New TLS Attack Lets Attackers Launch Cross-Protocol Attacks Against Secure Sites – Tempemail

Researchers have disclosed a new type of attack that exploits misconfigurations in transport layer security (TLS) servers to redirect HTTPS traffic from a victim’s web browser to a different TLS service endpoint located on another IP address to steal sensitive information. The attacks have been dubbed ALPACA, short for “Application Continue Reading

Shifting the focus from reactive to proactive, with human-led secure coding – Tempemail

The same 10 software vulnerabilities have caused more security breaches in the last 20+ years than any others. And yet, many businesses still opt for post-breach, post-event remediation, muddling through the human and business ramifications of it all. But now, a new research study points to a new, human-led direction. Continue Reading

Chinese Cyber Espionage Hackers Continue to Target Pulse Secure VPN Devices – Tempemail

Cybersecurity researchers from FireEye unmasked additional tactics, techniques, and procedures (TTPs) adopted by Chinese threat actors who were recently found abusing Pulse Secure VPN devices to drop malicious web shells and exfiltrate sensitive information from enterprise networks. FireEye’s Mandiant threat intelligence team, which is tracking the cyberespionage activity under two Continue Reading

New High-Severity Vulnerability Reported in Pulse Connect Secure VPN – Tempemail

Ivanti, the company behind Pulse Secure VPN appliances, has published a security advisory for a high severity vulnerability that may allow an authenticated remote attacker to execute arbitrary code with elevated privileges. “Buffer Overflow in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse Continue Reading

Is Single Sign-On Enough to Secure Your SaaS Applications? – Tempemail

If there’s one thing all great SaaS platforms share in common, it’s their focus on simplifying the lives of their end-users. Removing friction for users in a safe way is the mission of single sign-on (SSO) providers. With SSO at the helm, users don’t have to remember separate passwords for Continue Reading

Critical Patch Out for Month-Old Pulse Secure VPN 0-Day Under Attack – Tempemail

Ivanti, the company behind Pulse Secure VPN appliances, has released a security patch to remediate a critical security vulnerability that was found being actively exploited in the wild by at least two different threat actors. Tracked as CVE-2021-22893 (CVSS score 10), the flaw concerns “multiple use after free” issues in Continue Reading

Hackers Exploit Unpatched Pulse Secure 0-Day to Breach Organizations – Tempemail

If the Pulse Connect Secure gateway is part of your organization network, you need to be aware of a newly discovered critical zero-day authentication bypass vulnerability (CVE-2021-22893) that is currently being exploited in the wild and for which there is no patch yet. At least two threat actors have been Continue Reading

Facebook data leak: Australians urged to check and secure social media accounts | Facebook

Australians are being urged to secure their social media accounts after the details of more than 500 million global Facebook users were found online in a massive data breach. The details published freely online included names, phone numbers, email addresses, account IDs and bios. In a statement, Facebook said the Continue Reading

Learn How to Manage and Secure Active Directory Service Accounts – Tempemail

There are many different types of accounts in a typical Active Directory environment. These include user accounts, computer accounts, and a particular type of account called a service account. A service account is a special type of account that serves a specific purpose for services, and ultimately, applications in the Continue Reading