious and far-reaching SolarWinds supply-chain attacks, its orchestrators are on the offensive again. Researchers said they’ve seen the threat group – which Microsoft refers to as “Nobelium” and which is linked to Russia’s spy agency – compromising global business and...

8.1AI score
Exploits0References12
Rapid7 Blog
Rapid7 Blog
added 2021/12/01 2:56 p.m.48 views

OWASP Top 10 Deep Dive: Identification and Authentication Failures

In the 2021 edition of the OWASP top 10 list, Broken Authentication was changed to Identification and Authentication Failures. This term bundles in a number of existing items like cryptography failures, session fixation, default login credentials, and brute-forcing access. Additionally, this...

7.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/11/25 4:20 p.m.29 views

Improving security for mobile devices: CISA issues guides

The Cybersecurity and Infrastructure Security Agency CISA has released two actionable Capacity Enhancement Guides CEGs to help users and organizations improve mobile device cybersecurity. Consumers One of the guides is intended for consumers. There are an estimated 294 million smart phone users i...

7.1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/11/22 3:20 p.m.26 views

Holiday “to-do list” for cybersecurity professionals working in eCommerce

The period from mid-November to the end of the year is always particularly stressful for cybersecurity professionals in the eCommerce space. It seems like every hacker and cyber criminal on earth is trying even harder to steal customers’ data or stop digital business operations. And the reason it...

7AI score
Exploits0
ICS
ICS
added 2021/11/19 12:0 p.m.100 views

Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities

Summary Actions to Take Today to Protect Against Iranian State-Sponsored Malicious Cyber Activity • Immediately patch software affected by the following vulnerabilities: CVE-2021-34473, 2018-13379, 2020-12812, and 2019-5591. • Implementmulti-factor authentication. • Usestrong, unique passwords.v...

10CVSS9.9AI score0.99999EPSS
Exploits39References71
The Hacker News
The Hacker News
added 2021/11/17 3:44 p.m.269 views

U.S., U.K. and Australia Warn of Iranian Hackers Exploiting Microsoft, Fortinet Flaws

Cybersecurity agencies from Australia, the U.K., and the U.S. on Wednesday released a joint advisory warning of active exploitation of Fortinet and Microsoft Exchange ProxyShell vulnerabilities by Iranian state-sponsored actors to gain initial access to vulnerable systems for follow-on activities...

10CVSS9.3AI score0.99999EPSS
Exploits39
ThreatPost
ThreatPost
added 2021/11/17 1:44 p.m.52 views

Phishing Scam Aims to Hijack TikTok ‘Influencer’ Accounts

A recently discovered phishing scam tried to takeover more than 125 high-profile user accounts on TikTok. Researchers said the campaign marks one of the first major attacks on “influencers” found on the TikTok social-media platform. Researchers at cloud email security provider Abnormal Security...

7.6AI score
Exploits0References8
The Hacker News
The Hacker News
added 2021/11/16 5:38 a.m.20 views

SharkBot — A New Android Trojan Stealing Banking and Cryptocurrency Accounts

Cybersecurity researchers on Monday took the wraps off a new Android trojan that takes advantage of accessibility features on mobile devices to siphon credentials from banking and cryptocurrency services in Italy, the U.K., and the U.S. Dubbed "SharkBot" by Cleafy, the malware is designed to stri...

7.3AI score
Exploits0
Ivan 'd0znpp' Novikov
Ivan 'd0znpp' Novikov
added 2021/11/12 9:12 a.m.22 views

What is multifactor authentication and its benefits

If you’re a professional, dealing with API or system security, then multi-factor authentication won’t be an unfamiliar term. After all, it is the spine of system security. Used at multiple places and for various purposes, it is a real savior against online vulnerabilities for all of us. In this...

7.5AI score
Exploits0
Rows per page
Query Builder