Qantas fixed a bug with its app which allowed some passengers to view the flight details and names of other passengers. The company assures users that the bug was not due to a cybersecurity incident but rather a βtechnology issue.β No additional personal information or financial information was shared.
Panda Restaurant Group experienced a data breach in March, leading to the theft of associates' personal information. The breach affected corporate systems but not in-store operations or guest experience. The company is offering affected individuals credit monitoring services and advises vigilance against identity theft.
A 9.9 severity vulnerability in the WordPress Automatic plugin was disclosed in March. The vulnerability is a SQL injection that could allow unauthenticated attackers to create admin accounts and take over a WordPress site. WPScan has logged more than 5 million attempts to exploit the vulnerability since disclosure.
An exploration of the BlackBerry MDM solution. It walks through the process of reverse engineering the BlackBerry MDM client and uncovers several flaws in the authentication scheme. The vulnerabilities were reported to and dismissed by BlackBerry.
This blog post discusses using password spraying to gain access to Microsoft 365 accounts during red team engagements. It highlights the importance of avoiding lockouts and utilizing tools like Fireprox for successful password spraying. The approach involves testing methodologies, being mindful of client communications, and exploiting MFA gaps for initial access.
This blog post details how the now-retired domain code.microsoft.com was turned into a honeypot by Microsoft to collect threat intelligence on malicious activities targeting its infrastructure. By repurposing the dangling subdomain, Microsoft was able to attract and monitor attackers, gaining valuable insights to enhance its security measures. The honeypot successfully detected and mitigated a potential malware hosting incident in 2021.
The Kubenomicon is a collection of offensive security techniques for Kubernetes clusters. It's heavily inspired by the Microsoft Kubernetes Threat Matrix.
A post from the maintainer of the webauthn-rs library on why they believe that passkeys will ultimately fail. The author lays out their original hopes for webauthn and why we failed to get there. Reasons for the failure of passkeys include corporations acting in their own self-interest, anti-open source behaviors, and messy implementations ruining the user experience around passkeys.
This blog post talks about how MFA, or multifactor authentication, is facing challenges with phishing attacks and session hijacking. Attacks on MFA factors like passwords and OTPs can compromise user security. Organizations need to prioritize stronger authentication methods to protect against evolving threats.
The ArcaneDoor espionage tool is an example of state-sponsored actors targeting perimeter network devices from multiple vendors. It exploits two vulnerabilities, CVE-2024-20353 and CVE-2024-20359, and is not limited to Cisco devices. These authors recommend bolstering perimeter security and adopting robust security practices to prevent these types of attacks.
CISA and the FBI advise software companies to fix path traversal vulnerabilities before releasing products to prevent attackers from exploiting file manipulation for malicious purposes.