• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

200 Swedish municipalities impacted by a major cyberattack on IT provider

 | 

TransUnion discloses a data breach impacting over 4.4 million customers

 | 

NSA, NCSC, and allies detailed TTPs associated with Chinese APT actors targeting critical infrastructure Orgs

 | 

UNC6395 targets Salesloft in Drift OAuth token theft campaign

 | 

Over 28,000 Citrix instances remain exposed to critical RCE flaw CVE-2025-7775

 | 

U.S. CISA adds Citrix NetScaler flaw to its Known Exploited Vulnerabilities catalog

 | 

Healthcare Services Group discloses 2024 data breach that impacted 624,496 people

 | 

ESET warns of PromptLock, the first AI-driven ransomware

 | 

China linked UNC6384 targeted diplomats by hijacking web traffic

 | 

Farmers Insurance discloses a data breach impacting 1.1M customers

 | 

Citrix fixed three NetScaler flaws, one of them actively exploited in the wild

 | 

Auchan discloses data breach: data of hundreds of thousands of customers exposed

 | 

U.S. CISA adds Citrix Session Recording, and Git flaws to its Known Exploited Vulnerabilities catalog

 | 

Docker fixes critical Desktop flaw allowing container escapes

 | 

Malicious apps with +19M installs removed from Google Play because spreading Anatsa banking trojan and other malware

 | 

Pakistan-linked APT36 abuses Linux .desktop files to drop custom malware in new campaign

 | 

Android.Backdoor.916.origin malware targets Russian business executives

 | 

Electronics manufacturer Data I/O took offline operational systems following a ransomware attack

 | 

IoT under siege: The return of the Mirai-based Gayfemboy Botnet

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 59

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me

authentication bypass

Pierluigi Paganini April 15, 2022
Auth bypass flaw in Cisco Wireless LAN Controller Software allows device takeover

Cisco fixed a critical flaw in Cisco Wireless LAN Controller (WLC) that could allow an unauthenticated, remote attacker to take control affected devices. Cisco has released security patches to fix a critical vulnerability (CVSS score 10), tracked as CVE-2022-20695, in Cisco Wireless LAN Controller (WLC). A remote, unauthenticated attacker could exploit the flaw to bypass […]

Pierluigi Paganini January 19, 2022
Box flaw allowed to bypass MFA and takeover accounts

A vulnerability in the implementation of multi-factor authentication (MFA) for Box allowed threat actors to take over accounts. A vulnerability in the implementation of multi-factor authentication (MFA) for Box allowed attackers to take over accounts without having access to the victim’s phone, Varonis researchers reported. Box develops and markets cloud-based content management, collaboration, and file-sharing tools for businesses. […]

Pierluigi Paganini October 07, 2021
PoC exploit for 2 flaws in Dahua cameras leaked online

A proof of concept exploit for two authentication bypass vulnerabilities in Dahua cameras is available online, users are recommended to immediately apply updates. Experts warn of the availability of proof of concept (PoC) exploit code for a couple of authentication bypass vulnerabilities in Dahua cameras, tracked as CVE-2021-33044 and CVE-2021-33045.  A remote attacker can exploit both vulnerabilities […]

Pierluigi Paganini September 28, 2021
Trend Micro fixes a critical flaw in ServerProtec Solution, patch it now!

Trend Micro has addressed a critical authentication bypass vulnerability, tracked as CVE-2021-36745, affecting the ServerProtect solution. Trend Micro has released security patches to address a critical authentication bypass vulnerability, tracked as CVE-2021-36745, that affects the Trend Micro ServerProtect product. Trend Micro Server Protect offers comprehensive real-time protection for enterprise infrastructure, preventing them from being targeted by viruses, […]

Pierluigi Paganini June 12, 2021
CVE-2021-3560 flaw in polkit auth system service affects most of Linux distros

An authentication bypass flaw in the polkit auth system service used on most Linux distros can allow to get a root shell. An authentication bypass vulnerability in the polkit auth system service, tracked as CVE-2021-3560, which is used on most Linux distros can allow an unprivileged attacker to get a root shell. “A flaw was found […]

Pierluigi Paganini September 02, 2020
MAGMI Magento plugin flaw allows remote code execution on a vulnerable site

Researchers discovered multiple vulnerabilities in the MAGMI Magento plugin that could lead to remote code execution on a vulnerable Magento site. Tenable published a research advisory for two vulnerabilities impacting the Magento Mass Import (MAGMI) plugin. The flaws were discovered by Enguerran Gillier of the Tenable Web Application Security Team. MAGMI is a Magento database […]

Pierluigi Paganini July 31, 2020
Cisco fixes critical and high-severity flaws in Data Center Network Manager

Cisco addressed critical and high-severity vulnerabilities affecting its Data Center Network Manager (DCNM) network management platform. Cisco addressed this week some critical and high-severity vulnerabilities impacting its Data Center Network Manager (DCNM) network management platform. One of the most security issues is a critical authentication bypass vulnerability, tracked as CVE-2020-3382. The vulnerability can allow a remote, unauthenticated attacker […]

Pierluigi Paganini February 22, 2019
WhatsApp fixes Face ID and Touch ID authentication bypass

WhatsApp recently implemented Face ID and Touch ID authentication for Apple iOS app, but unfortunately, it can be easily bypassed. Earlier February, WhatsApp introduced Face ID and Touch ID authentication for its iOS app to allow users to lock the application using the Face ID facial recognition and Touch ID fingerprint systems. The security feature […]

Pierluigi Paganini January 04, 2019
Flaw in Skype for Android exposes photos and contacts

A security expert found a flaw in Skype for Android that could be exploited by an unauthenticated attacker to view photos and contacts, and even open links in the browser. Security expert Florian Kunushevci (19) discovered a vulnerability that allows an unauthenticated local attacker to view photos and contacts, and also to open links in […]

Pierluigi Paganini April 08, 2018
Auth0 authentication bypass issue exposed enterprises to hack

Auth0, one of the biggest identity-as-a-service platform is affected by a critical authentication bypass vulnerability that exposed enterprises to hack. Auth0, one of the biggest identity-as-a-service platform is affected by a critical authentication bypass vulnerability that could be exploited by attackers to access any portal or application which are using it for authentication. Auth0 implements a token-based authentication model for a […]

  • 1
  • 2
  • 3

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    200 Swedish municipalities impacted by a major cyberattack on IT provider

    Security / August 28, 2025

    TransUnion discloses a data breach impacting over 4.4 million customers

    Data Breach / August 28, 2025

    NSA, NCSC, and allies detailed TTPs associated with Chinese APT actors targeting critical infrastructure Orgs

    Intelligence / August 28, 2025

    UNC6395 targets Salesloft in Drift OAuth token theft campaign

    Hacking / August 28, 2025

    Over 28,000 Citrix instances remain exposed to critical RCE flaw CVE-2025-7775

    Hacking / August 27, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT