Lucene search
K

1378 matches found

Schneier on Security
Schneier on Security
added 2023/02/01 12:8 p.m.13 views

Passwords Are Terrible (Surprising No One)

This is the result of a security audit: More than a fifth of the passwords protecting network accounts at the US Department of the Interior--including Password1234, Password1234!, and ChangeItN0w!--were weak enough to be cracked using standard methods, a recently published security audit of the...

1.3AI score
Exploits0
OSV
OSV
added 2023/01/26 9:18 p.m.5 views

CVE-2023-0463

The force offline MFA prompt setting is not respected when switching to offline mode in Devolutions Remote Desktop Manager 2022.3.29 to 2022.3.30 allows a user to save sensitive data on disk...

3.3CVSS5.8AI score0.00228EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2023/01/25 7:43 a.m.46 views

LastPass Parent Company GoTo Suffers Data Breach, Customers' Backups Compromised

LastPass-owner GoTo formerly LogMeIn on Tuesday disclosed that unidentified threat actors were able to steal encrypted backups of some customers' data along with an encryption key for some of those backups in a November 2022 incident. The breach, which targeted a third-party cloud storage service...

0.5AI score
Exploits0
The Hacker News
The Hacker News
added 2023/01/25 7:43 a.m.3 views

LastPass Parent Company GoTo Suffers Data Breach, Customers' Backups Compromised

LastPass-owner GoTo formerly LogMeIn on Tuesday disclosed that unidentified threat actors were able to steal encrypted backups of some customers' data along with an encryption key for some of those backups in a November 2022 incident. The breach, which targeted a third-party cloud storage service...

6.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/01/13 4:45 p.m.9 views

US Department of the Interior's passwords "easily cracked"

It's bad news for the US Department of the Interior--a Government watchdogs security audit has revealed its passwords are simply not up to the job of warding off cracking attempts. The audit's wordy title was not kind: P@s$w0rds at the U.S. Department of the Interior: Easily Cracked Passwords, La...

0.3AI score
Exploits0
ICS
ICS
added 2023/01/10 12:0 a.m.39 views

Siemens Mendix SAML Module

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

9.3CVSS7.7AI score0.0047EPSS
Exploits0References11
OSV
OSV
added 2023/01/05 7:15 a.m.5 views

CVE-2022-43528

Under certain configurations, an attacker can login to Aruba EdgeConnect Enterprise Orchestrator without supplying a multi-factor authentication code. Successful exploitation allows an attacker to login using only a username and password and successfully bypass MFA requirements in Aruba EdgeConne...

6.5CVSS5.8AI score0.00368EPSS
Exploits0References1
NVD
NVD
added 2023/01/05 7:15 a.m.19 views

CVE-2022-43528

Under certain configurations, an attacker can login to Aruba EdgeConnect Enterprise Orchestrator without supplying a multi-factor authentication code. Successful exploitation allows an attacker to login using only a username and password and successfully bypass MFA requirements in Aruba EdgeConne...

6.5CVSS5.6AI score0.00368EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/01/03 7:41 p.m.9 views

CVE-2022-43528

Under certain configurations, an attacker can login to Aruba EdgeConnect Enterprise Orchestrator without supplying a multi-factor authentication code. Successful exploitation allows an attacker to login using only a username and password and successfully bypass MFA requirements in Aruba EdgeConne...

4.8CVSS7.3AI score0.00368EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/12/23 12:0 a.m.3 views

PT-2022-28037 · Rdiffweb · Rdiffweb

Name of the Vulnerable Software and Affected Versions: rdiffweb versions prior to 2.5.5 Description: The issue is related to the allocation of resources without limits or throttling in the rdiffweb GitHub repository. Specifically, there is no rate limit on the "resend email feature" when enabling...

7.1CVSS6.1AI score0.00632EPSS
Exploits1References10
Malwarebytes
Malwarebytes
added 2022/12/08 1:0 p.m.11 views

5 SaaS security best practices

Just about anywhere you look, organizations are relying on Software-as-a-Service SaaS apps like Dropbox and Hubspot to help power their businesses. With more SaaS apps, however, comes increased security risks. While SaaS is without a doubt the easiest and most accessible way for businesses to rea...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2022/12/06 11:0 a.m.72 views

Telecom and BPO Companies Under Attack by SIM Swapping Hackers

A persistent intrusion campaign has set its eyes on telecommunications and business process outsourcing BPO companies at lease since June 2022. "The end objective of this campaign appears to be to gain access to mobile carrier networks and, as evidenced in two investigations, perform SIM swapping...

10CVSS10AI score0.99999EPSS
Exploits8
Imperva Blog
Imperva Blog
added 2022/11/29 12:8 p.m.22 views

The 5 Core Principles of the Zero-Trust Cybersecurity Model

When even the US Government concludes that to ensure baseline security practices are in place and to realize the security benefits of cloud-based infrastructure while mitigating associated risks, they must migrate to a zero-trust model, every organization should be actively moving in that...

0.1AI score
Exploits0
NVD
NVD
added 2022/11/28 10:15 p.m.20 views

CVE-2022-38753

This update resolves a multi-factor authentication bypass attack...

6.3CVSS0.00468EPSS
Exploits0References1
OSV
OSV
added 2022/11/28 10:15 p.m.3 views

CVE-2022-38753

This update resolves a multi-factor authentication bypass attack...

6.3CVSS5.8AI score0.00468EPSS
Exploits0References1
Prion
Prion
added 2022/11/28 10:15 p.m.10 views

Authentication flaw

This update resolves a multi-factor authentication bypass attack...

6.5CVSS6.6AI score0.00468EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/11/28 12:0 a.m.7 views

CVE-2022-38753

This update resolves a multi-factor authentication bypass attack...

7.2AI score0.00468EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/11/28 12:0 a.m.3 views

PT-2022-24551 · Micro Focus · Netiq Advance Authentication

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: This issue concerns a multi-factor authentication bypass attack. The estimated number of potentially affected devices worldwide is not available. There ...

6.3CVSS6.5AI score0.00468EPSS
Exploits0References4
Cvelist
Cvelist
added 2022/11/28 12:0 a.m.19 views

CVE-2022-38753

This update resolves a multi-factor authentication bypass attack...

6.8AI score0.00468EPSS
Exploits0References1
ICS
ICS
added 2022/11/25 12:0 p.m.91 views

#StopRansomware: Hive Ransomware

Actions to Take Today to Mitigate Cyber Threats from Ransomware: 1. Prioritize remediating known exploited vulnerabilities. 2. Enable and enforce multifactor authentication with strong passwords. 3. Close unused ports and remove any application not deemed necessary for day-to-day operations...

10CVSS8.7AI score0.99999EPSS
Exploits27References54
Rows per page
Query Builder