Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

Europol Shuts Down Major Phishing Scheme Targeting Mobile Phone Credentials

Law enforcement authorities have announced the takedown of an international criminal network that leveraged a phishing platform to unlock stolen or lost mobile phones. The phishing-as-a-service (PhaaS) platform, called iServer, is estimated to have claimed more than 483,000 victims globally, led by Chile (77,000), Colombia (70,000), Ecuador (42,000), Peru (41,500), Spain (30,000), and Argentina

The Hacker News
Open in Source
#web#android#git#botnet#auth#The Hacker News
Passwordless AND Keyless: The Future of (Privileged) Access Management

In IT environments, some secrets are managed well and some fly under the radar. Here’s a quick checklist of what kinds of secrets companies typically manage, including one type they should manage: Passwords [x] TLS certificates [x] Accounts [x] SSH keys ??? The secrets listed above are typically secured with privileged access management (PAM) solutions or similar. Yet, most traditional PAM

Critical Ivanti Cloud Appliance Vulnerability Exploited in Active Cyberattacks

Ivanti has revealed that a critical security flaw impacting Cloud Service Appliance (CSA) has come under active exploitation in the wild. The new vulnerability, assigned the CVE identifier CVE-2024-8963, carries a CVSS score of 9.4 out of a maximum of 10.0. It was "incidentally addressed" by the company as part of CSA 4.6 Patch 519 and CSA 5.0. "Path Traversal in the Ivanti CSA before 4.6 Patch

North Korean APT Bypasses DMARC Email Policies in Cyber-Espionage Attacks

How the Kimsuky nation-state group and other threat actors are exploiting poor email security — and what organizations can do to defend themselves.

Mastercard's Recorded Future Deal Furthers Its AI Security Goals

Mastercard's $2.65 billion deal to acquire the threat intelligence provider will boost the credit-card company's AI-based cybersecurity protection capabilities.

GitLab Warns of Max Severity Authentication Bypass Bug

Company urges organizations using self-hosting GitLab instances to apply updates for CVE-2024-45409 as soon as possible.

Vice Society Pivots to Inc Ransomware in Healthcare Attack

Inc ransomware — one of the most popular among cybercriminals today — meets healthcare, the industry sector most targeted by RaaS.

Concerns Over Supply Chain Attacks on US Seaports Grow

US ports rely on cranes manufactured by a Chinese state-owned company, many with unmonitored cellular connections, causing cybersecurity concerns.

1 PoC Exploit for Critical RCE Flaw, but 2 Patches From Veeam

The first patch lets threat actors with low-level credentials still exploit the vulnerability, while the second fully resolves the flaw.

GHSA-vvf8-2h68-9475: Keycloak Open Redirect vulnerability

A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.