Security
Headlines
HeadlinesLatestCVEs

Tag

#oauth

5 Ways to Reduce SaaS Security Risks

As technology adoption has shifted to be employee-led, just in time, and from any location or device, IT and security teams have found themselves contending with an ever-sprawling SaaS attack surface, much of which is often unknown or unmanaged. This greatly increases the risk of identity-based threats, and according to a recent report from CrowdStrike, 80% of breaches today use compromised

The Hacker News
#git#aws#oauth#auth#The Hacker News
Google Kubernetes Engine Vulnerabilities Could Allow Cluster Takeover

By Deeba Ahmed An attacker with access to a Kubernetes cluster could chain two vulnerabilities in Google Kubernetes Engine (GKE) to escalate privileges and take over the cluster. This is a post from HackRead.com Read the original post: Google Kubernetes Engine Vulnerabilities Could Allow Cluster Takeover

GHSA-487p-qx68-5vjw: Hail relies on OIDC email claims to verify the validity of a user's domain.

### Impact All Hail Batch clusters are affected. An attacker is able to: 1. Create one or more accounts with Hail Batch without corresponding real accounts in the organization. For example, a user could create a Microsoft or Google account and then change their email to "[email protected]". This Microsoft or Google account can then be used to create a Hail Batch account in Hail Batch clusters whose organization domain is "example.org". In Google, this attack is partially mitigated because Google requires users to verify ownership of their Google account. However, a valid user is able to create multiple distinct Hail Batch accounts by creating multiple distinct Google accounts using email addresses of the form "[email protected]". In Microsoft, this attack requires Azure AD Administrator access to an Azure AD Tenant. The Azure AD Administrator is permitted to change the email address of an account to any other email address without verification. An ...

Malware Leveraging Google Cookie Exploit via OAuth2 Functionality

By Deeba Ahmed Among others, developers of the infamous Lumma, an infostealer malware, are already using the exploit by employing advanced… This is a post from HackRead.com Read the original post: Malware Leveraging Google Cookie Exploit via OAuth2 Functionality

GHSA-9wgg-m99q-hhfc: Expired tokens can be renewed without validating the account password

### Impact In versions of the proxy from `2022-09-05` onwards (since 8c874c2ff3d503ac20c7d32f46e08547fcb9e23f), expired authorisation tokens could be renewed automatically without checking their validity against the original account configuration (i.e., the password that was set up when first configuring the account). An attacker with knowledge of valid account addresses and careful timing (i.e., attempting to log in during a period from 10 minutes prior to the token expiry time, but before a genuine login request is received) could use this issue to gain access to an account. This issue is not a concern if you only use the proxy on a local device. It is also not an issue if you are using the O365 resource owner password credentials grant (ROPCG) flow. If you use the proxy in a publicly-accessible setting (i.e., it is available from the internet or another network), you should upgrade to version [`2023-12-19`](https://github.com/simonrob/email-oauth2-proxy/releases/tag/2023-12-19) i...

GHSA-w8vh-p74j-x9xp: yii2-authclient vulnerable to possible timing attack on string comparison in OAuth1, OAuth2 and OpenID Connect implementation

### Impact _What kind of vulnerability is it? Who is impacted?_ Original Report: > The Oauth1/2 "state" and OpenID Connect "nonce" is vulnerable for a "timing attack" since it's compared via regular string > comparison (instead of `Yii::$app->getSecurity()->compareString()`). Affected Code: 1. OAuth 1 "state" https://github.com/yiisoft/yii2-authclient/blob/0d1c3880f4d79e20aa1d77c012650b54e69695ff/src/OAuth1.php#L158 3. OAuth 2 "state" https://github.com/yiisoft/yii2-authclient/blob/0d1c3880f4d79e20aa1d77c012650b54e69695ff/src/OAuth2.php#L121 4. OpenID Connect "nonce" https://github.com/yiisoft/yii2-authclient/blob/0d1c3880f4d79e20aa1d77c012650b54e69695ff/src/OpenIdConnect.php#L420 ### Patches _Has the problem been patched? What versions should users upgrade to?_ TBD: Replace strcmp with `Yii::$app->getSecurity()->compareString()`). ### Workarounds _Is there a way for users to fix or remediate the vulnerability without upgrading?_ not as far as I see....

GHSA-rw54-6826-c8j5: yiisoft/yii2-authclient's Oauth2 PKCE implementation is vulnerable

### Impact _What kind of vulnerability is it? Who is impacted?_ Original Report: > The Oauth2 PKCE implementation is vulnerable in 2 ways: > 1. The `authCodeVerifier` should be removed after usage (similar to 'authState') > 2. There is a risk for a "downgrade attack" if PKCE is being relied on for CSRF protection. ### Patches _Has the problem been patched? What versions should users upgrade to?_ 2.2.15 ### Workarounds _Is there a way for users to fix or remediate the vulnerability without upgrading?_ not known yet. ### References _Are there any links users can visit to find out more?_

Microsoft Warns of Storm-0539: The Rising Threat Behind Holiday Gift Card Frauds

Microsoft is warning of an uptick in malicious activity from an emerging threat cluster it's tracking as Storm-0539 for orchestrating gift card fraud and theft via highly sophisticated email and SMS phishing attacks against retail entities during the holiday shopping season. The goal of the attacks is to propagate booby-trapped links that direct victims to adversary-in-the-middle (AiTM

Microsoft Busts Black Market for 100s of Millions of Fraudulent Accounts

By Deeba Ahmed The internet's underbelly is thriving on stolen identities and fake accounts, fueling mass phishing campaigns, identity theft rings, and DDoS attacks. This is a post from HackRead.com Read the original post: Microsoft Busts Black Market for 100s of Millions of Fraudulent Accounts

Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1 Vulnerabilities: Improper Restriction of XML External Entity Reference, Time-of-check Time-of-use (TOCTOU) Race Condition, Command Injection, Missing Encryption of Sensitive Data, Cross-site Scripting, Improper Restriction of Operations within the Bounds of a Memory Buffer, Use After Free, Improper Input Validation, Out-of-bounds Write, Out-of-bounds Read, Infinite Loop, Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), Allocation of Resources Without Limits or ...