Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass

Cybersecurity researchers have detailed a new adversary-in-the-middle (AitM) phishing kit that's capable of Microsoft 365 accounts with an aim to steal credentials and two-factor authentication (2FA) codes since at least October 2024. The nascent phishing kit has been dubbed Sneaky 2FA by French cybersecurity company Sekoia, which detected it in the wild in December. Nearly 100 domains hosting

The Hacker News
Open in Source
#microsoft#auth#The Hacker News
Researchers Warn of NTLMv1 Bypass in Active Directory Policy

Silverfort has discovered that a misconfiguration can bypass an Active Directory Group Policy designed to disable NTLMv1, allowing…

Russian APT Phishes Kazakh Gov't for Strategic Intel

A highly targeted cyber-intelligence campaign adds fuel to the increasingly complex relationship between the two former Soviet states.

GHSA-8vq4-8hfp-29xh: Eugeny Tabby Sends Password Despite Host Key Verification Failure

An issue in Eugeny Tabby 1.0.213 allows a remote attacker to obtain sensitive information via the server and sends the SSH username and password even when the host key verification fails.

Passwords: a thin line between love and hate

Unless you have been gifted with a photographic memory, this is likely going to sound very familiar. Picture it: You’re away from your desk and you need to access one of your apps from your phone. You attempt to sign in and get the dreaded message: “the username and password entered do not match our records.” Thus begins the time-consuming process of requesting a password reset, including coming up with a new password that doesn’t match something you’ve already used in the past. Despite the frustration you feel, passwords have been the cornerstone of keeping our online data secure fo

Biden's Cybersecurity EO Leaves Trump a Comprehensive Blueprint for Defense

New order mandates securing the federal software supply chain and communications networks, as well as deploying AI tools to protect critical infrastructure from cyberattacks — but will the Trump administration follow through?

GHSA-4ff6-858j-r822: Gomatrixserverlib Server-Side Request Forgery (SSRF) on redirects and federation

### Impact Gomatrixserverlib is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. ### Patches c4f1e01eab0dd435709ad15463ed38a079ad6128 fixes this issue. ### Workarounds Use a local firewall to limit the network segments and hosts the service using gomatrixserverlib can access. ### References N/A

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

Residents across the United States are being inundated with text messages purporting to come from toll road operators like E-ZPass, warning that recipients face fines if a delinquent toll fee remains unpaid. Researchers say the surge in SMS spam coincides with new features added to a popular commercial phishing kit sold in China that makes it simple to set up convincing lures spoofing toll road operators in multiple U.S. states.