#jobs #incident #vulnerability #patch-management #security-tools #ai #exploit #malware #detection-engineering #phishing #cloud #aws #authentication #ransomware #breach
Articles tagged with: #2fa Clear filter
ZYXEL Authorization Bypass Vulnerability Let Attackers View and Download System Configuration

ZYXEL Authorization Bypass Vulnerability Let Attackers View and Download System Configuration

Cyber Security News cybersecuritynews.com

A critical vulnerability in Zyxel's ATP and USG series firewalls that allows attackers to bypass authorization controls and access sensitive system configurations. Dubbed CVE-2025-9133, this flaw affects devices running firmware versions up to V5.40(ABPS.0) and enables unauthorized viewing and downloading of configs even during the two-factor authentication (2FA) process. Disclosed on August 14, 2025, the

#vulnerability #authentication #patch-management #authorization #2fa
Is SSO not a good security practices?

Is SSO not a good security practices?

cybersecurity www.reddit.com

Friend of mine said that SSO (Single Sign-On) is actually convenient but it is also security risks. the reason is because if your master account is compromised then all the apps connected to SSO will be also compromised. the second reason is malware attack such as cookier stealer or session hijacking, since the SSO allow permanet cookie usage so the attacker might use this security risks to easily gain access to your account (google, facebook, microsoft, etc) without require password or 2FA...

#incident #malware #2fa #sso
Future proof password length discussion

Future proof password length discussion

cybersecurity www.reddit.com

If you must set a unique password (not dictionary) today for an important account and not update it for the next 20-30 years, assuming: we still use passwords you are a public figure no 2FA but there are also no previous leaks, no phishing, no user error, no malware on device that force a password update computing power (including AI super intelligence and quantum computers) keeps improving the password will be stored in a password manager What password length (andomly generated using upper and...

#patch-management #malware #phishing #2fa
InfoSec News Nuggets 10/15/2025

InfoSec News Nuggets 10/15/2025

AboutDFIR – The Definitive Compendium Project aboutdfir.com

New Pixnapping Attack Steals Signal Messages and 2FA Codes from Android Devices A new Android attack dubbed Pixnapping allows malicious apps to covertly capture sensitive data rendered on users' screens, including Signal messages, one-time 2FA codes, emails, location history, and financial information, without requiring a single permission. The attack affects nearly all modern Android phones

#incident #2fa
New Pixnapping Attack Steals 2FA Codes From Google Authenticator Within 30 Seconds

New Pixnapping Attack Steals 2FA Codes From Google Authenticator Within 30 Seconds

Cyber Security News cybersecuritynews.com

Pixnapping, a novel class of side-channel attacks targeting Android devices that can covertly extract sensitive screen data, including two-factor authentication (2FA) codes from Google Authenticator in under 30 seconds. This exploit leverages Android's core APIs and a hardware vulnerability in graphics processing units (GPUs), affecting nearly all modern Android phones without requiring special permissions, researchers

#exploit #incident #authentication #patch-management #2fa
New Pixnapping Android Flaw Lets Rogue Apps Steal 2FA Codes Without Permissions

New Pixnapping Android Flaw Lets Rogue Apps Steal 2FA Codes Without Permissions

The Hacker News thehackernews.com

Android devices from Google and Samsung have been found vulnerable to a side-channel attack that could be exploited to covertly steal two-factor authentication (2FA) codes, Google Maps timelines, and other sensitive data without the users' knowledge pixel-by-pixel. The attack has been codenamed Pixnapping by a group of academics from the University of California (Berkeley), University of

#incident #authentication #2fa