Lucene search
K

1378 matches found

Positive Technologies
Positive Technologies
added 2023/04/25 12:0 a.m.7 views

PT-2023-13898 · Ping Identity · Pingid Radius Pcv Adapter

Name of the Vulnerable Software and Affected Versions: PingID RADIUS PCV adapter for PingFederate affected versions not specified Description: The issue concerns a bypass of multi-factor authentication MFA under certain configurations. It affects the PingID RADIUS PCV adapter for PingFederate,...

6.5CVSS6.6AI score0.00517EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/04/05 11:0 p.m.3 views

CVE-2023-20123

A vulnerability in the offline access mode of Cisco Duo Two-Factor Authentication for macOS and Duo Authentication for Windows Logon and RDP could allow an unauthenticated, physical attacker to replay valid user session credentials and gain unauthorized access to an affected macOS or Windows...

6.3CVSS5.9AI score0.00247EPSS
Exploits0References2
Trellix
Trellix
added 2023/04/05 12:0 a.m.16 views

Genesis Market No Longer Feeds The Evil Cookie Monster

Genesis Market No Longer Feeds The Evil Cookie Monster By John Fokker, Ernesto Fernández Provecho and Max Kersten · April 05, 2023 We would like to thank Steen Pedersen and Mo Cashman for their remediation advice. On the 4th and the 5th of April, a law enforcement taskforce spanning agencies acro...

7.6AI score
Exploits0
Trellix
Trellix
added 2023/04/05 12:0 a.m.15 views

Genesis Market No Longer Feeds The Evil Cookie Monster

Genesis Market No Longer Feeds The Evil Cookie Monster By John Fokker and Ernesto Fernández Provecho · April 05, 2023 This blog was also written by Max Kersten We would like to thank Steen Pedersen and Mo Cashman for their remediation advice. On the 4th and the 5th of April, a law enforcement...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2023/03/27 10:56 a.m.45 views

Where SSO Falls Short in Protecting SaaS

Single sign-on SSO is an authentication method that allows users to authenticate their identity for multiple applications with just one set of credentials. From a security standpoint, SSO is the gold standard. It ensures access without forcing users to remember multiple passwords and can be furth...

6.4AI score
Exploits0
OSV
OSV
added 2023/03/23 7:27 p.m.18 views

CVE-2023-28436 Non-interactive Tailscale SSH sessions on FreeBSD may use the effective group ID of the tailscaled process

Tailscale is software for using Wireguard and multi-factor authentication MFA. A vulnerability identified in the implementation of Tailscale SSH starting in version 1.34.0 and prior to prior to 1.38.2 in FreeBSD allows commands to be run with a higher privilege group ID than that specified in...

5.7CVSS8AI score0.0046EPSS
Exploits0References6
OSV
OSV
added 2023/03/23 2:15 a.m.7 views

CVE-2023-23192

IS Decisions UserLock MFA 11.01 is vulnerable to authentication bypass using scheduled task...

7.2CVSS7.1AI score0.01476EPSS
Exploits1References2
The Hacker News
The Hacker News
added 2023/03/10 12:56 p.m.4 views

When Partial Protection is Zero Protection: The MFA Blind Spots No One Talks About

Multi-factor Authentication MFA has long ago become a standard security practice. With a wide consensus on its ability to fend off more than 99% percent of account takeover attacks, it's no wonder why security architects regard it as a must-have in their environments. However, what seems to be le...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2023/03/10 12:56 p.m.28 views

When Partial Protection is Zero Protection: The MFA Blind Spots No One Talks About

Multi-factor Authentication MFA has long ago become a standard security practice. With a wide consensus on its ability to fend off more than 99% percent of account takeover attacks, it's no wonder why security architects regard it as a must-have in their environments. However, what seems to be le...

0.2AI score
Exploits0
CNNVD
CNNVD
added 2023/03/02 12:0 a.m.3 views

SonicWALL SonicOS 安全漏洞

SonicWALL SonicOS is a suite of operating systems from SonicWALL, Inc. designed for SonicWall firewall appliances. A security vulnerability exists in SonicWALL SonicOS SSLVPN that stems from an improper restriction of too many MFA attempts, allowing an authenticated attacker to use too much MFA...

8.8CVSS6.3AI score0.00684EPSS
Exploits0References2
Malwarebytes
Malwarebytes
added 2023/03/01 1:45 a.m.12 views

LastPass was undone by an attack on a remote employee

Last August, LastPass suffered a well publicised breach: Developer systems were compromised and source code stolen. This resulted in a second breach in November, which was revealed by LastPass in December. The company has now revealed that the individuals responsible for the attack also compromis...

0.1AI score
Exploits0
Talos Blog
Talos Blog
added 2023/02/23 7:0 p.m.46 views

Threat Source newsletter (Feb. 23, 2023) — Social media sites are making extra security a paid feature

Welcome to this weeks edition of the Threat Source newsletter. Social medias latest business plan seems to be charging for security. Twitter recently announced a plan to make SMS-based two-factor authentication a paid service as part of Twitter Blue -- asking users to pay either $8 or $11 monthly...

8.3AI score0.99999EPSS
Exploits12
Positive Technologies
Positive Technologies
added 2023/02/22 12:0 a.m.7 views

PT-2023-19397 · H3C · H3C A210-G

Name of the Vulnerable Software and Affected Versions: H3C A210-G version A210-GV100R005 Description: The issue is related to access control, allowing attackers to authenticate without a password. Recommendations: For H3C A210-G version A210-GV100R005, consider restricting access to the device...

9.8CVSS9.4AI score0.00787EPSS
Exploits1References2
The Hacker News
The Hacker News
added 2023/02/21 10:13 a.m.40 views

Coinbase Employee Falls for SMS Scam in Cyber Attack, Limited Data Exposed

Popular cryptocurrency exchange platform Coinbase disclosed that it experienced a cybersecurity attack that targeted its employees. The company said its "cyber controls prevented the attacker from gaining direct system access and prevented any loss of funds or compromise of customer information."...

0.8AI score
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.8 views

SA44399 - 2020-03: Out-of-Cycle Advisory: Pulse Secure recommendations for Enterprise VPN Security (AA20-073A)

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Many organizations are switching to alternate workplace options for employees in response to the rapidly spreading Novel Coronavirus COVID-19. Malicious cyber actors will inevitably...

7.4AI score
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.8 views

SA44574 - 2020-08: Out-of-Cycle Advisory: FBI and NSA Expose New Linux Malware Drovorub

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. The United States National Security Agency and Federal Bureau of Investigation have released a Cybersecurity Advisory regarding the Drovorub malware. Drovorub is Linux malware that...

7.9AI score
Exploits0
The Hacker News
The Hacker News
added 2023/02/09 1:11 p.m.2 views

Webinar: Learn How to Comply with New Cyber Insurance Identity Security Requirements

Have you ever stopped to think about the potential consequences of a cyberattack on your organization? It's getting more intense and destructive every day, and organizations are feeling the heat. That's why more and more businesses are turning to cyber insurance to find some much-needed peace of...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2023/02/07 12:47 p.m.3 views

Tackling the New Cyber Insurance Requirements: Can Your Organization Comply?

With cyberattacks around the world escalating rapidly, insurance companies are ramping up the requirements to qualify for a cyber insurance policy. Ransomware attacks were up 80% last year, prompting underwriters to put in place a number of new provisions designed to prevent ransomware and stem t...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2023/02/07 12:47 p.m.24 views

Tackling the New Cyber Insurance Requirements: Can Your Organization Comply?

With cyberattacks around the world escalating rapidly, insurance companies are ramping up the requirements to qualify for a cyber insurance policy. Ransomware attacks were up 80% last year, prompting underwriters to put in place a number of new provisions designed to prevent ransomware and stem t...

0.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/02/03 3:0 p.m.22 views

The rise of multi-threat ransomware

Today we have a ten minute YouTube expedition into the murky world of ransomware. In the video, "The rise of multi-threat ransomware" embedded below, I cover a couple of key talking points that always seem to come up in conversation. Single, double, triple? The video covers how ransomware made th...

0.2AI score
Exploits0
Rows per page
Query Builder