1378 matches found
Xenomorph Banking Trojan: A New Variant Targeting 35+ U.S. Financial Institutions
An updated version of an Android banking trojan called Xenomorph has set its sights on more than 35 financial institutions in the U.S. The campaign, according to Dutch security firm ThreatFabric, leverages phishing web pages that are designed to entice victims into installing malicious Android ap...
Involved in a data breach? Here’s what you need to know
If you've received a message from a company saying your data has been caught up in a breach, you might be unsure what to do next. We've put together some tips which should help you when the more or less inevitable happens. 1. Check the companys advice Every breach is different, so check the...
Insecure Randomness
Amendment This was deemed not a vulnerability. Overview github.com/greenpau/caddy-security is a Security App and Plugin for Caddy v2. Affected versions of this package are vulnerable to Insecure Randomness due to using an insecure random number generation library which could possibly be predicted...
Retool Falls Victim to SMS-Based Phishing Attack Affecting 27 Cloud Clients
Software development company Retool has disclosed that the accounts of 27 of its cloud customers were compromised following a targeted and SMS-based social engineering attack. The San Francisco-based firm blamed a Google Account cloud synchronization feature recently introduced in April 2023 for...
Malware Scanning: An Essential Layer of Website Security
Wordfence recently launched Wordfence CLI, a high performance command line malware scanner, which makes use of our extensive set of malware detection signatures to rapidly scan file systems for infections. In recent years, the WordPress community has seen a shift in emphasis towards prevention,...
Cisco Adaptive Security Appliance Software Remote Access VPN Unauthorized Access - Unauthorized Clientless SSL VPN Session Establishment (cisco-sa-asaftd-ravpn-auth-8LyfCkeC)
A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to establish a clientless SSL VPN session with an unauthorized user. This vulnerability is due to improper separation of authentication, authorization,...
SolarWinds Serv-U 15.4 < 15.4 HF2 Authentication Bypass
The version of SolarWinds Serv-U installed on the remote host is prior to 15.4 HF2. It is, therefore, affected by a vulnerability as referenced in the serv-u154hf2 advisory. - A vulnerability has been identified within Serv-U 15.4 that, if exploited, allows an actor to bypass...
CVE-2023-40060
A vulnerability has been identified within Serv-U 15.4 and 15.4 Hotfix 1 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. 15.4. SolarWinds found that the issue was not completely...
CVE-2023-40060
A vulnerability has been identified within Serv-U 15.4 and 15.4 Hotfix 1 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. 15.4. SolarWinds found that the issue was not completely...
Authentication flaw
A vulnerability has been identified within Serv-U 15.4 and 15.4 Hotfix 1 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. 15.4. SolarWinds found that the issue was not completely...
CVE-2023-40060
Summary: CVE-2023-40060 affects SolarWinds Serv-U 15.4 and 15.4 Hotfix 1, allowing an administrator-level attacker to bypass MFA/MFA. The issue was not fully resolved by 15.4 Hotfix 1. Affected software & cause: Serv-U FTP Server (15.4 and 15.4 Hotfix 1). The root cause is an authentication bypas...
PT-2023-27243 · Solarwinds · Serv-U
Name of the Vulnerable Software and Affected Versions: Serv-U versions 15.4 through 15.4 Hotfix 1 Description: A vulnerability has been identified that allows an actor to bypass multi-factor/two-factor authentication if exploited. The actor must have administrator-level access to Serv-U to perfor...
SolarWinds Serv-U FTP Server Access Control Error Vulnerability
SolarWinds Serv-U FTP Server is a suite of FTP and MFT file transfer software from the US-based SolarWinds Corporation. An access control error vulnerability exists in versions of SolarWinds Serv-U FTP Server prior to 15.4 HF2, which stems from an attacker being able to bypass multi/two-factor...
Way Too Vulnerable: Join this Webinar to Understand and Strengthen Identity Attack Surface
In today's digital age, it's not just about being online but how securely your organization operates online. Regardless of size or industry, every organization heavily depends on digital assets. The digital realm is where business takes place, from financial transactions to confidential data...
Beware of MalDoc in PDF: A New Polyglot Attack Allowing Attackers to Evade Antivirus
Cybersecurity researchers have called attention to a new antivirus evasion technique that involves embedding a malicious Microsoft Word file into a PDF file. The sneaky method, dubbed MalDoc in PDF by JPCERT/CC, is said to have been employed in an in-the-wild attack in July 2023. "A file created...
A firsthand perspective on the recent LinkedIn account takeover campaign
Not long ago I wrote about a recent campaign to hold LinkedIn users' accounts to ransom. Shortly after I published the article, a co-worker, Pearce, reached out to me told me he'd been a target of the campaign. His story begins with an SMS text from LinkedIn telling him to reset his password. He...
Under Siege: Rapid7-Observed Exploitation of Cisco ASA SSL VPNs
Tyler Starks, Christiaan Beek, Robert Knapp, Zach Dayton, and Caitlin Condon contributed to this blog. Rapid7’s managed detection and response MDR teams have observed increased threat activity targeting Cisco ASA SSL VPN appliances physical and virtual dating back to at least March 2023. In some...
Cisco VPNs without MFA are under attack by ransomware operator
The Cisco Product Security Incident Response Team PSIRT has posted a blog about Akira ransomware targeting VPNs without Multi-Factor Authentication MFA. The Cisco team states that it is aware of reports of the Akira ransomware group going specifically after Cisco VPNs that are not configured for...
Unable to enter multi-factor authentication with Citrix DaaS Remote PowerShell SDK
After installing and running the Virtual Apps and Desktops Remote PowerShell SDK, explicit authentication is required using the Get-XdAuthentication cmdlet. After entering the username and password, multi-factor authentication dialog is displayed,but the 6-digit OTP code input items are not...
Rapid7’s Mid-Year Threat Review
It will come as little surprise to most people that cyber threats in 2023 have been rather prolific. From widely exploited vulnerabilities to high-profile ransomware and extortion campaigns, the first half of the year has seen more than its fair share of large-scale incidents. Rapid7’s 2023...