Tag Archives: Web Security

Permissions Flaw Found Azure AD Connect

A permissions flaw in Microsoft’s Azure AD Connect software could allow a rogue admin to escalate account privileges and gain unauthorized universal access within a company’s internal network. 

Read More

19-Year-Old TLS Vulnerability Weakens Modern Website Crypto

New research shows how an old vulnerability called ROBOT can be exploited using an adaptive chosen-ciphertext attack to reveal the plaintext for a given TLS session.

Read More

Banking Apps Found Vulnerable to MITM Attacks

Using a free tool called Spinner, researchers identified certificate pinning vulnerabilities in mobile banking apps that left customers vulnerable to man-in-the-middle attacks.

Read More

Cisco Patches Critical Playback Bugs in WebEx Players

A Cisco Systems security advisory is urging users of its WebEx platform to patch six vulnerabilities that could allow attackers to execute remote code.

Read More

SAML Post-Intrusion Attack Mirrors ‘Golden Ticket’

A proof-of-concept attack demonstrates how adversaries can abuse the Security Assertion Markup Language framework to go unnoticed and assume multiple user identities.

Read More