Infosecurity News
Mend.io SAML Vulnerability Exposed
SAML flaw in enabled rogue customers to access others’ SaaS data
Infosecurity News
SAML flaw in enabled rogue customers to access others’ SaaS data
The Hacker News
Researchers have disclosed a new attack technique, "Silver SAML," targeting applications that use cloud identity providers such as Microsoft Entra ID.
DarkReading
A successor to the "Golden SAML" tactic used in the SolarWinds campaign, this new technique taps SAML response forgery to gain illegitimate access to apps and services.
CSO
SAML authentication certificates, generated with tools other than dedicated cloud identity solutions, can be forged by hackers, according to a new proof of concept.
Bleeping Computer
GitHub has fixed a maximum severity (CVSS v4 score: 10.0) authentication bypass vulnerability tracked as CVE-2024-4986, which impacts GitHub Enterprise Server (GHES) instances using SAML single sign-on (SSO) authentication.
DarkReading
The max-severity bug affects versions using the SAML single sign-on mechanism.
The Cyber Express
Thousands of GitHub Enterprise Server (GHES) instances in the United States using SAML single sign-on (SSO) authentication are at high
DarkReading
A SAML vulnerability in Ivanti appliances has led to persistent remote access and full control for opportunistic cyberattackers.
Security Affairs
A PoC exploit code for the unauthenticated remote code execution vulnerability CVE-2022-47966 in Zoho ManageEngine will be released soon. The CVE-2022-47966 flaw is an unauthenticated remote code execution vulnerability that impacts multiple Zoho products with SAML SSO enabled in the ManageEngine setup. The issue also impacts products that had the feature enabled in the past. The […]
Security Affairs
Researchers released Proof-of-concept exploit code for remote code execution flaw CVE-2022-47966 impacting multiple Zoho ManageEngine products. The CVE-2022-47966 flaw is an unauthenticated remote code execution vulnerability that impacts multiple Zoho products with SAML SSO enabled in the ManageEngine setup. The issue also impacts products that had the feature enabled in the past. The root cause of […]
Security Affairs
US CISA added the Zoho ManageEngine RCE vulnerability CVE-2022-47966 to its Known Exploited Vulnerabilities Catalog. The US CISA added the Zoho ManageEngine remote code execution flaw (CVE-2022-47966) to its Known Exploited Vulnerabilities Catalog. The CVE-2022-47966 flaw is an unauthenticated remote code execution vulnerability that impacts multiple Zoho products with SAML SSO enabled in the ManageEngine setup. The […]
Security Affairs
GitHub addressed a vulnerability in the GitHub Enterprise Server (GHES) that could allow an attacker to bypass authentication.
The Hacker News
A critical vulnerability (CVE-2024-4985) has been discovered in GitHub Enterprise Server, allowing attackers to bypass authentication.
Cyber Security News
A critical vulnerability was discovered in the GitHub Enterprise Server that could allow attackers to completely bypass authentication and gain unauthorized access to repositories and sensitive data.
Infosecurity News
Horizon3.ai researcher James Horseman said the team has successfully reproduced the exploit
Infosecurity News
A newly patched GitHub Enterprise Server bug has a CVSS score of 10
The Hacker News
Zoho ManageEngine users, patch your instances now to avoid falling victim to a critical security vulnerability. Researchers are about to release a PoC
SecurityWeek
Red teamers tracking a known pre-authentication remote code execution vulnerability in Zoho’s ManageEngine products are warning organizations to brace for “spray and pray” attacks across the internet.
SecurityWeek
Critical vulnerability in GitHub Enterprise Server allows unauthenticated attackers to obtain administrative privileges.
CSO
The ManageEngine vulnerability is easy to exploit and enables remote code execution. Patches are available.
SecurityWeek
Unpatched Google vulnerability exploited, 3D printers hacked by white hats, WhatsApp will get NSO Group spyware.
Bleeping Computer
Citrix strongly urges admins to apply security updates for an 'Critical' zero-day vulnerability (CVE-2022-27518) in Citrix ADC and Gateway that is actively exploited by state-sponsored hackers to gain access to corporate networks.
Cyber Security News
The Citrix Gateway and Citrix ADC both contain vulnerabilities that have been discovered recently. In short, there is a critical zero-day vulnerability identified as "CVE-2022-27518" by Citrix in both of its products that we have mentioned above, which should be fixed immediately by administrators.
Security Affairs
Cisco addressed two high-severity flaws in Secure Client that could lead to code execution and unauthorized remote access VPN sessions
Security Affairs
Citrix urges customers to update their installs to fix actively exploited zero-day (CVE-2022-27518) in Citrix ADC and Gateway. Citrix urges administrators to apply security updates for a zero-day vulnerability, tracked as CVE-2022-27518, in Citrix ADC and Gateway. The vulnerability is actively exploited by China-linked threat actors to gain access to target networks. “We are aware […]
Bleeping Computer
A notification from the U.S. Cybersecurity Infrastructure and Security Agency (CISA) warns that threat actors are exploiting vulnerabilities in Zabbix open-source tool for monitoring networks, servers, virtual machines, and cloud services.
Bleeping Computer
Cisco is warning of five new Catalyst SD-WAN Manager products vulnerabilities with the most critical allowing unauthenticated remote access to the server.
The Hacker News
Warning: APT5 hackers are exploiting a new critical zero-day RCE vulnerability (CVE-2022-27518) in Citrix ADC and Gateway.
ZDNet
The vulnerabilities have a remediation date of March 8.
SecurityWeek
Backdoor deployed using recent Ivanti VPN vulnerability enables command execution, web request and system log theft.
HACKRead
too Hackread.com has been following the exploitation of 0-day vulnerabilities in Ivanti VPN devices and the latest backdoor exploit raises alarm.
Cyber Security News
An open redirect vulnerability in the VMware Workspace ONE UEM console has been identified as CVE-2023-20886.
Bleeping Computer
Proof-of-concept exploit code is now available for a remote code execution (RCE) vulnerability in multiple Zoho ManageEngine products.
Bleeping Computer
Hackers are exploiting a server-side request forgery (SSRF) vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy the new DSLog backdoor on vulnerable devices.
SecurityWeek
Microsoft has shared technical details on APT29’s MagicWeb, a post-exploitation tool facilitating data collection and covert access.
CyberSecurity Dive
Mandiant researchers estimate thousands of devices have been exploited, and are urging users to check their systems with a newly updated tool.
Cyber Security News
Ivanti Connect Secure was previously discovered with another SSRF vulnerability that could allow unauthenticated threat actors.
The Hacker News
Five Eyes intelligence alliance issued a cybersecurity advisory concerning cyber threat actors exploiting known vulnerabilities in Ivanti.
The Hacker News
CISA has issued a warning about significant security weaknesses found in products from Industrial Control Systems (ICS) manufacturers.
Infosecurity News
Shadowserver Foundation spots 170 distinct IP addresses trying to exploit Ivanti zero-day CVE-2024-21893
Bleeping Computer
GitLab has released a critical security update for multiple versions of its Community and Enterprise Edition products to address eight vulnerabilities, one of which allows account takeover.
SecurityWeek
Organizations urged to hunt for potential compromise as exploitation of a recent Ivanti enterprise VPN vulnerability begins.
Cyber Security News
Network security has always been about securing employees on site. IT admins never had to worry about the term “remote access” until the pandemic occurred. Since then, organizations have moved their resources into the cloud and have had to rethink the way they granted access.
Cyber Security News
Network security has always been about securing employees on site. IT admins never had to worry about the term “remote access” until the pandemic occurred. Since then, organizations have moved their resources into the cloud and have had to rethink the way they granted access. 39% of workers use their personal devices to access corporate […]
The Hacker News
Exploit code now available for critical SSH authentication bypass flaw in VMware Aria Operations for Networks.
HACKRead
Network equipment giant Cisco has addressed security flaws impacting its Secure Client enterprise VPN application and endpoint security solutions.
Bleeping Computer
Microsoft has discovered new malware used by the Nobelium hacking group to deploy additional payloads and steal sensitive info from Active Directory Federation Services (AD FS) servers.
SecurityWeek
Citrix ships an emergency patch to cover a pre-auth code execution flaw in network appliances and the NSA blames a Chinese hacking group for zero-day exploitation.
The Hacker News
How attackers are hacking organizations without touching the endpoint by targeting cloud identities.
SecurityWeek
CISA has expanded its Known Exploited Vulnerabilities Catalog with two critical flaws in the Zabbix enterprise monitoring solution.
CSO
MDR firm claims solution is the industry’s only vendor-agnostic open XDR solution that supports identity threat detection and response.
Bleeping Computer
Proof-of-concept exploit code will be released later this week for a critical vulnerability allowing remote code execution (RCE) without authentication in several Zoho ManageEngine products.
CSO
Enterprise-grade authentication remains an Achilles heel of the social media world, but security is improving in other areas, according to a report by access management provider Cerby.
Bleeping Computer
Proof-of-concept exploit code will be released later this week for a critical vulnerability allowing remote code execution (RCE) without authentication in several VMware products.
DarkReading
The Russia-backed Nobelium APT has pioneered a post-exploitation tool allowing attackers to authenticate as any user.
DarkReading
For months, the Iran-backed APT has carried out waves of password spray attacks attempting to authenticate to thousands of environments across multiple targets worldwide.
SecurityWeek
Ivanti documented a new zero-day and belatedly ships patches; Mandiant is reporting "broad exploitation activity" against the vulnerabilities
The Hacker News
GitLab releases security patch for critical Account Takeover vulnerability CVE-2022-1680.
ThreatPost
Oliver Tavakoli, CTO at Vectra AI, takes us inside the coming nexus of ransomware, supply-chain attacks and cloud deployments.
SecurityWeek
ICS Patch Tuesday: Siemens and Schneider Electric have patched dozens of vulnerabilities affecting their products.
Security Affairs
GitLab has addressed a critical vulnerability, tracked as CVE-2022-1162 (CVSS score of 9.1), that could allow remote attackers to take over user accounts. The CVE-2022-1162 vulnerability is related to the set of hardcoded static passwords during OmniAuth-based registration in GitLab CE/EE. “A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, […]
The Hacker News
U.S. cybersecurity agency CISA is warning companies about two actively exploited vulnerabilities affecting the widely used open-source Zabbix platform
The Hacker News
Ivanti's latest security advisory unveils a high-severity flaw (CVE-2024-22024) affecting Connect Secure, Policy Secure, and ZTA.
Security Affairs
The Five Eyes alliance warns of threat actors exploiting known security flaws in Ivanti Connect Secure and Ivanti Policy Secure gateways.
The Hacker News
DevOps platform GitLab has released software updates to fix a critical vulnerability that could allow attackers to hijack accounts.
SecurityWeek
Google this week announced a new Google Workspace capability meant to prevent unauthorized sensitive changes to user accounts.
Bleeping Computer
GitLab has addressed a critical severity vulnerability that could allow remote attackers to take over user accounts using hardcoded passwords.
Latest Hacking News
The Zabbix vulnerabilities also include a critical bug that could allow arbitrary code execution. Zabbix maintainers have patched the flaws.
The Hacker News
Two high-severity vulnerabilities found in Ivanti's Connect Secure, Policy Secure, and Neurons for ZTA.
The Hacker News
Cisco patches critical flaw in Secure Client software. Update NOW to prevent attackers from hijacking your VPN sessions.
Security Affairs
GitLab addresses a critical security vulnerability, tracked as CVE-2022-1680, that could be exploited by an attacker to take over users’ accounts. GitLab has fixed a critical security flaw in its GitLab Enterprise Edition (EE), tracked as CVE-2022-1680 (CVSS score 9.9), that could be exploited to take over an account. The vulnerability impacts all versions starting […]
SecurityWeek
Over 20,000 appliances are vulnerable to a new exploit technique targeting a recent Citrix ADC zero-day vulnerability CVE-2023-3519.
Bleeping Computer
Cisco warned customers on Wednesday to patch a zero-day IOS and IOS XE software vulnerability targeted by attackers in the wild.
Bleeping Computer
Today, Ivanti warned of a new authentication bypass vulnerability impacting Connect Secure, Policy Secure, and ZTA gateways, urging admins to secure their appliances immediately.
Infosecurity News
MagicWeb improves on FoggyWeb by facilitating covert access directly via a malicious DLL
Security Affairs
Ivanti warns customers of a new authentication bypass vulnerability in its Connect Secure, Policy Secure, and ZTA gateway devices.
Latest Hacking News
Ivanti has warned all Connect Secure and Policy Secure users to immediately update their systems with the latest versions as two new zero-day vulnerabilities receive patches. The firm admitted detecting active exploitation of one of
Security Affairs
Ivanti warns of two new vulnerabilities in its Connect Secure and Policy Secure products, one of which is actively exploited in the wild.
Latest Hacking News
While the patches have been released, Ivanti users must rush to update their systems with the latest versions to avoid trouble. That’s because Ivanti addressed another serious vulnerability in Connect Secure VPN while the previously
SecurityWeek
An XXE flaw in Ivanti Connect Secure, Ivanti Policy Secure, and ZTA gateways could lead to unauthenticated access to resources.
SecurityWeek
New Relic said hackers gained access to the environment using social engineering and stolen credentials for an employee account.
HACKRead
The zero-day vulnerability, CVE-2024-21893 (CVSS score 8.2), disclosed by Ivanti on 31 January 2024, is now being actively exploited in the wild.
The Hacker News
A recently disclosed SSRF vulnerability (CVE-2024-21893) in Ivanti Connect Secure and Policy Secure products is now under mass exploitation.
CyberSecurity Dive
The enterprise messaging platform has faced increased customer concerns about security and privacy.
Bleeping Computer
Google Workspace (formerly G Suite) now comes with stronger protections for risky account actions, automatically blocking hijacking attempts with identity verification prompts and logging them for further investigation.
Security Affairs
US CISA added two flaws impacting Zabbix infrastructure monitoring tool to its Known Exploited Vulnerabilities Catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added two new vulnerabilities impacting the Zabbix infrastructure monitoring tool to its Known Exploited Vulnerabilities Catalog. Threat actors are actively exploiting the two vulnerabilities that are reported in the following table: CVE ID Vulnerability Name Due […]
Security Affairs
The Ivanti SSRF vulnerability tracked as CVE-2024-21893 is actively exploited in attacks in the wild by multiple threat actors.
Bleeping Computer
The Cybersecurity and Infrastructure Security Agency (CISA) has added a remote code execution (RCE) affecting most Zoho ManageEngine products to its catalog of bugs known to be exploited in the wild.
Bleeping Computer
IT security software company Ivanti has released patches to fix multiple security vulnerabilities impacting its Connect Secure and Policy Secure gateways.
SecurityWeek
Cisco has released software updates to address 27 vulnerabilities in Cisco ASA, FMC, and FTD security products.
Bleeping Computer
Microsoft has released SimuLand, an open-source lab environment to help test and improve Microsoft 365 Defender, Azure Defender, and Azure Sentinel defenses against real attack scenarios.
Cyber Security News
BEST Single Sign-on Solutions (SSO): 1. IBM Security Access Manager 2. RSA SecurID 3. Cisco Secure Access by Duo 4. OneLogin Single Sign-On.
Security Affairs
Experts warn of threat actors actively exploiting the critical CVE-2022-47966 (CVSS score: 9.8) flaw in Zoho ManageEngine. Multiple threat actors are actively exploiting the Zoho ManageEngine CVE-2022-47966 (CVSS score: 9.8) in attacks in the wild, Bitdefender Labs reported. “Starting on January 20 2023, Bitdefender Labs started to notice a global increase in attacks using the ManageEngine exploit CVE-2022-47966.” reads the […]
Bleeping Computer
Thousands of Ivanti Connect Secure and Policy Secure endpoints remain vulnerable to multiple security issues first disclosed more than a month ago and which the vendor gradually patched.
The Hacker News
Threat actors exploit Ivanti security flaw to deploy a stealthy backdoor! Learn how CVE-2024-21893 puts your devices at risk.
SecurityWeek
The first round of ICS Patch Tuesday security advisories from Siemens and Schneider Electric address a total of 27 vulnerabilities.
SecurityWeek
Cisco has released patches for vulnerability in the GET VPN feature of IOS and IOS XE software that has been exploited in attacks.
Bleeping Computer
An Ivanti Connect Secure and Ivanti Policy Secure server-side request forgery (SSRF) vulnerability tracked as CVE-2024-21893 is currently under mass exploitation by multiple attackers.
The Hacker News
Microsoft reveals Iranian nation-state actors' password spray attacks targeting the satellite, defense, and pharmaceutical sectors globally.
The Hacker News
Ivanti has released updates addressing 4 critical flaws in Connect Secure and Policy Secure Gateways. Vulnerabilities could lead to code execution.
Loading more articles....