auth

  • Blog
    digitpatrox2 days ago
    19

    Microsoft 365 to block file access via legacy auth protocols by default

    Microsoft has announced that it will start updating security defaults for all Microsoft 365 tenants in July to block access to SharePoint, OneDrive, and Office files via legacy authentication protocols. These changes will also address application access permissions that can expose organizations to unnecessary security risks. The rollout is set to begin in mid-July 2025, with an estimated completion date…

    Read More »
  • Blog
    digitpatrox6 days ago
    24

    Microsoft confirms auth issues affecting Microsoft 365 users

    Microsoft is investigating an ongoing incident that is causing users to experience errors with some Microsoft 365 authentication features. As the company revealed earlier today in an incident alert published in the admin center, users may experience errors during self-service password resets and when viewing or registering authentication methods in MySignIns, while admins may be unable to add multi-factor authentication  (MFA) sign-in methods to some…

    Read More »
  • Blog
    digitpatrox1 week ago
    40

    GitLab patches high severity account takeover, missing auth issues

    GitLab has released security updates to address multiple vulnerabilities in the company’s DevSecOps platform, including ones enabling attackers to take over accounts and inject malicious jobs in future pipelines. The company released GitLab Community and Enterprise versions 18.0.2, 17.11.4, and 17.10.8 to address these security flaws and urged all admins to upgrade immediately. “These versions contain important bug and security…

    Read More »
  • Blog
    digitpatrox2 weeks ago
    51

    Hewlett Packard Enterprise warns of critical StoreOnce auth bypass

    Hewlett Packard Enterprise (HPE) has issued a security bulletin to warn about eight vulnerabilities impacting StoreOnce, its disk-based backup and deduplication solution. Among the flaws fixed this time is a critical severity (CVSS v3.1 score: 9.8) authentication bypass vulnerability tracked under CVE-2025-37093, three remote code execution bugs, two directory traversal problems, and a server-side request forgery issue. The flaws impact…

    Read More »
  • Blog
    digitpatrox4 weeks ago
    48

    Unpatched critical bugs in Versa Concerto lead to auth bypass, RCE

    Critical vulnerabilities in Versa Concerto that are still unpatched could allow remote attackers to bypass authentication and execute arbitrary code on affected systems. Three security issues, two of them critical, were publicly disclosed by researchers at the vulnerability management firm ProjectDiscovery after reporting them to the vendor and receiving no confirmation of the bugs being addressed. Versa Concerto is the centralized management…

    Read More »
  • Blog
    digitpatroxApril 19, 2025
    66

    ASUS warns of critical auth bypass flaw in routers using AiCloud

    ASUS is warning about an authentication bypass vulnerability in routers with AiCloud enabled that could allow remote attackers to perform unauthorized execution of functions on the device. The vulnerability, tracked under CVE-2025-2492 and rated critical (CVSS v4 score: 9.2), is remotely exploitable via a specially crafted request and requires no authentication, making it particularly dangerous. “An improper authentication control vulnerability…

    Read More »
  • Blog
    digitpatroxApril 10, 2025
    88

    Hackers exploit WordPress plugin auth bypass hours after disclosure

    Hackers started exploiting a high-severity flaw that allows bypassing authentication in the OttoKit (formerly SureTriggers) plugin for WordPress just hours after public disclosure. Users are strongly recommended to upgrade to the latest version of OttoKit/SureTriggers, currently 1.0.79, released at the beginning of the month. The OttoKit WordPress plugin allows users to connect plugins and external tools like WooCommerce, Mailchimp, and Google Sheets,…

    Read More »
  • Blog
    digitpatroxApril 9, 2025
    80

    Microsoft fixes auth issues on Windows Server, Windows 11 24H2

    Microsoft has fixed a known issue causing authentication problems when Credential Guard is enabled on systems using the Kerberos PKINIT pre-auth security protocol. According to Redmond, these authentication issues impact both client (Windows 11, version 24H2) and server (Windows Server 2025) platforms, albeit only in some niche scenarios. On affected systems, users experience problems because the passwords aren’t rotating correctly…

    Read More »
  • Blog
    digitpatroxMarch 14, 2025
    113

    New SuperBlack ransomware exploits Fortinet auth bypass flaws

    A new ransomware operator named ‘Mora_001’ is exploiting two Fortinet vulnerabilities to gain unauthorized access to firewall appliances and deploy a custom ransomware strain dubbed SuperBlack. The two vulnerabilities, both authentication bypasses, are CVE-2024-55591 and CVE-2025-24472, which Fortinet disclosed in January and February, respectively. When Fortinet first disclosed CVE-2024-55591 on January 14, they confirmed it had been exploited as a zero-day, with Arctic…

    Read More »
  • Blog
    digitpatroxFebruary 12, 2025
    145

    Fortinet discloses second firewall auth bypass patched in January

    Update 2/11/25 07:32 PM ET: After publishing our story, Fortinet has informed us that the new CVE-2025-24472 flaw added to FG-IR-24-535 today is not a zero-day and was already fixed in January. Furthermore, even though today’s updated advisory indicates that both flaws were exploited in attacks and even includes a workaround for the new CSF proxy requests exploitation pathway, Fortinet says that only CVE-2024-55591 was…

    Read More »
Load More
Back to top button
close