Infosecurity News
Mend.io SAML Vulnerability Exposed
SAML flaw in enabled rogue customers to access others’ SaaS data
The Hacker News
New Silver SAML Attack Evades Golden SAML Defenses in Identity Systems
Researchers have disclosed a new attack technique, "Silver SAML," targeting applications that use cloud identity providers such as Microsoft Entra ID.
DarkReading
Echoes of SolarWinds in New 'Silver SAML' Attack Technique
A successor to the "Golden SAML" tactic used in the SolarWinds campaign, this new technique taps SAML response forgery to gain illegitimate access to apps and services.
CSO
If you are generating SAML signing certificates externally, STOP!!
SAML authentication certificates, generated with tools other than dedicated cloud identity solutions, can be forged by hackers, according to a new proof of concept.
Bleeping Computer
GitHub warns of SAML auth bypass flaw in Enterprise Server
GitHub has fixed a maximum severity (CVSS v4 score: 10.0) authentication bypass vulnerability tracked as CVE-2024-4986, which impacts GitHub Enterprise Server (GHES) instances using SAML single sign-on (SSO) authentication.
DarkReading
GitHub Authentication Bypass Opens Enterprise Server to Attackers
The max-severity bug affects versions using the SAML single sign-on mechanism.
The Cyber Express
Thousands at Risk in the U.S. from Critical GitHub Enterprise Server Flaw
Thousands of GitHub Enterprise Server (GHES) instances in the United States using SAML single sign-on (SSO) authentication are at high
DarkReading
Ivanti VPN Flaw Exploited to Inject Novel Backdoor; Hundreds Pwned
A SAML vulnerability in Ivanti appliances has led to persistent remote access and full control for opportunistic cyberattackers.
Security Affairs
Patch your Zoho ManageEngine instance immediately! PoC Exploit for CVE-2022-47966 will be released soon
A PoC exploit code for the unauthenticated remote code execution vulnerability CVE-2022-47966 in Zoho ManageEngine will be released soon. The CVE-2022-47966 flaw is an unauthenticated remote code execution vulnerability that impacts multiple Zoho products with SAML SSO enabled in the ManageEngine setup. The issue also impacts products that had the feature enabled in the past. The […]
Security Affairs
Experts released PoC exploit for critical Zoho ManageEngine RCE flaw
Researchers released Proof-of-concept exploit code for remote code execution flaw CVE-2022-47966 impacting multiple Zoho ManageEngine products. The CVE-2022-47966 flaw is an unauthenticated remote code execution vulnerability that impacts multiple Zoho products with SAML SSO enabled in the ManageEngine setup. The issue also impacts products that had the feature enabled in the past. The root cause of […]
Security Affairs
CISA added Zoho ManageEngine RCE (CVE-2022-47966) to its Known Exploited Vulnerabilities Catalog
US CISA added the Zoho ManageEngine RCE vulnerability CVE-2022-47966 to its Known Exploited Vulnerabilities Catalog. The US CISA added the Zoho ManageEngine remote code execution flaw (CVE-2022-47966) to its Known Exploited Vulnerabilities Catalog. The CVE-2022-47966 flaw is an unauthenticated remote code execution vulnerability that impacts multiple Zoho products with SAML SSO enabled in the ManageEngine setup. The […]
Security Affairs
Critical GitHub Enterprise Server Auth Bypass bug. Fix it now!
GitHub addressed a vulnerability in the GitHub Enterprise Server (GHES) that could allow an attacker to bypass authentication.
The Hacker News
Critical GitHub Enterprise Server Flaw Allows Authentication Bypass
A critical vulnerability (CVE-2024-4985) has been discovered in GitHub Enterprise Server, allowing attackers to bypass authentication.
.webp)
Cyber Security News
Critical GitHub Enterprise Server Flaw Allowed Attackers to Bypass Authentication
A critical vulnerability was discovered in the GitHub Enterprise Server that could allow attackers to completely bypass authentication and gain unauthorized access to repositories and sensitive data.
Infosecurity News
Researchers Warn Against Zoho ManageEngine Exploit Attacks
Horizon3.ai researcher James Horseman said the team has successfully reproduced the exploit
Infosecurity News
GitHub Fixes Maximum Severity Flaw in Enterprise Server
A newly patched GitHub Enterprise Server bug has a CVSS score of 10
The Hacker News
Zoho ManageEngine PoC Exploit to be Released Soon - Patch Before It's Too Late!
Zoho ManageEngine users, patch your instances now to avoid falling victim to a critical security vulnerability. Researchers are about to release a PoC
SecurityWeek
Researchers: Brace for Zoho ManageEngine 'Spray and Pray' Attacks
Red teamers tracking a known pre-authentication remote code execution vulnerability in Zoho’s ManageEngine products are warning organizations to brace for “spray and pray” attacks across the internet.
SecurityWeek
Critical Authentication Bypass Resolved in GitHub Enterprise Server
Critical vulnerability in GitHub Enterprise Server allows unauthenticated attackers to obtain administrative privileges.
CSO
Attackers exploiting critical flaw in many Zoho ManageEngine products
The ManageEngine vulnerability is easy to exploit and enables remote code execution. Patches are available.
SecurityWeek
In Other News: Google Flaw Exploited, 3D Printers Hacked, WhatsApp Gets NSO Spyware
Unpatched Google vulnerability exploited, 3D printers hacked by white hats, WhatsApp will get NSO Group spyware.
Bleeping Computer
Hackers exploit critical Citrix ADC and Gateway zero day, patch now
Citrix strongly urges admins to apply security updates for an 'Critical' zero-day vulnerability (CVE-2022-27518) in Citrix ADC and Gateway that is actively exploited by state-sponsored hackers to gain access to corporate networks.
Cyber Security News
Hackers Exploit Citrix ADC and Citrix Gateway Zero-day Vulnerability to Gain Access to Corporate Networks
The Citrix Gateway and Citrix ADC both contain vulnerabilities that have been discovered recently. In short, there is a critical zero-day vulnerability identified as "CVE-2022-27518" by Citrix in both of its products that we have mentioned above, which should be fixed immediately by administrators.
Security Affairs
Cisco addressed severe flaws in its Secure Client
Cisco addressed two high-severity flaws in Secure Client that could lead to code execution and unauthorized remote access VPN sessions
Security Affairs
Citrix and NSA urge admins to fix actively exploited zero-day in Citrix ADC and Gateway
Citrix urges customers to update their installs to fix actively exploited zero-day (CVE-2022-27518) in Citrix ADC and Gateway. Citrix urges administrators to apply security updates for a zero-day vulnerability, tracked as CVE-2022-27518, in Citrix ADC and Gateway. The vulnerability is actively exploited by China-linked threat actors to gain access to target networks. “We are aware […]
Bleeping Computer
CISA warns of actively exploited vulnerabilities in Zabbix servers
A notification from the U.S. Cybersecurity Infrastructure and Security Agency (CISA) warns that threat actors are exploiting vulnerabilities in Zabbix open-source tool for monitoring networks, servers, virtual machines, and cloud services.
Bleeping Computer
Cisco Catalyst SD-WAN Manager flaw allows remote server access
Cisco is warning of five new Catalyst SD-WAN Manager products vulnerabilities with the most critical allowing unauthenticated remote access to the server.
The Hacker News
Hackers Actively Exploiting Citrix ADC and Gateway Zero-Day Vulnerability
Warning: APT5 hackers are exploiting a new critical zero-day RCE vulnerability (CVE-2022-27518) in Citrix ADC and Gateway.
ZDNet
Zabbix vulnerabilities added to CISA catalog | ZDNet
The vulnerabilities have a remediation date of March 8.
SecurityWeek
Ivanti Vulnerability Exploited to Deliver New 'DSLog' Backdoor
Backdoor deployed using recent Ivanti VPN vulnerability enables command execution, web request and system log theft.
HACKRead
Ivanti VPN Flaws Exploited by DSLog Backdoor and Crypto Miners
too Hackread.com has been following the exploitation of 0-day vulnerabilities in Ivanti VPN devices and the latest backdoor exploit raises alarm.
Cyber Security News
VMware Workspace Flaw Let Attacker Redirect User to Malicious Source
An open redirect vulnerability in the VMware Workspace ONE UEM console has been identified as CVE-2023-20886.
Bleeping Computer
Exploit released for critical ManageEngine RCE bug, patch now
Proof-of-concept exploit code is now available for a remote code execution (RCE) vulnerability in multiple Zoho ManageEngine products.
Bleeping Computer
Hackers exploit Ivanti SSRF flaw to deploy new DSLog backdoor
Hackers are exploiting a server-side request forgery (SSRF) vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy the new DSLog backdoor on vulnerable devices.
SecurityWeek
Microsoft Details New Post-Compromise Malware Used by Russian Cyberspies
Microsoft has shared technical details on APT29’s MagicWeb, a post-exploitation tool facilitating data collection and covert access.
CyberSecurity Dive
Ivanti Connect Secure hackers hide in plain sight, evading protections
Mandiant researchers estimate thousands of devices have been exploited, and are urging users to check their systems with a newly updated tool.
Cyber Security News
Hackers Exploiting Ivanti SSRF Flaw to Inject DSLog Malware
Ivanti Connect Secure was previously discovered with another SSRF vulnerability that could allow unauthenticated threat actors.
The Hacker News
Five Eyes Agencies Warn of Active Exploitation of Ivanti Gateway Vulnerabilities
Five Eyes intelligence alliance issued a cybersecurity advisory concerning cyber threat actors exploiting known vulnerabilities in Ivanti.
The Hacker News
CISA Warns for Flaws Affecting Industrial Control Systems from Major Manufacturers
CISA has issued a warning about significant security weaknesses found in products from Industrial Control Systems (ICS) manufacturers.
Infosecurity News
Latest Ivanti Zero Day Exploited By Scores of IPs
Shadowserver Foundation spots 170 distinct IP addresses trying to exploit Ivanti zero-day CVE-2024-21893
Bleeping Computer
GitLab security update fixes critical account take over flaw
GitLab has released a critical security update for multiple versions of its Community and Enterprise Edition products to address eight vulnerabilities, one of which allows account takeover.
SecurityWeek
Exploitation of Another Ivanti VPN Vulnerability Observed
Organizations urged to hunt for potential compromise as exploitation of a recent Ivanti enterprise VPN vulnerability begins.
Cyber Security News
7 Convincing Reasons to Replace Your VPN for ZTNA
Network security has always been about securing employees on site. IT admins never had to worry about the term “remote access” until the pandemic occurred. Since then, organizations have moved their resources into the cloud and have had to rethink the way they granted access.
Cyber Security News
Top 7 Convincing Reasons to Replace Your VPN for ZTNA
Network security has always been about securing employees on site. IT admins never had to worry about the term “remote access” until the pandemic occurred. Since then, organizations have moved their resources into the cloud and have had to rethink the way they granted access. 39% of workers use their personal devices to access corporate […]
The Hacker News
PoC Exploit Released for Critical VMware Aria's SSH Auth Bypass Vulnerability
Exploit code now available for critical SSH authentication bypass flaw in VMware Aria Operations for Networks.
HACKRead
Cisco Fixes High-Severity Code Execution and VPN Hijacking Flaws
Network equipment giant Cisco has addressed security flaws impacting its Secure Client enterprise VPN application and endpoint security solutions.
Bleeping Computer
Microsoft: Nobelium uses custom malware to backdoor Windows domains
Microsoft has discovered new malware used by the Nobelium hacking group to deploy additional payloads and steal sensitive info from Active Directory Federation Services (AD FS) servers.
SecurityWeek
NSA Outs Chinese Hackers Exploiting Citrix Zero-Day
Citrix ships an emergency patch to cover a pre-auth code execution flaw in network appliances and the NSA blames a Chinese hacking group for zero-day exploitation.
The Hacker News
How Attackers Can Own a Business Without Touching the Endpoint
How attackers are hacking organizations without touching the endpoint by targeting cloud identities.
SecurityWeek
CISA Warns of Attacks Exploiting Recent Vulnerabilities in Zabbix Monitoring Tool
CISA has expanded its Known Exploited Vulnerabilities Catalog with two critical flaws in the Zabbix enterprise monitoring solution.
CSO
Proficio launches detection and response service to tackle identity-based threats
MDR firm claims solution is the industry’s only vendor-agnostic open XDR solution that supports identity threat detection and response.
Bleeping Computer
Researchers to release PoC exploit for critical ManageEngine RCE bug, patch now
Proof-of-concept exploit code will be released later this week for a critical vulnerability allowing remote code execution (RCE) without authentication in several Zoho ManageEngine products.
CSO
Facebook tops security ratings among social networks
Enterprise-grade authentication remains an Achilles heel of the social media world, but security is improving in other areas, according to a report by access management provider Cerby.
Bleeping Computer
Researchers to release PoC exploit for critical Zoho RCE bug, patch now
Proof-of-concept exploit code will be released later this week for a critical vulnerability allowing remote code execution (RCE) without authentication in several VMware products.
DarkReading
Efficient 'MagicWeb' Malware Subverts AD FS Authentication, Microsoft Warns
The Russia-backed Nobelium APT has pioneered a post-exploitation tool allowing attackers to authenticate as any user.
DarkReading
Microsoft: 'Peach Sandstorm' Cyberattacks Target Defense, Pharmaceutical Orgs
For months, the Iran-backed APT has carried out waves of password spray attacks attempting to authenticate to thousands of environments across multiple targets worldwide.
SecurityWeek
After Delays, Ivanti Patches Zero-Days and Confirms New Exploit
Ivanti documented a new zero-day and belatedly ships patches; Mandiant is reporting "broad exploitation activity" against the vulnerabilities
The Hacker News
GitLab Issues Security Patch for Critical Account Takeover Vulnerability
GitLab releases security patch for critical Account Takeover vulnerability CVE-2022-1680.
ThreatPost
Convergence Ahoy: Get Ready for Cloud-Based Ransomware
Oliver Tavakoli, CTO at Vectra AI, takes us inside the coming nexus of ransomware, supply-chain attacks and cloud deployments.
SecurityWeek
ICS Patch Tuesday: Siemens, Schneider Electric Fix High-Severity Vulnerabilities
ICS Patch Tuesday: Siemens and Schneider Electric have patched dozens of vulnerabilities affecting their products.
Security Affairs
Critical CVE-2022-1162 flaw in GitLab allowed threat actors to take over accounts
GitLab has addressed a critical vulnerability, tracked as CVE-2022-1162 (CVSS score of 9.1), that could allow remote attackers to take over user accounts. The CVE-2022-1162 vulnerability is related to the set of hardcoded static passwords during OmniAuth-based registration in GitLab CE/EE. “A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, […]
The Hacker News
CISA Alerts on Actively Exploited Flaws in Zabbix Network Monitoring Platform
U.S. cybersecurity agency CISA is warning companies about two actively exploited vulnerabilities affecting the widely used open-source Zabbix platform
The Hacker News
Warning: New Ivanti Auth Bypass Flaw Affects Connect Secure and ZTA Gateways
Ivanti's latest security advisory unveils a high-severity flaw (CVE-2024-22024) affecting Connect Secure, Policy Secure, and ZTA.
Security Affairs
Five Eyes alliance warns of attacks exploiting known Ivanti Gateway flaws
The Five Eyes alliance warns of threat actors exploiting known security flaws in Ivanti Connect Secure and Ivanti Policy Secure gateways.
The Hacker News
GitLab Releases Patch for Critical Vulnerability That Could Let Attackers Hijack Accounts
DevOps platform GitLab has released software updates to fix a critical vulnerability that could allow attackers to hijack accounts.
SecurityWeek
New Identity Verification Feature Boosts Google Workspace Protections
Google this week announced a new Google Workspace capability meant to prevent unauthorized sensitive changes to user accounts.
Bleeping Computer
Critical GitLab vulnerability lets attackers take over accounts
GitLab has addressed a critical severity vulnerability that could allow remote attackers to take over user accounts using hardcoded passwords.
Latest Hacking News
Multiple Vulnerabilities Found In Zabbix IT Monitoring Platform
The Zabbix vulnerabilities also include a critical bug that could allow arbitrary code execution. Zabbix maintainers have patched the flaws.
The Hacker News
Alert: Ivanti Discloses 2 New Zero-Day Flaws, One Under Active Exploitation
Two high-severity vulnerabilities found in Ivanti's Connect Secure, Policy Secure, and Neurons for ZTA.
The Hacker News
Cisco Issues Patch for High-Severity VPN Hijacking Bug in Secure Client
Cisco patches critical flaw in Secure Client software. Update NOW to prevent attackers from hijacking your VPN sessions.
Security Affairs
GitLab addressed critical account take over via SCIM email change
GitLab addresses a critical security vulnerability, tracked as CVE-2022-1680, that could be exploited by an attacker to take over users’ accounts. GitLab has fixed a critical security flaw in its GitLab Enterprise Edition (EE), tracked as CVE-2022-1680 (CVSS score 9.9), that could be exploited to take over an account. The vulnerability impacts all versions starting […]
SecurityWeek
Over 20,000 Citrix Appliances Vulnerable to New Exploit
Over 20,000 appliances are vulnerable to a new exploit technique targeting a recent Citrix ADC zero-day vulnerability CVE-2023-3519.
Bleeping Computer
Cisco urges admins to fix IOS software zero-day exploited in attacks
Cisco warned customers on Wednesday to patch a zero-day IOS and IOS XE software vulnerability targeted by attackers in the wild.
Bleeping Computer
Ivanti: Patch new Connect Secure auth bypass bug immediately
Today, Ivanti warned of a new authentication bypass vulnerability impacting Connect Secure, Policy Secure, and ZTA gateways, urging admins to secure their appliances immediately.
Infosecurity News
Microsoft Attributes New Post-Compromise Capability to Nobelium
MagicWeb improves on FoggyWeb by facilitating covert access directly via a malicious DLL
Security Affairs
Ivanti warns of a new auth bypass flaw in its Connect Secure, Policy Secure, and ZTA gateway devices
Ivanti warns customers of a new authentication bypass vulnerability in its Connect Secure, Policy Secure, and ZTA gateway devices.
Latest Hacking News
Two Ivanti Zero-Day Vulnerabilities Demand Immediate User Attention
Ivanti has warned all Connect Secure and Policy Secure users to immediately update their systems with the latest versions as two new zero-day vulnerabilities receive patches. The firm admitted detecting active exploitation of one of
Security Affairs
Ivanti warns of a new actively exploited zero-day
Ivanti warns of two new vulnerabilities in its Connect Secure and Policy Secure products, one of which is actively exploited in the wild.
Latest Hacking News
Ivanti Patched Another Vulnerability While The Former Went Under Attack
While the patches have been released, Ivanti users must rush to update their systems with the latest versions to avoid trouble. That’s because Ivanti addressed another serious vulnerability in Connect Secure VPN while the previously
SecurityWeek
Ivanti Patches High-Severity Vulnerability in VPN Appliances
An XXE flaw in Ivanti Connect Secure, Ivanti Policy Secure, and ZTA gateways could lead to unauthenticated access to resources.
SecurityWeek
New Relic Says Hackers Accessed Internal Environment Using Stolen Credentials
New Relic said hackers gained access to the environment using social engineering and stolen credentials for an employee account.
HACKRead
Chained Exploits, Stolen VPN Access: Hackers Target Ivanti Users Despite Patches
The zero-day vulnerability, CVE-2024-21893 (CVSS score 8.2), disclosed by Ivanti on 31 January 2024, is now being actively exploited in the wild.
The Hacker News
Recent SSRF Flaw in Ivanti VPN Products Undergoes Mass Exploitation
A recently disclosed SSRF vulnerability (CVE-2024-21893) in Ivanti Connect Secure and Policy Secure products is now under mass exploitation.
CyberSecurity Dive
Slack enhances platform security amid rapid expansion and heightened risk
The enterprise messaging platform has faced increased customer concerns about security and privacy.
Bleeping Computer
Google now blocks Workspace account hijacking attempts automatically
Google Workspace (formerly G Suite) now comes with stronger protections for risky account actions, automatically blocking hijacking attempts with identity verification prompts and logging them for further investigation.
Security Affairs
CISA adds two Zabbix flaws to its Known Exploited Vulnerabilities Catalog
US CISA added two flaws impacting Zabbix infrastructure monitoring tool to its Known Exploited Vulnerabilities Catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added two new vulnerabilities impacting the Zabbix infrastructure monitoring tool to its Known Exploited Vulnerabilities Catalog. Threat actors are actively exploiting the two vulnerabilities that are reported in the following table: CVE ID Vulnerability Name Due […]
Security Affairs
Experts warn of a surge of attacks targeting Ivanti SSRF flaw
The Ivanti SSRF vulnerability tracked as CVE-2024-21893 is actively exploited in attacks in the wild by multiple threat actors.
Bleeping Computer
CISA warns of critical ManageEngine RCE bug exploited in attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has added a remote code execution (RCE) affecting most Zoho ManageEngine products to its catalog of bugs known to be exploited in the wild.
Bleeping Computer
Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks
IT security software company Ivanti has released patches to fix multiple security vulnerabilities impacting its Connect Secure and Policy Secure gateways.
SecurityWeek
Cisco Patches 27 Vulnerabilities in Network Security Products
Cisco has released software updates to address 27 vulnerabilities in Cisco ASA, FMC, and FTD security products.
Bleeping Computer
Microsoft releases SimuLand, a test lab for simulated cyberattacks
Microsoft has released SimuLand, an open-source lab environment to help test and improve Microsoft 365 Defender, Azure Defender, and Azure Sentinel defenses against real attack scenarios.
Cyber Security News
10 Best Single Sign-On Solutions - 2023
BEST Single Sign-on Solutions (SSO): 1. IBM Security Access Manager 2. RSA SecurID 3. Cisco Secure Access by Duo 4. OneLogin Single Sign-On.
Security Affairs
Hackers are actively exploiting CVE-2022-47966 flaw in Zoho ManageEngine
Experts warn of threat actors actively exploiting the critical CVE-2022-47966 (CVSS score: 9.8) flaw in Zoho ManageEngine. Multiple threat actors are actively exploiting the Zoho ManageEngine CVE-2022-47966 (CVSS score: 9.8) in attacks in the wild, Bitdefender Labs reported. “Starting on January 20 2023, Bitdefender Labs started to notice a global increase in attacks using the ManageEngine exploit CVE-2022-47966.” reads the […]
Bleeping Computer
Over 13,000 Ivanti gateways vulnerable to actively exploited bugs
Thousands of Ivanti Connect Secure and Policy Secure endpoints remain vulnerable to multiple security issues first disclosed more than a month ago and which the vendor gradually patched.
The Hacker News
Ivanti Vulnerability Exploited to Install 'DSLog' Backdoor on 670+ IT Infrastructures
Threat actors exploit Ivanti security flaw to deploy a stealthy backdoor! Learn how CVE-2024-21893 puts your devices at risk.
SecurityWeek
2023 ICS Patch Tuesday Debuts With 12 Security Advisories From Siemens, Schneider
The first round of ICS Patch Tuesday security advisories from Siemens and Schneider Electric address a total of 27 vulnerabilities.
SecurityWeek
Cisco Warns of IOS Software Zero-Day Exploitation Attempts
Cisco has released patches for vulnerability in the GET VPN feature of IOS and IOS XE software that has been exploited in attacks.
Bleeping Computer
Newest Ivanti SSRF zero-day now under mass exploitation
An Ivanti Connect Secure and Ivanti Policy Secure server-side request forgery (SSRF) vulnerability tracked as CVE-2024-21893 is currently under mass exploitation by multiple attackers.
The Hacker News
Iranian Nation-State Actors Employ Password Spray Attacks Targeting Multiple Sectors
Microsoft reveals Iranian nation-state actors' password spray attacks targeting the satellite, defense, and pharmaceutical sectors globally.
The Hacker News
Ivanti Rushes Patches for 4 New Flaw in Connect Secure and Policy Secure
Ivanti has released updates addressing 4 critical flaws in Connect Secure and Policy Secure Gateways. Vulnerabilities could lead to code execution.
Loading more articles....