Lucene search
K

1378 matches found

ThreatPost
ThreatPost
added 2022/08/29 2:56 p.m.146 views

Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

Targeted attacks on Twilio and Cloudflare employees are tied to a massive phishing campaign that resulted in 9,931 accounts at over 130 organizations being compromised. The campaigns are tied to focused abuse of identity and access management firm Okta, which gained the threat actors the 0ktapus...

7.4AI score
Exploits0References4
Malwarebytes
Malwarebytes
added 2022/08/26 10:0 a.m.10 views

Source code of password manager LastPass stolen by attacker

In a security incident notice from LastPass the company informed the public know that an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account. There is no evidence that this incident involved any access to customer dat...

Exploits0
CNNVD
CNNVD
added 2022/08/26 12:0 a.m.2 views

Broadcom Symantec Privileged Access Management 安全漏洞

Broadcom Symantec Privileged Access Management is a security software from Broadcom, Inc. It helps prevent security breaches by protecting sensitive administrative credentials, controlling privileged user access, proactively enforcing security policies, and monitoring and logging privileged user...

8.8CVSS6.7AI score0.00728EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2022/08/25 2:49 p.m.63 views

Okta Hackers Behind Twilio and Cloudflare Attacks Hit Over 130 Organizations

The threat actor behind the attacks on Twilio and Cloudflare earlier this month has been linked to a broader phishing campaign aimed at 136 organizations that resulted in a cumulative compromise of 9,931 accounts. The activity has been condemned 0ktapus by Group-IB because the initial goal of the...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/08/25 11:45 a.m.20 views

Man-in-the-Middle Phishing Attack

Heres a phishing campaign that uses a man-in-the-middle attack to defeat multi-factor authentication: Microsoft observed a campaign that inserted an attacker-controlled proxy site between the account users and the work server they attempted to log into. When the user entered a password into the...

0.5AI score
Exploits0
The Hacker News
The Hacker News
added 2022/08/24 9:29 a.m.43 views

Researchers Warn of AiTM Attack Targeting Google G-Suite Enterprise Users

The threat actors behind a large-scale adversary-in-the-middle AiTM phishing campaign targeting enterprise users of Microsoft email services have also set their sights on Google Workspace users. "This campaign specifically targeted chief executives and other senior members of various organization...

0.3AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/08/18 4:26 p.m.19 views

The Five Principles of a Zero Trust Cybersecurity Model

When even the US Government concludes that to ensure baseline security practices are in place and to realize the security benefits of cloud-based infrastructure while mitigating associated risks, they must migrate to a zero trust model, every organization should be actively moving in that...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2022/08/17 4:46 a.m.46 views

RubyGems Makes Multi-Factor Authentication Mandatory for Top Package Maintainers

RubyGems, the official package manager for the Ruby programming language, has become the latest platform to mandate multi-factor authentication MFA for popular package maintainers, following the footsteps of NPM and PyPI. To that end, owners of gems with over 180 million total downloads are...

0.4AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/08/11 1:2 p.m.12 views

Cybersecurity and PR: Making Data Protection Public

The customer cares Customers regularly see news about privacy and hacking, and they want to know that it’s safe for them to give over their personal data. A lack of trust in an eCommerce site is a leading reason why potential customers abandon their shopping carts. Consumers have no shortage of...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2022/08/11 10:10 a.m.33 views

What the Zola Hack Can Teach Us About Password Security

Password security is only as strong as the password itself. Unfortunately, we are often reminded of the danger of weak, reused, and compromised passwords with major cybersecurity breaches that start with stolen credentials. For example, in May 2022, the popular wedding planning site, Zola, was th...

0.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/08/10 8:0 a.m.28 views

5 cybersecurity tips for students going back to school

The new school season is just around the corner. And while you are getting ready to go back to school, now is a good opportunity to check you are doing all you can to stay as safe as possible online. Make sure you are doing these five things: 1. Use multi-factor authentication MFA MFA has become ...

7.4AI score
Exploits0
Huntr
Huntr
added 2022/08/06 5:53 p.m.20 views

Previously created sessions continue being valid after MFA activation [namelessmc.com]

Description 1. Hello Team I found one issue related to your 2FA system on https://namelessmc.com/user/settings/?do=enabletfa&s=2 Vulnerability Type: 1. Improper Access Control - Generic STEP TO REPRODUCE: 1. 1- access the same account on https://namelessmc.com/ in two devices 2. 2- on device 'A' ...

6.4CVSS0.5AI score0.00594EPSS
Exploits1References1
The Hacker News
The Hacker News
added 2022/08/03 9:3 a.m.58 views

Researchers Warns of Large-Scale AiTM Attacks Targeting Enterprise Users

A new, large-scale phishing campaign has been observed using adversary-in-the-middle AitM techniques to get around security protections and compromise enterprise email accounts. "It uses an adversary-in-the-middle AitM attack technique capable of bypassing multi-factor authentication," Zscaler...

7.1AI score
Exploits0
CISA
CISA
added 2022/08/02 12:0 a.m.20 views

CISA and ACSC Release Top 2021 Malware Strains

CISA and the Australian Cyber Security Centre ACSC have published a joint Cybersecurity Advisory on the top malware strains observed in 2021. Malicious cyber actors often use malware to covertly compromise and then gain access to a computer or mobile device. As malicious cyber actors have been...

1AI score
Exploits0References5
The Hacker News
The Hacker News
added 2022/07/13 10:26 a.m.50 views

Microsoft Warns of Large-Scale AiTM Phishing Attacks Against Over 10,000 Organizations

Microsoft on Tuesday disclosed that a large-scale phishing campaign targeted over 10,000 organizations since September 2021 by hijacking Office 365's authentication process even on accounts secured with multi-factor authentication MFA. "The attackers then used the stolen credentials and session...

6.8AI score
Exploits0
CNVD
CNVD
added 2022/07/11 12:0 a.m.17 views

IBM Security Verify Access Cross-Site Scripting Vulnerability (CNVD-2022-87651)

IBM Security Verify Access ISAM is a service from IBM USA that improves user access security. The service enables secure and simple access to platforms such as Web, mobile, IoT and cloud technologies through the use of risk-based access, single sign-on, integrated access management controls,...

5.4CVSS2AI score0.004EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2022/07/01 12:0 a.m.4 views

The vulnerability of the PingID software for multi-factor authentication of applications in Windows systems allows a perpetrator to trigger a service failure due to improper resource cleaning or release.

The vulnerability of the MFA Multi-Factor Authentication PingID software for Windows is related to improper cleaning or release of resources. Exploiting this vulnerability can allow a attacker to cause service failures...

5CVSS5.9AI score0.00232EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/07/01 12:0 a.m.4 views

The vulnerability of the PingID software for multi-factor authentication of applications involves improper use of privileged APIs, allowing an attacker to escalate their privileges.

The vulnerability of the PingID software for multi-factor authentication of applications relates to the improper use of privileged APIs. Exploiting this vulnerability could allow an attacker to enhance their privileges...

7.2CVSS7.5AI score0.00242EPSS
Exploits0References3Affected Software1
ThreatPost
ThreatPost
added 2022/06/28 1:5 p.m.96 views

Top Six Security Bad Habits, and How to Break Them

Cybercrime is on the rise, and attacks are getting faster, more nuanced and increasingly sophisticated. The number of cyberattack-related data breaches rose 27 percent in 2021 — an upward trend that shows no signs of slowing down. Bad security habits, such as using the same password more than onc...

7.3AI score
Exploits0References4
Huntr
Huntr
added 2022/06/16 3:27 p.m.12 views

Disabling Account Multi Factor Authentication (MFA) Does Not Require Authenticator Token or Credentials

Description The application does not require a valid MFA authenticator token, user credentials, or other mechanism to disable MFA on an account. Proof of Concept 1. In an account with MFA enabled, go to User Settings 2. Click on Remove multifactor 3. Select the response when the window pops up 4...

1.8AI score
Exploits0References2
Rows per page
Query Builder