Security News
Blast-RADIUS, an authentication bypass in the widely used RADIUS/UDP protocol, enables threat actors to breach networks and devices in man-in-the-middle MD5 collision attacks. [...]
The use of selfies to verify identity online is an emerging trend in some parts of the world since the pandemic forced more business to go digital. Local media has weighed in to suggest that selfies will not improve security.
ASUS has shipped software updates to address a critical security flaw impacting its routers that could be exploited by malicious actors to bypass authentication. Tracked as CVE-2024-3080, the...
ASUS has released a new firmware update that addresses a vulnerability impacting seven router models that allow remote attackers to log in to devices.The flaw, tracked as CVE-2024-3080, is an authentication bypass vulnerability allowing unauthenticated, remote attackers to take control of the device.
Microsoft has officially deprecated NTLM authentication on Windows and Windows servers, stating that developers should transition to Kerberos or Negotiation authentication to prevent problems in the future. New Technology LAN Manager, better known as NTLM, is an authentication protocol first released in 1993 as part of Windows NT 3.1 and as the successor to the LAN Manager protocol.
Fail2Ban is an open-source tool that monitors log files, such as /var/log/auth. Log, and blocks IP addresses that exhibit repeated failed login attempts.
Authelia is an open-source authentication and authorization server that offers 2FA and SSO for applications through a web portal. Authelia connects directly to the reverse proxy but never to the application backends.
Users of Veeam Backup Enterprise Manager are being urged to update to the latest version following the discovery of a critical security flaw that could permit an adversary to bypass authentication...
Threat actors were found breaching AWS accounts using authentication secrets leaked as plaintext in Atlassian Bitbucket artifact objects. As developers may not be aware that these secrets are exposed in artifact files, the source code may be published to public repositories where threat actors can steal them.
GitHub has rolled out fixes to address a maximum severity flaw in the GitHub Enterprise Server (GHES) that could allow an attacker to bypass authentication protections. Tracked...