Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

Session Hijacking 2.0 — The Latest Way That Attackers are Bypassing MFA

Attackers are increasingly turning to session hijacking to get around widespread MFA adoption. The data supports this, as: 147,000 token replay attacks were detected by Microsoft in 2023, a 111% increase year-over-year (Microsoft).  Attacks on session cookies now happen in the same order of magnitude as password-based attacks (Google). But session hijacking isn’t a new technique – so

The Hacker News
Open in Source
#xss#vulnerability#web#google#microsoft#git#java#auth#The Hacker News
A Hacker's Era: Why Microsoft 365 Protection Reigns Supreme

Imagine a sophisticated cyberattack cripples your organization’s most critical productivity and collaboration tool — the platform you rely on for daily operations. In the blink of an eye, hackers encrypt your emails, files, and crucial business data stored in Microsoft 365, holding it hostage using ransomware. Productivity grinds to a halt and your IT team races to assess the damage as the clock

The Pig Butchering Invasion Has Begun

Scamming operations that once originated in Southeast Asia are now proliferating around the world, likely raking in billions of dollars in the process.

GHSA-jq3f-mfmg-747x: Eclipse Glassfish improperly handles http parameters

In Eclipse Glassfish versions before 7.0.17, the Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is `/management/domain`. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.

A week in security (September 23 – September 29)

A list of topics we covered in the week of September 23 to September 29 of 2024

The US Could Finally Ban Inane Forced Password Changes

Plus: The US Justice Department indicts three Iranians over Trump campaign hack, EU regulators fine Meta $100 million for a password security lapse, and the Tor Project enters a new phase.

U.S. Charges Three Iranian Nationals for Election Interference and Cybercrimes

U.S. federal prosecutors on Friday unsealed criminal charges against three Iranian nationals who are allegedly employed with the Islamic Revolutionary Guard Corps (IRGC) for their targeting of current and former officials to steal sensitive data. The Department of Justice (DoJ) accused Masoud Jalili, 36, Seyyed Ali Aghamiri, 34, and Yasar (Yaser) Balaghi, 37, of participating in a conspiracy

Backdoor.Win32.Benju.a MVID-2024-0700 Remote Command Execution

Backdoor.Win32.Benju.a malware suffers from a remote command execution vulnerability. This is the 700th release of a malvuln finding.

Backdoor.Win32.Amatu.a MVID-2024-0698 Arbitrary File Write

Backdoor.Win32.Amatu.a malware suffers from a remote arbitrary file write vulnerability.