Authentication Archives

Bad actors can abuse GitHub Codespaces feature to deliver malware

Authentication, Source Code Security / Frank Crast / January 17, 2023 / Codespaces, GitHub

Researchers from Trend Micro have discovered a way for bad actors to abuse a GitHub Codespaces feature to deliver malware.

Bad actors can abuse GitHub Codespaces feature to deliver malware Read More »

Microsoft: Attackers are increasingly using token theft in cyberattacks to bypass MFA

Authentication, Cloud Security, Cybersecurity Articles, Cybersecurity Attacks, Identity & Access Management / Frank Crast / November 22, 2022 / AitM, Azure, credentials, Microsoft, pass-the-cookie, phishing

The Microsoft Detection and Response Team (DART) has spotted an increase in attackers using token theft in the cloud to compromise corporate systems while bypassing multi-factor authentication (MFA) and other authentication controls.

Microsoft: Attackers are increasingly using token theft in cyberattacks to bypass MFA Read More »

Microsoft disables Basic authentication in Exchange Online to fight password spray attacks

Authentication, Cybersecurity Attacks, Messaging Security / Frank Crast / October 7, 2022 / authentication, basic auth, EAS, EWS, Exchange, Exchange Online, IMAP, Microsoft, Oauth, OAuth 2.0, Outlook, POP, RPS, SMTP

Microsoft has disabled Basic authentication in Exchange Online tenants to help fight against password spray attacks. Attackers are stepping up attacks in anticipation, Microsoft warns.

Microsoft disables Basic authentication in Exchange Online to fight password spray attacks Read More »

Threat actor deploys malicious OAuth apps on compromised cloud tenants to spread spam

Access Control, Authentication, Cloud Security, Cybersecurity Attacks, Messaging Security / Frank Crast / September 25, 2022 / AAD, Cloud, MFA, Microsoft, Oauth

Microsoft has been monitoring a threat actor deploying malicious OAuth apps on compromised cloud tenants to spread spam.

Threat actor deploys malicious OAuth apps on compromised cloud tenants to spread spam Read More »

Uber provides updates on cybersecurity incident

Authentication, Data Breach, Data Privacy / Frank Crast / September 20, 2022 / Data Breach, hacking, Lapsus$, Privacy, Uber

Uber provided new details regarding a cybersecurity incident that resulted in a data breach of its network systems.

Uber provides updates on cybersecurity incident Read More »

Cybercriminal group TeamTNT leaks DockerHub credentials

Authentication, Cybersecurity Attacks, Malware / Frank Crast / September 12, 2022 / Container, Docker, DockerHub, TeamTNT

Researchers from Trend Micro have discovered cybercriminal group TeamTNT leaking credentials from two of their attacker-controlled accounts via exposed Docker REST APIs.

Cybercriminal group TeamTNT leaks DockerHub credentials Read More »

Okta investigating reports of data breach by Lapsus$ ransomware cybercriminal group (updated)

Authentication, Data Breach, Data Privacy, Identity & Access Management / Frank Crast / March 22, 2022 / authentication, Breach, Data Breach, Okta

Identity and authentication services firm Okta is investigating reports that the firm has been breached by the Lapsus$ ransomware cybercriminal group.

Okta investigating reports of data breach by Lapsus$ ransomware cybercriminal group (updated) Read More »

Varonis discovers MFA bypass for Box accounts

Access Control, Authentication, Vulnerabilities & Exploits / Frank Crast / January 27, 2022

Varonis Threat Labs has discovered a multi-factor authentication (MFA) bypass vulnerability for Box accounts that use an SMS code for login verification.

Varonis discovers MFA bypass for Box accounts Read More »

Cisco fixes a Critical authentication bypass vulnerability in NFV Infrastructure Software TACACS+ AAA feature

Authentication, Network Security, Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / September 4, 2021 / Cisco, CVE-2021-34746, Networking, NFV, NFVIS, TACACS

Cisco has fixed a Critical authentication bypass vulnerability CVE-2021-34746 in NFV Infrastructure Software (NFVIS) TACACS+ authentication, authorization and accounting (AAA) feature.

Cisco fixes a Critical authentication bypass vulnerability in NFV Infrastructure Software TACACS+ AAA feature Read More »

7-year old polkit vulnerability could allow hackers root shell on Linux systems

Authentication, Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / June 14, 2021 / CVE-2021-3560, dbus-daemon, Linux, polkit, Privilege escalation, UID

A security researcher has discovered a seven-year old polkit privileged escalation vulnerability CVE-2021-3560 that could allow a remote attacker root shell access on Linux systems.

7-year old polkit vulnerability could allow hackers root shell on Linux systems Read More »