Lucene search
K

291 matches found

Malwarebytes
Malwarebytes
added 2023/08/18 7:15 p.m.21 views

Attackers demand ransoms for stolen LinkedIn accounts

An ongoing campaign targeting LinkedIn accounts has led to victims losing control of their accounts, or being locked out following repeated login attempts. Whether the attackers are using brute force methods or credential stuffing isn't known, but because some victims are being being locked out...

7.1AI score
Exploits0
Wallarm Lab
Wallarm Lab
added 2023/08/05 1:45 p.m.37 views

2023 OWASP Top-10 Series: API2:2023 Broken Authentication

Welcome to the 3rd post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API2:2023 Broken Authentication. In this series we are taking an in-depth look at each category – the details, the impact and wha...

7.1AI score
Exploits0
Wallarm Lab
Wallarm Lab
added 2023/06/22 1:0 p.m.16 views

Introducing Integrated API Abuse Prevention to Combat Bad Bots

In recent years theres been a rise in "API Abuse" attacks, which includes detrimental automated behaviors such as malicious bots, account takeover ATO, credential stuffing, application layer L7 DDoS, data scraping, and more. For instance, in April-2021 malicious actors scraped the personal data o...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/05/15 12:0 a.m.10 views

Malicious actor can win auction unfavorably to the protocol by block stuffing

Lines of code Vulnerability details Vulnerability Details When protocol’s bad debt is auctioned off with 10% incentive at the beginning. A user who gives the best bid, wins. The auction ends when at least one account placed a bid, and current block number is bigger than nextBidderBlockLimit:...

6.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/05/04 10:30 a.m.18 views

The one and only password tip you need

OK, its time for me to keep a promise. Back in October 2022, I wrote an article called Why almost everything we told you about passwords was wrong. The article summarizes how a lot of what youve been told about passwords over the years was either wrong change your passwords as often as your...

7.1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2023/03/28 3:6 p.m.27 views

Two-Week ATO Attack Mitigated by Imperva

Beginning on February 7, an Imperva-protected account was targeted by an ongoing account takeover ATO attack that lasted for two weeks. On average, attacks last a few hours or a couple days at most, so the length of this attack was an anomaly and underscores the persistence of the attackers. As a...

6.4AI score
Exploits0
RedhatCVE
RedhatCVE
added 2023/03/02 12:29 p.m.50 views

CVE-2022-27672

A flaw was found in HW. When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch, potentially resulting in information disclosure. Mitigation The current mitigations for spectre V4 or spectrev2 should mitiga...

4.7CVSS6.4AI score0.00289EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2023/02/16 12:0 a.m.91 views

CVE-2023-23752

An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints. Recent assessments: noraj at March 24, 2023 9:21am UTC reported: There are at least two ways to achieve RCE. Vector n°1 It leaks the MySQL credentials, in default a...

5.3CVSS5.7AI score0.99827EPSS
In wildExploits43References7
SUSE CVE
SUSE CVE
added 2023/02/15 5:58 a.m.3 views

SUSE CVE-2010-2524

The DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIGCIFSDFSUPCALL is enabled, relies on a user's keyring for the dnsresolver upcall in the cifs.upcall userspace helper, which allows local users to spoof the results of DNS queries and perform...

7.8CVSS6.4AI score0.00423EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2023/01/25 12:0 a.m.27 views

Siemens Desigo PXC and DXR Devices Improper Restriction of Excessive Authentication Attempts (CVE-2022-24044)

A vulnerability has been identified in Desigo DXR2 All versions V01.21.142.5-22, Desigo PXC3 All versions V01.21.142.4-18, Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The login functionality of the application does not employ any countermeasures...

7.5CVSS7.2AI score0.00844EPSS
Exploits0References3
Rapid7 Blog
Rapid7 Blog
added 2023/01/19 3:10 p.m.19 views

Trading Convenience for Credentials

Tap. Eat. Repeat. Regret? Using food or grocery delivery apps is great. It really is. Sure, there’s a fee, but when you can’t bring yourself to leave the house, it’s a nice treat to get what you want delivered. As a result, adoption of food apps has been incredibly fast and they are now a...

0.9AI score
Exploits0
The Hacker News
The Hacker News
added 2022/12/23 4:7 a.m.35 views

LastPass Admits to Severe Data Breach, Encrypted Password Vaults Stolen

The August 2022 security breach of LastPass may have been more severe than previously disclosed by the company. The popular password management service on Thursday revealed that malicious actors obtained a trove of personal information belonging to its customers that include their encrypted...

0.7AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/10/27 1:38 p.m.22 views

Imperva Stops Hordes of Bots from Hijacking Financial Accounts in Largest Recorded Account Takeover Attack

Consider for a moment that an army of bots is setting their sights on your website. They target your login page and hammer it with millions of requests in an ongoing attack that lasts days, raising your infrastructure and fraud prevention costs. Would this frighten you? What if this barrage of bo...

0.3AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/10/25 12:50 p.m.25 views

How Imperva Mitigates Security Threats in Oracle Cloud Infrastructures

Most organizations today rely on an unprecedented number of computing resources to build, deploy and scale the workflows and applications they need to succeed. They are responsible for more data than ever before, on-premises and in the cloud, which presents them with challenges they’ve never face...

0.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/10/20 1:0 p.m.12 views

New Research: We’re Still Terrible at Passwords; Making it Easy for Attackers

Passwords, amirite? We all have them. Probably a lot of them. And they are among the most important lines of defense against nefarious attackers seeking access to our online accounts. Sadly, as we all know too well, password health isn’t exactly our collective strong suit and too often we hear...

0.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/10/10 3:0 p.m.15 views

Credential stuffers take aim at Final Fantasy XIV players

Square Enix, the company behind video games like Final Fantasy XIV, reports that a third party is attempting to gain access to its Account Management System. How is this happening, and what are the risks? More importantly, what do you need to do to ensure your accounts are safe from harm?...

7.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/10/02 7:0 p.m.26 views

Why (almost) everything we told you about passwords was wrong

I have an embarrassing confession to make: I reuse passwords. I am not proud of it, but honestly its a relief to finally get it off my chest. I am not a heavy re-user, nothing crazy, I use a password manager to handle most of my credentials but I still reuse the odd password from time to time. It...

7.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/09/27 11:0 a.m.21 views

Exchange servers abused for spam through malicious OAuth applications

Microsoft has published a security blog about an investigation into an attack in which threat actors used malicious OAuth applications to abuse Exchange servers for their spam campaign. The threat actor behind this attack has been active for many years, and has been running spam campaigns using...

0.7AI score
Exploits0
The Hacker News
The Hacker News
added 2022/09/23 5:14 a.m.56 views

Hackers Using Malicious OAuth Apps to Take Over Email Servers

Microsoft on Thursday warned of a consumer-facing attack that made use of rogue OAuth applications deployed on compromised cloud tenants to ultimately seize control of Exchange servers and spread spam. "The threat actor launched credential stuffing attacks against high-risk accounts that didn't...

0.4AI score
Exploits0
Microsoft Malware Protection
Microsoft Malware Protection
added 2022/09/22 4:0 p.m.35 views

Malicious OAuth applications abuse cloud email services to spread spam

Microsoft researchers recently investigated an attack where malicious OAuth applications were deployed on compromised cloud tenants and then used to control Exchange Online settings and spread spam. The investigation revealed that the threat actor launched credential stuffing attacks against...

0.1AI score
Exploits0
Rows per page
Query Builder