Authentication - Securezoo

Okta investigating reports of data breach by Lapsus$ ransomware cybercriminal group (updated)

Authentication, Data Breach, Data Privacy, Identity & Access Management / By Frank Crast / March 22, 2022 March 23, 2022

Identity and authentication services firm Okta is investigating reports that the firm has been breached by the Lapsus$ ransomware cybercriminal group.

Varonis discovers MFA bypass for Box accounts

Access Control, Authentication, Vulnerabilities & Exploits / By Frank Crast / January 27, 2022 January 28, 2022

Varonis Threat Labs has discovered a multi-factor authentication (MFA) bypass vulnerability for Box accounts that use an SMS code for login verification.

Cisco fixes a Critical authentication bypass vulnerability in NFV Infrastructure Software TACACS+ AAA feature

Authentication, Network Security, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / September 4, 2021 September 4, 2021

Cisco has fixed a Critical authentication bypass vulnerability CVE-2021-34746 in NFV Infrastructure Software (NFVIS) TACACS+ authentication, authorization and accounting (AAA) feature.

7-year old polkit vulnerability could allow hackers root shell on Linux systems

Authentication, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / June 14, 2021 June 16, 2021

A security researcher has discovered a seven-year old polkit privileged escalation vulnerability CVE-2021-3560 that could allow a remote attacker root shell access on Linux systems.

Kobalos Linux malware targets high performance cluster computers

Authentication, Cybersecurity Attacks, Malware / By Frank Crast / February 3, 2021 February 3, 2021

A complex Linux malware dubbed Kobalos is targeting high performance cluster (HPC) computers around the globe.

Sudo privilege escalation vulnerability (CVE-2021-3156)

Authentication, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / January 29, 2021 April 7, 2022

A vulnerability in open-source sudo utility could allow regular users to gain root privileges on vulnerable Linux hosts without authentication.

High risk vulnerability in Zyxel firewalls and AP controllers exploited in the wild

Authentication, Network Security, Vulnerabilities & Exploits / By Frank Crast / January 11, 2021 January 11, 2021

Security experts have warned about a high risk hardcoded credential vulnerability in Zyxel firewalls and AP controllers. Some sources have confirmed that bad actors have already ramped up exploits against the vulnerability.

NSA: New guidance to eliminate obsolete TLS protocols

Authentication, Configuration Management, Cryptography, Cybersecurity Articles, Vulnerabilities & Exploits / By Frank Crast / January 9, 2021 January 11, 2021

The National Security Agency (NSA) has issued new guidance to eliminate obsolete Transport Layer Security (TLS) protocol configurations (such as TLS 1.0, TLS 1.1, SSLv2, SSLv3 and weak ciphers).

NIST SP 800-52 Rev. 2: Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations

Authentication, Cryptography, Standards & Guidelines / By Frank Crast / August 29, 2019 September 18, 2021

The National Institute of Standards and Technology (NIST) has released its Security Publication (SP) 800-52 Rev. 2: Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations.