#jobs #incident #vulnerability #patch-management #security-tools #ai #detection-engineering #exploit #malware #cloud #breach #phishing #ransomware #zero-day #authentication
Articles tagged with: #authentication Clear filter
CrowdStrike Warns of New Mass Exploitation Campaign Leveraging Oracle E-Business Suite 0-Day

CrowdStrike Warns of New Mass Exploitation Campaign Leveraging Oracle E-Business Suite 0-Day

Cyber Security News cybersecuritynews.com

A widespread campaign observed exploiting a novel zero-day vulnerability in Oracle E-Business Suite (EBS) applications, now tracked as CVE-2025-61882. First observed on August 9, 2025, this unauthenticated remote code execution (RCE) flaw is being weaponized to bypass authentication, deploy web shells, and exfiltrate sensitive data from internet-exposed EBS instances. CrowdStrike assesses with moderate confidence that

#rce #vulnerability #exploit #authentication #zero-day
Cisco ASA/FTD 0-Day Vulnerability Exploited for Authentication Bypass - PoC Released

Cisco ASA/FTD 0-Day Vulnerability Exploited for Authentication Bypass - PoC Released

Cyber Security News cybersecuritynews.com

Cisco has released advisories for a zero-day exploit chain affecting its Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) software, which is reportedly being used in highly targeted attacks by an unknown threat actor. According to Rapid7, the exploit chain combines two vulnerabilities, CVE-2025-20362 and CVE-2025-20333, to achieve unauthenticated remote code

#vulnerability #incident #exploit #authentication #zero-day
Microsoft Links Storm-1175 to GoAnywhere Exploit Deploying Medusa Ransomware

Microsoft Links Storm-1175 to GoAnywhere Exploit Deploying Medusa Ransomware

The Hacker News thehackernews.com

Microsoft on Monday attributed a threat actor it tracks as Storm-1175 to the exploitation of a critical security flaw in Fortra GoAnywhere software to facilitate the deployment of Medusa ransomware. The vulnerability is CVE-2025-10035 (CVSS score: 10.0), a critical deserialization bug that could result in command injection without authentication. It was addressed in version 7.8.4, or the Sustain

#vulnerability #deserialization #exploit #authentication #ransomware
Secure Use of the Agent Payments Protocol (AP2): A Framework for Trustworthy AI-Driven Transactions

Secure Use of the Agent Payments Protocol (AP2): A Framework for Trustworthy AI-Driven Transactions

Cloud Security Alliance cloudsecurityalliance.org

Written by Ken Huang, CEO at DistributedApps.ai and Jerry Huang, Engineering Fellow, Kleiner Perkins. Abstract AI agents used in e-commerce necessitates secure payment protocols capable of handling high-determinism user authorization, agent authentication, and non-repudiable accountability. The Agent Payments Protocol (AP2) [1], an open extension to Agent2Agent (A2A) [2] and Model Context Protocol (MCP) [3], introduces Verifiable Credentials (VCs) in the form of crypto

#security-tools #authentication #authorization #ai
PoC Exploit Released for Remotely Exploitable Oracle E-Business Suite 0-Day Vulnerability

PoC Exploit Released for Remotely Exploitable Oracle E-Business Suite 0-Day Vulnerability

Cyber Security News cybersecuritynews.com

A critical zero-day vulnerability in Oracle E-Business Suite has emerged as a significant threat to enterprise environments, with proof-of-concept (PoC) exploit code now publicly available. CVE-2025-61882 presents a severe security risk, achieving a maximum CVSS 3.1 score of 9.8 and enabling remote code execution without authentication across multiple Oracle E-Business Suite versions. The vulnerability affects

#patch-management #incident #exploit #authentication #zero-day
Who's Wearing? Ear Canal Biometric Key Extraction for User Authentication on Wireless Earbuds

Who's Wearing? Ear Canal Biometric Key Extraction for User Authentication on Wireless Earbuds

cs.CR updates on arXiv.org arxiv.org

arXiv:2510.02563v1 Announce Type: new Abstract: Ear canal scanning/sensing (ECS) has emerged as a novel biometric authentication method for mobile devices paired with wireless earbuds. Existing studies have demonstrated the uniqueness of ear canals by training and testing machine learning classifiers on ECS data. However, implementing practical ECS-based authentication requires preventing raw biometric data leakage and designing computationally efficient protocols suitable for...

#authentication
Apply Bayes Theorem to Optimize IVR Authentication Process

Apply Bayes Theorem to Optimize IVR Authentication Process

cs.CR updates on arXiv.org arxiv.org

arXiv:2510.02378v1 Announce Type: new Abstract: This paper introduces a Bayesian approach to improve Interactive Voice Response (IVR) authentication processes used by financial institutions. Traditional IVR systems authenticate users through a static sequence of credentials, assuming uniform effectiveness among them. However, fraudsters exploit this predictability, selectively bypassing strong credentials. This study applies Bayes' Theorem and conditional probability modeling to evaluate fraud...

#incident #exploit #authentication
Learning Terraform in Azure as a Security Admin - Feedback Welcome

Learning Terraform in Azure as a Security Admin - Feedback Welcome

cybersecurity www.reddit.com

Hey everyone, Firstly, this is probably shit so bear with me. I've got just over 1 year of experience in security, mainly as a Security Admin in Azure. Recently, I decided to spend some time learning Terraform and applying it to a personal project. What I did: • Provisioned an Ubuntu VM in Azure using Terraform. • Configured SSH key-based authentication and disabled password logins. • Set up UFW on the VM and an Azure NSG for network-level firewalling. • Installed and configured Nginx,...

#authentication #azure
Learning Terraform in Azure as a Security Admin - Feedback Welcome

Learning Terraform in Azure as a Security Admin - Feedback Welcome

cybersecurity www.reddit.com

Hey everyone, Firstly, this is probably shit so bear with me. I've got just over 1 year of experience in security, mainly as a Security Admin in Azure. Recently, I decided to spend some time learning Terraform and applying it to a personal project. What I did: • Provisioned an Ubuntu VM in Azure using Terraform. • Configured SSH key-based authentication and disabled password logins. • Set up UFW on the VM and an Azure NSG for network-level firewalling. • Installed and configured Nginx,...

#authentication #azure
Setting up a custom Auth Flow with Foundry

Setting up a custom Auth Flow with Foundry

CrowdStrike www.reddit.com

Does anyone have experience setting up an integration with a custom auth schema? For reference, I'm trying to get the Akamai WAF template that CS provides OOTB working, but since Akamai only accepts authentication via EdgeGrid and not basic or oauth2, the app breaks when I try to run it. I've tried using functions as a workaround with python, but I get an error saying "the function is too complex". Am I missing something or is this template just deprecated? submitted by /u/Xboxecho123 [link]...

#authentication #waf
Authentication Security of PRF GNSS Ranging

Authentication Security of PRF GNSS Ranging

cs.CR updates on arXiv.org arxiv.org

arXiv:2510.02196v1 Announce Type: new Abstract: This work derives the authentication security of pseudorandom function (PRF) GNSS ranging under multiple GNSS spoofing models, including the Security Code Estimation and Replay (SCER) spoofer. When GNSS ranging codes derive from a PRF utilizing a secret known only to the broadcaster, the spoofer cannot predict the ranging code before broadcast. Therefore, PRF ranging can be used to establish trust in the GNSS pseudoranges and the resulting...

#authentication
Raise3D Pro2 Series 3D Printers

Raise3D Pro2 Series 3D Printers

All CISA Advisories www.cisa.gov

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Raise3D Equipment: Pro2 Series Vulnerability: Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could result in data exfiltration and compromise of the target device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following firmware versions of the Rasie3D Pro2 Series printers are affected: Pro2 Series: All Versions 3.2...

#vulnerability #patch-management #incident #exploit #authentication
CISA Adds Five Known Exploited Vulnerabilities to Catalog

CISA Adds Five Known Exploited Vulnerabilities to Catalog

All CISA Advisories www.cisa.gov

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2014-6278 GNU Bash OS Command Injection Vulnerability CVE-2015-7755 Juniper ScreenOS Improper Authentication Vulnerability CVE-2017-1000353 Jenkins Remote Code Execution Vulnerability CVE-2025-4008 Smartbedded Meteobridge Command Injection Vulnerability CVE-2025-21043 Samsung Mobile Devices Out-of-Bounds Write Vulnerability These types of vulnerabilities...

#vulnerability #patch-management #exploit #command-injection #authentication
Hackers Posing as Google Careers Recruiter to Steal Gmail Login Details

Hackers Posing as Google Careers Recruiter to Steal Gmail Login Details

Cyber Security News cybersecuritynews.com

A sophisticated phishing campaign has emerged targeting job seekers through fake Google career recruitment opportunities, leveraging social engineering tactics to harvest Gmail credentials and personal information. The malicious operation exploits the trust associated with Google's brand reputation, crafting convincing recruitment emails that direct victims to fraudulent login portals designed to capture authentication details. The attack

#incident #phishing #authentication
DeepProv: Behavioral Characterization and Repair of Neural Networks via Inference Provenance Graph Analysis

DeepProv: Behavioral Characterization and Repair of Neural Networks via Inference Provenance Graph Analysis

cs.CR updates on arXiv.org arxiv.org

arXiv:2509.26562v1 Announce Type: new Abstract: Deep neural networks (DNNs) are increasingly being deployed in high-stakes applications, from self-driving cars to biometric authentication. However, their unpredictable and unreliable behaviors in real-world settings require new approaches to characterize and ensure their reliability. This paper introduces DeepProv, a novel and customizable system designed to capture and characterize the runtime behavior of DNNs during inference by using their...

#authentication #provenance
LG Innotek Camera Multiple Models

LG Innotek Camera Multiple Models

All CISA Advisories www.cisa.gov

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.8 ATTENTION : Exploitable remotely/Low attack complexity Vendor : LG Innotek Equipment : Camera Models LND7210 and LNV7210R Vulnerability : Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain administrative access to the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following models of LG Innotek CCTV Cameras are affected: LG LND7210: All...

#vulnerability #patch-management #incident #exploit #authentication