1378 matches found
Microsoft Teams used in phishing campaign to bypass multi-factor authentication
Attackers believed to have ties to Russia's Foreign Intelligence Service SVR are using Microsoft Teams chats as credential theft phishing lures. Microsoft Threat Intelligence has posted details about the perceived attacks targeted at fewer than 40 unique global organizations. The targeted...
Microsoft Exposes Russian Hackers' Sneaky Phishing Tactics via Microsoft Teams Chats
Microsoft on Wednesday disclosed that it identified a set of highly targeted social engineering attacks mounted by a Russian nation-state threat actor using credential theft phishing lures sent as Microsoft Teams chats. The tech giant attributed the attacks to a group it tracks as Midnight Blizza...
What might authentication attacks look like in a phishing-resistant future?
By Thorsten Rosendahl and Tiago Pereira, with contributions from Matthew Miller. The industry has come a long way in terms of improving how we make user authentication more secure. From the most basic concept of relying on usernames and passwords for authentication to enabling multi-factor...
Unable to login to Citrix Cloud - Error: "incorrect username, password or token"
Unable to login to Citrix Cloud to access virtualized app. The error message "incorrect username, password or token" is displayed. The process of setting up MFA works perfectly, but once Authenticator App is paired and actual login attempted, it always fails...
How to secure your business before going on vacation
For many, the summer months should be a time of peace: Maybe taking some vacation, maybe strolling across warm, soft sands as sapphire waves lap up against your feet, maybe even spending time with family that you like. But for determined cybercriminals, these periods of near-universal rest and...
Cybercrime Group 'Muddled Libra' Targets BPO Sector with Advanced Social Engineering
A threat actor known as Muddled Libra is targeting the business process outsourcing BPO industry with persistent attacks that leverage advanced social engineering ploys to gain initial access. "The attack style defining Muddled Libra appeared on the cybersecurity radar in late 2022 with the relea...
Adversary-in-the-Middle Attack Campaign Hits Dozens of Global Organizations
"Dozens" of organizations across the world have been targeted as part of a broad business email compromise BEC campaign that involved the use of adversary-in-the-middle AitM techniques to carry out the attacks. "Following a successful phishing attempt, the threat actor gained initial access to on...
Vulnerabilities fixed in Joomla!
Joomla! has fixed vulnerabilities in the MultiFactor Authentication system of Joomla! CMS. An unauthenticated malicious party could exploit the vulnerabilities to launch a Cross-Site-Scripting XSS attack, or to use brute force to access the account. forcing to gain access to a user's account and...
PT-2023-19179 · Joomla · Joomla!
Name of the Vulnerable Software and Affected Versions: Joomla! versions 4.2.0 through 4.3.1 Description: The issue is related to the lack of rate limiting, which allows brute force attacks against Multi-Factor Authentication MFA methods. MFA is a security process that requires a user to provide t...
PT-2023-19178 · Joomla · Joomla!
Name of the Vulnerable Software and Affected Versions: Joomla! versions 4.2.0 through 4.3.1 Description: The issue is caused by a lack of input validation, resulting in an open redirect and XSS issue within the new mfa selection screen. Recommendations: For Joomla! versions 4.2.0 through 4.3.1,...
Joomla! 安全漏洞
Joomla! is a set of forum components used in the Joomla! content management system. A security vulnerability exists in Joomla! versions 4.2.0 through 4.3.1, which stems from a lack of rate limiting and allows brute force attacks on MFA methods...
CISA updates ransomware guidance
The Cybersecurity and Infrastructure Security Agency CISA has updated its StopRansomware guide to account for the fact that ransomware actors have accelerated their tactics and techniques since the original guide was released in September of 2020. The StopRansomware guide is set up as a one-stop...
Join Our Webinar: Learn How to Defeat Ransomware with Identity-Focused Protection
Are you concerned about ransomware attacks? You're not alone. In recent years, these attacks have become increasingly common and can cause significant damage to organizations of all sizes. But there's good news - with the right security measures in place, such as real-time MFA and service account...
CERT-UA Warns of SmokeLoader and RoarBAT Malware Attacks Against Ukraine
An ongoing phishing campaign with invoice-themed lures is being used to distribute the SmokeLoader malware in the form of a polyglot file, according to the Computer Emergency Response Team of Ukraine CERT-UA. The emails, per the agency, are sent using compromised accounts and come with a ZIP...
NTLMRecon - A Tool For Performing Light Brute-Forcing Of HTTP Servers To Identify Commonly Accessible NTLM Authentication Endpoints
NTLMRecon is a Golang version of the original NTLMRecon utility written by Sachin Kamath AKA pwnfoo. NTLMRecon can be leveraged to perform brute forcing against a targeted webserver to identify common application endpoints supporting NTLM authentication. This includes endpoints such as the Exchan...
Wanted Dead or Alive: Real-Time Protection Against Lateral Movement
Just a few short years ago, lateral movement was a tactic confined to top APT cybercrime organizations and nation-state operators. Today, however, it has become a commoditized tool, well within the skillset of any ransomware threat actor. This makes real-time detection and prevention of lateral...
CVE-2022-40722
A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA...
CVE-2022-40723
The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA, is vulnerable to MFA bypass under certain configurations...
CVE-2022-40723 Configuration-based MFA Bypass in PingID RADIUS PCV.
The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA, is vulnerable to MFA bypass under certain configurations...
PingID Adapter 加密问题漏洞
PingID Adapter is a middleware for authentication and access control from Ping Identity. A security vulnerability exists in PingID Adapter that stems from the vulnerability of offline MFA to pre-computed dictionary attacks, which can lead to offline MFA being bypassed...