November 4, 2023 at 05:24AM Identity and authentication management provider, Okta, reported a recent data breach that affected 134 out of its 18,400 customers. The breach occurred from September 28 to October 17, 2023, and resulted in unauthorized access to session tokens. The company revealed that 5 customers had their legitimate Okta sessions hijacked. Okta … Read more
November 3, 2023 at 11:22AM Microsoft Exchange is affected by four zero-day vulnerabilities, as reported by Trend Micro’s Zero Day Initiative (ZDI). Despite Microsoft acknowledging the flaws, they have postponed fixing them, leading ZDI to publish details to warn Exchange administrators. The vulnerabilities allow remote code execution, unauthorized information disclosure, and risk sensitive data exposure. … Read more
October 31, 2023 at 02:22PM Software maker Atlassian has issued a warning to all Confluence Data Center and Server customers about a critical vulnerability that could be exploited without authentication. The vulnerability, known as CVE-2023-22518, is an improper authorization bug that affects all Confluence versions. Although no data exfiltration can occur from exploiting the flaw, … Read more
October 18, 2023 at 02:52PM There is an active attack targeting a critical security vulnerability in Citrix NetScaler that was patched last week. The vulnerability allows cyber attackers to hijack authenticated sessions, potentially bypassing multifactor authentication. While the patch helps mitigate the issue, organizations are advised to terminate all active sessions to fully remediate the … Read more
October 17, 2023 at 10:51AM Two critical security flaws have been discovered in the CasaOS personal cloud software. These vulnerabilities allow attackers to bypass authentication and gain full access to the CasaOS dashboard. Additionally, attackers can exploit third-party applications to execute arbitrary commands on the system and gain persistent access. The flaws have been addressed … Read more
October 14, 2023 at 02:48AM Microsoft plans to eliminate NT LAN Manager (NTLM) in Windows 11, focusing instead on strengthening the Kerberos authentication protocol. New features in Windows 11 include Initial and Pass Through Authentication Using Kerberos (IAKerb) and a local Key Distribution Center (KDC) for Kerberos. NTLM has vulnerabilities that make it susceptible to … Read more
October 13, 2023 at 12:50PM Microsoft has announced that the NTLM authentication protocol will be phased out in Windows 11. Kerberos has replaced NTLM as the default authentication protocol since Windows 2000. Despite being used in older versions, NTLM is still vulnerable to attacks such as relay attacks and pass-the-hash attacks. Microsoft is working on … Read more
October 13, 2023 at 09:19AM Juniper Networks has released patches for over 30 vulnerabilities in Junos OS and Junos OS Evolved. The most critical flaw is an incorrect default permissions bug that allows unauthorized access and the creation of a backdoor with root privileges. Other vulnerabilities include denial of service (DoS) risks and impacts on … Read more
October 12, 2023 at 04:59PM Fraudsters are exploiting X’s new verification system to impersonate brands and steal personal information. The system, implemented after Elon Musk changed the rules, allows anyone to obtain a blue checkmark by paying a monthly fee. Scammers have taken advantage of this, creating fake accounts and using phishing pages to gather … Read more
October 12, 2023 at 06:26AM Researchers at Approov have discovered that encryption, authentication, and signing keys are frequently exposed in mobile fintech apps used in Africa. The study found that when the top 10 revenue and download-generating apps were reverse-engineered, passwords, API keys, and private keys for cryptography were exposed. The researchers also identified that … Read more