Search cyberveille.decio.ch

Found 7 bookmarks

Custom sorting

Threat Response - Critical Authentication Bypass in PAN-OS Management Web Interface

On 18 November 2024, Palo Alto Networks issued a security advisory for an authentication bypass vulnerability in the PAN-OS management web interface. The vulnerability is tracked under CVE-2024-0012 [1] and has a CVSS score for this is 9.3 [2]. The vulnerability allows an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges. As the Northwave CERT has already observed mass exploitation by multiple threat actors, we urge all recipients to implement mitigation measures and patch their systems.

#northwave-cybersecurity #EN #2024 #Critical #Authentication #Bypass #CVE-2024-0012

·northwave-cybersecurity.com·Dec 28, 2024

Threat Response - Critical Authentication Bypass in PAN-OS Management Web Interface

Okta security bug affects those with really long usernames

Mondays are for checking months of logs, apparently, if MFA's not enabled

#theregister #EN #2024 #Okta #bug #AD/LDAP #Delegated #Authentication #DelAuth

·theregister.com·Nov 13, 2024

Okta security bug affects those with really long usernames

Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services

Google says it recently fixed an authentication weakness that allowed crooks to circumvent the email verification required to create a Google Workspace account, and leverage that to impersonate a domain holder at third-party services that allow logins through Google’s “Sign in with Google” feature.

#krebsonsecurity #EN #2024 #Google #authentication #weakness #Bypassed #Workspace

·krebsonsecurity.com·Jul 29, 2024

Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services

Bypassing Veeam Authentication CVE-2024-29849

Veeam Backup Enterprise Manager Authentication Bypass

#summoning.team #EN #2024 #Veeam #Backup #Enterprise #Manager #Authentication #Bypass #PoC #CVE-2024-29849

·summoning.team·Jun 11, 2024

Bypassing Veeam Authentication CVE-2024-29849

Microsoft will require MFA for all Azure users

Multi-factor authentication makes you, your company and your cloud investments safer

#microsoft #EN #2024 #announce #announcement #MFA #Azure #Multi-factor #authentication

·techcommunity.microsoft.com·May 18, 2024

Microsoft will require MFA for all Azure users

Cisco: Hacker breached multifactor authentication message provider on April 1

Cisco said one of the providers it uses to send multifactor authentication (MFA) messages was breached by a threat actor on April 1. In emails to customers, Cisco said the incident specifically affected Duo — a multifactor authentication company it acquired in 2018. The attacker breached the system of a telephony supplier that Duo uses to send MFA messages through texts and phone calls to its customers.

#therecord #EN #2024 #Cisco #breached #multifactor #authentication #duo

·therecord.media·Apr 20, 2024

Cisco: Hacker breached multifactor authentication message provider on April 1

CVE-2024-0204: Critical Authentication Bypass in Fortra GoAnywhere MFT | Rapid7 Blog

On 1/22/24, Fortra published a security advisory on CVE-2024-0204, a critical authentication bypass affecting its GoAnywhere MFT secure managed file transfer product prior to version 7.4.1.

#rapid7 #EN #2024 #Critical #Authentication #Bypass #CVE-2024-0204 #Fortra #GoAnywhere

·rapid7.com·Jan 23, 2024

CVE-2024-0204: Critical Authentication Bypass in Fortra GoAnywhere MFT | Rapid7 Blog