1378 matches found
CVE-2023-4612
CVE-2023-4612 is an Improper Authentication vulnerability in Apereo CAS via jakarta.servlet.http.HttpServletRequest.getRemoteAddr, enabling MFA bypass. Affected: Apereo CAS up to and including 7.0.0-RC7. Public patches are not available; the vendor does not treat it as a vulnerability. Related so...
PT-2023-29435 · Unknown · The Bastion
Name of the Vulnerable Software and Affected Versions: The Bastion versions prior to 3.14.15 Description: The Bastion provides authentication, authorization, traceability, and auditability for SSH accesses. However, SCP and SFTP plugins do not honor group-based Just-In-Time JIT Multi-Factor...
Bastion Access Control Error Vulnerability
Bastion is a group of machines used as a single entry point for operational teams to securely connect to devices. An Access Control Error vulnerability exists in Bastion versions 3.0.0 through 3.14.0, which originates in MFA where a group or individual can force an SCP/SFTP connection through...
Medical research data Advarra stolen after SIM swap
Clinical research company Advarra has reportedly been compromised after a SIM swap on one of their executives. SIM swapping, also known as SIM jacking, is the act of illegally taking over a target’s cell phone number. This can be done in a number of ways, but one of the most common methods involv...
What is Zero Trust Architecture (ZTA) ?
Trust No One, Secure Everything: Unpacking Zero Trust Architecture In the ever-evolving landscape of cybersecurity, the traditional approach of building a robust wall around your network and trusting everything inside it is no longer sufficient. The rise of cloud computing, remote work, and mobil...
Ping Identity PingFederate Access Control Error Vulnerability
Ping Identity PingFederate is a flagship software-based federation server in the United States. for identity management. Ping Identity PingFederate suffers from a security vulnerability that stems from the use of the PingOne MFA Adapter to pair new MFA devices without the need for second-factor...
1Password Detects Suspicious Activity Following Okta Support Breach
Popular password management solution 1Password said it detected suspicious activity on its Okta instance on September 29 following the support system breach, but reiterated that no user data was accessed. "We immediately terminated the activity, investigated, and found no compromise of user data ...
IT administrators’ passwords are awful too
The key is under the doormat by the front door. The administrator password is "admin". These are easy to remember clues when you are providing entrance to someone you trust. The problem is that they are also enormously easy to guess. It’s where we would expect an unwanted visitor to check first,...
3 crucial security steps people should do, but don't
Cybersecurity could be as easy as 1-2-3. The problem, though, is that people have to want it. In new research conducted by Malwarebytes, internet users across the United States and Canada admitted to dismal cybersecurity practices, failing to adopt some of the most basic defenses for staying safe...
Customer data stolen from gaming cloud host Shadow
Cloud infrastructure provider Shadow has warned of the data theft of over 500,000 customers. The customers were informed by a breach notification which was posted online. Cloud is known in the gaming world and, among other things, allows gamers to play resource heavy games on lower-end devices, T...
Take an Offensive Approach to Password Security by Continuously Monitoring for Breached Passwords
Passwords are at the core of securing access to an organization's data. However, they also come with security vulnerabilities that stem from their inconvenience. With a growing list of credentials to keep track of, the average end-user can default to shortcuts. Instead of creating a strong and...
Peeling off QR Code Phishing Onion
Peeling off QR Code Phishing Onion: Revealing the Hidden Layers of Deceit By Neel H. Pathak and Pratik Sunil Kadam · October 10, 2023 Introduction: Malicious actors always seek innovative ways to bypass detection. The Trellix Advanced Research Center recently noticed an attack campaign with an...
A week in security (October 2 - October 8)
Last week on Malwarebytes Labs: Multi-factor authentication has proven it works, so what are we waiting for? Amazon Prime email scammer snatches defeat from the jaws of victory 2023 MITRE ATT&CK® Evaluation results: Malwarebytes earns high marks for detection, blocks initial malware executions...
GitHub's Secret Scanning Feature Now Covers AWS, Microsoft, Google, and Slack
GitHub has announced an improvement to its secret scanning feature that extends validity checks to popular services such as Amazon Web Services AWS, Microsoft, Google, and Slack. Validity checks, introduced by the Microsoft subsidiary earlier this year, alert users whether exposed tokens found by...
EvilProxy Phishing Attack Targets Indeed Job Platform
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new phishing campaign has emerged, specifically targeting high-profile US executives. This campaign takes advantage of open redirects from the jobs platform Indeed and employs EvilProxy to pilfer sessi...
Cisco Adaptive Security Appliance Software Remote Access VPN Unauthorized Access - Brute Force Attack (cisco-sa-asaftd-ravpn-auth-8LyfCkeC)
A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations. This vulnerability is due to improper separation o...
FBI Warns of Rising Trend of Dual Ransomware Attacks Targeting U.S. Companies
The U.S. Federal Bureau of Investigation FBI is warning of a new trend of dual ransomware attacks targeting the same victims, at least since July 2023. "During these attacks, cyber threat actors deployed two different ransomware variants against victim companies from the following variants:...
Xenomorph hunts cryptocurrency logins on Android
Cryptocurrency owners should take heed of warnings related to Xenomorph malware--Bleeping Computer reports that the most recent version of Xenomorph now targets various cryptocurrency wallets using fake browser update messaging as bait. Xenomorph is roughly a year old, first springing to prominen...
Jumpserver Authorization Issues Vulnerability
Jumpserver is an open source bastion machine from Hangzhou Feizhiyun Information Technology Co. in China. JumpServer suffers from an authorization issue vulnerability that stems from the fact that when a user enables MFA and authenticates with a public key, the Koko SSH server does not validate t...
PT-2023-7221 · Unknown · Jumpserver
Name of the Vulnerable Software and Affected Versions: JumpServer versions prior to 3.5.6 JumpServer versions prior to 3.6.5 Description: The issue is related to the Koko SSH server in JumpServer, an open source bastion host. When users enable MFA and use a public key for authentication, the Koko...