Authentication Archives

Bad actors can abuse GitHub Codespaces feature to deliver malware

Authentication, Source Code Security / By Frank Crast / January 17, 2023 January 17, 2023 / Codespaces, GitHub

Researchers from Trend Micro have discovered a way for bad actors to abuse a GitHub Codespaces feature to deliver malware.

Microsoft: Attackers are increasingly using token theft in cyberattacks to bypass MFA

Authentication, Cloud Security, Cybersecurity Articles, Cybersecurity Attacks, Identity & Access Management / By Frank Crast / November 22, 2022 November 22, 2022 / AitM, Azure, credentials, Microsoft, pass-the-cookie, phishing

The Microsoft Detection and Response Team (DART) has spotted an increase in attackers using token theft in the cloud to compromise corporate systems while bypassing multi-factor authentication (MFA) and other authentication controls.

Microsoft disables Basic authentication in Exchange Online to fight password spray attacks

Authentication, Cybersecurity Attacks, Messaging Security / By Frank Crast / October 7, 2022 October 7, 2022 / authentication, basic auth, EAS, EWS, Exchange, Exchange Online, IMAP, Microsoft, Oauth, OAuth 2.0, Outlook, POP, RPS, SMTP

Microsoft has disabled Basic authentication in Exchange Online tenants to help fight against password spray attacks. Attackers are stepping up attacks in anticipation, Microsoft warns.

Threat actor deploys malicious OAuth apps on compromised cloud tenants to spread spam

Access Control, Authentication, Cloud Security, Cybersecurity Attacks, Messaging Security / By Frank Crast / September 25, 2022 September 25, 2022 / AAD, Cloud, MFA, Microsoft, Oauth

Microsoft has been monitoring a threat actor deploying malicious OAuth apps on compromised cloud tenants to spread spam.

Uber provides updates on cybersecurity incident

Authentication, Data Breach, Data Privacy / By Frank Crast / September 20, 2022 September 20, 2022 / Data Breach, hacking, Lapsus$, Privacy, Uber

Uber provided new details regarding a cybersecurity incident that resulted in a data breach of its network systems.

Cybercriminal group TeamTNT leaks DockerHub credentials

Authentication, Cybersecurity Attacks, Malware / By Frank Crast / September 12, 2022 September 12, 2022 / Container, Docker, DockerHub, TeamTNT

Researchers from Trend Micro have discovered cybercriminal group TeamTNT leaking credentials from two of their attacker-controlled accounts via exposed Docker REST APIs.

Okta investigating reports of data breach by Lapsus$ ransomware cybercriminal group (updated)

Authentication, Data Breach, Data Privacy, Identity & Access Management / By Frank Crast / March 22, 2022 March 23, 2022 / authentication, Breach, Data Breach, Okta

Identity and authentication services firm Okta is investigating reports that the firm has been breached by the Lapsus$ ransomware cybercriminal group.

Varonis discovers MFA bypass for Box accounts

Access Control, Authentication, Vulnerabilities & Exploits / By Frank Crast / January 27, 2022 January 28, 2022

Varonis Threat Labs has discovered a multi-factor authentication (MFA) bypass vulnerability for Box accounts that use an SMS code for login verification.

Cisco fixes a Critical authentication bypass vulnerability in NFV Infrastructure Software TACACS+ AAA feature

Authentication, Network Security, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / September 4, 2021 September 4, 2021 / Cisco, CVE-2021-34746, Networking, NFV, NFVIS, TACACS

Cisco has fixed a Critical authentication bypass vulnerability CVE-2021-34746 in NFV Infrastructure Software (NFVIS) TACACS+ authentication, authorization and accounting (AAA) feature.

7-year old polkit vulnerability could allow hackers root shell on Linux systems

Authentication, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / June 14, 2021 June 16, 2021 / CVE-2021-3560, dbus-daemon, Linux, polkit, Privilege escalation, UID

A security researcher has discovered a seven-year old polkit privileged escalation vulnerability CVE-2021-3560 that could allow a remote attacker root shell access on Linux systems.