authentication

Pierluigi Paganini May 03, 2018
CVE-2018-2879 – Vulnerability in Oracle Access Manager can let attackers impersonate any user account

Security researchers have discovered a security vulnerability in Oracle Access Manager that can be exploited by a remote attacker to bypass the authentication and take over the account of any user. Security researcher Wolfgang Ettlinger from SEC Consult Vulnerability Lab has discovered a security vulnerability in Oracle Access Manager that can be exploited by a […]

Pierluigi Paganini January 27, 2018
Hurry up, update your Lenovo Fingerprint Manager Pro if you use Windows 7, 8 and 8.1

Lenovo has fixed a hardcoded password vulnerability in Lenovo Fingerprint Manager Pro affecting a dozen laptop models running Windows 7, 8 and the 8.1 OS. The PC vendor Lenovo has fixed a hardcoded password vulnerability, tracked as (CVE-2017-3762), affecting a dozen Lenovo laptop models that run versions of Microsoft Windows 7, 8 and the 8.1 […]

Pierluigi Paganini January 24, 2018
Less than 10% of Gmail users enabled two-factor authentication

According to Google software engineer Grzegorz Milka, less than 10 percent of its users have enabled two-factor authentication (2FA) for their accounts. The availability of billions of credentials in the criminal underground due to the numerous massive data breaches occurred in the last years makes it easy for crooks to take over users’ accounts. We always […]

Pierluigi Paganini January 17, 2018
How to hack Facebook accounts exploiting CSRF in Oculus app

Facebook has fixed a couple of vulnerabilities that could have been exploited by attackers to hijack accounts by abusing integration with the Oculus virtual reality headset. In March 2014, Facebook founder Mark Zuckerberg announced the acquisition of Oculus VR and included the handsets produced by the company to its bug bounty program. White hat hackers […]

Pierluigi Paganini January 12, 2018
A flaw in macOS High Sierra allows to unlock the App Store Preferences without password

Security expert discovered a new vulnerability in macOS High Sierra that could be exploited by users logged as admins to unlock the AppStore Preferences in System Preferences by providing any password. Security expert discovered a new vulnerability in macOS High Sierra that could be exploited by users logged as admins to unlock the AppStore Preferences in System Preferences by […]

Pierluigi Paganini December 31, 2017
WeChat is set to become China’s official electronic ID system

China’s largest social media network, WeChat, is set to become an official electronic ID system in the country, an ID pilot program was launched in Guangzhou’s Nansha District. WeChat  (‘Weixin’ in China) is China’s largest social media network, according to Tencent Holdings, the platform had 980 million monthly active users as of late September. A […]

Pierluigi Paganini November 29, 2017
A bug in macOS High Sierra allows Root access with no password

macOS High Sierra is plagued by a vulnerability that can be exploited to gain root access to a machine with no password. An easy exploitable vulnerability in macOS 10.13, aka macOS High Sierra, could be triggered by users to gain admin rights, or log in as root, without a password. The vulnerability is exploitable via the authentication […]

Pierluigi Paganini November 25, 2017
GOLDEN SAML attack technique forges authentication to cloud apps

Golden SAML could be exploited by an attacker to create fake enterprise identities and access to valuable cloud resources. Security experts at CyberArk Labs have devised a post-intrusion attack technique dubbed Golden SAML that could be exploited by an attacker to create fake enterprise identities and forge authentication to gain access to valuable cloud resources […]

Pierluigi Paganini October 24, 2017
Credentials (UN)Management in home banking.

Introduction Out of the five main information security pillars, namely confidentiality, integrity, availability, authenticity and irrefutability, common users give more attention to the first one. But in real life even though in general people agree with the importance of backup, not many actually implement this security mechanism. What one says and what one do is […]

Pierluigi Paganini October 24, 2017
APNIC Whois-related problem led to accidental exposure of authentication data

APNIC Deputy Director General Sanjaya confirmed that Whois data were accidentally exposed online included authentication details. The Asia-Pacific Network Information Centre (APNIC) is a non-profit organization that provides Internet addressing services in the Asia-Pacific region. The APNIC made the headlines because it was informed about a Whois-related security incident that led to the exposure of […]