Authentication Archives - Cyber Security Minute

A critical flaw in Cisco SSM On-Prem allows attackers to change any user’s password

Issued by: Security Affairs

Cisco has addressed a critical vulnerability, tracked as CVE-2024-20419 (CVSS score of 10.0), in Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers that allows attackers to change any user’s password. The issue is due to an improper implementation in the password-change process. Threat actors can trigger the vulnerability by sending specially crafted HTTP…

Vulnerabilities

Juniper Rushes Out Emergency Patch for Critical Smart Router Flaw

Issued by: Dark Reading

Juniper Networks has released an emergency patch for a critical authentication bypass vulnerability that has been assigned the highest possible CVSS score of 10. The vulnerability, tracked under CVE-2024-2973, affects the Juniper Networks Session Smart Router, Session Smart Conductor, and WAN Assurance Router, and could allow a threat actor to take full control of an…

Application Security

Okta warns of credential stuffing attacks targeting its Cross-Origin Authentication feature

Issued by: Security Affairs

Okta warns of credential stuffing attacks targeting its Customer Identity Cloud (CIC) feature since April. A credential stuffing attack is a type of cyber attack where hackers use large sets of username and password combinations, typically obtained from previous data breaches, phishing campaigns, or info-stealer infections, to gain unauthorized access to user accounts on various…

Vulnerabilities

Ivanti Researchers Report Two Critical Zero-Day Vulnerabilities

Issued by: Dark Reading

Ivanti researchers this week flagged two zero-day vulnerabilities discovered in its products — CVE-2023-46805 and CVE-2024-21887— that are already being actively exploited by threat actors. The vulnerabilities were found in Ivanti Connect Secure (ICS) and Ivanti Policy Secure gateways, and the vulnerabilities affect all supported versions (Version 9.x and 22.x). Volexity assisted in identifying and…

Vulnerabilities

Critical Zero-Day in Apache OfBiz ERP System Exposes Businesses to Attack

Issued by: The Hacker News

A new zero-day security flaw has been discovered in Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system that could be exploited to bypass authentication protections. The vulnerability, tracked as CVE-2023-51467, resides in the login functionality and is the result of an incomplete patch for another critical vulnerability (CVE-2023-49070, CVSS score: 9.8) that was released…

Malware & Threats

Ransomware Readiness Assessments: One Size Doesn’t Fit All

Issued by: Dark Reading

Ransomware attacks can be devastating for organizations, causing significant damage to operations and reputations. Therefore, it’s crucial to prepare for such an eventuality with a comprehensive ransomware response plan. However, it’s also essential to understand that ransomware readiness assessments aren’t a one-size-fits-all solution. Let’s explore why a tailored approach to ransomware readiness assessments is necessary…

Vulnerabilities

Adobe warns customers of a critical ColdFusion RCE exploited in attacks

Issued by: Security Affairs

Adobe warns customers of a critical ColdFusion pre-authentication remote code execution vulnerability, tracked as CVE-2023-29300 (CVSS score 9.8), that is actively exploited in attacks in the wild. “Adobe is aware that CVE-2023-29300 has been exploited in the wild in very limited attacks targeting Adobe ColdFusion,” reads a statement sent by the company to its customers….

Software Security

Zero Trust Authentication: Foundation of Zero Trust Security

Issued by: DataBreach Today

Identity and security are more important than ever in today’s “work from anywhere” world. As companies adapt to remote workforces and the use of personal devices, the need for secure authentication has become paramount. The solution uses a zero trust authentication paradigm that ensures confidence in user and device identity on a real-time, continuous basis….

Application Security, Cloud Security, Software Security

Adaptive Access Technologies Gaining Traction for Security, Agility

Issued by: Dark Reading

Although only seeing tepid adoption to date, adaptive access and authentication is set to gain steam among businesses this year as organizations pursue zero-trust capabilities that grant and restrict access to data and systems based on context. In the latest sign of life in the evolving industry, startup company Oleria announced on March 21 that…

Software Security

Is Decentralized Identity About to Reach an Inflection Point?

Issued by: Dark Reading

Although the decentralized identity market is still in its infancy, it has been gaining traction in recent years and has the potential to change existing identity, authentication, and access for the better. In 2022, the decentralized identity market was projected to reach $270 million. Through decentralization and blockchain technology, there are an increasing number of…