CVE-2020-2021: PAN-OS SAML Security Bypass

On June 29, 2020, Palo Alto released information on a Security Assertion Markup Language (SAML) authentication bypass CVE-2020-2021. Palo Alto published the advisory PAN-148988 for a critical issue affecting multiple versions of PAN-OS. An Overview of the Vulnerability Description: With network access to a device running a vulnerable version of PAN-OS and configured to use…

The post CVE-2020-2021: PAN-OS SAML Security Bypass appeared first on TrustedSec.

Continue reading CVE-2020-2021: PAN-OS SAML Security Bypass

M00nD3v, HawkEye threat actor, sells malware after COVID-19 diagnosis

Key Points The information-stealing malware dubbed M00nD3v Logger was recently auctioned off on Hack Forums,  together with HakwEye Reborn.   The threat actor – operating under the alias “M00nD3v” – states that they so… Continue reading M00nD3v, HawkEye threat actor, sells malware after COVID-19 diagnosis

New privacy-preserving SSO algorithm hides user info from third parties

Over the last few decades, as the information era has matured, it has shaped the world of cryptography and made it a varied landscape. Amongst the myriad of encoding methods and cryptosystems currently available for ensuring secure data transfers and u… Continue reading New privacy-preserving SSO algorithm hides user info from third parties

Researchers create tool for protecting children’s online privacy

A University of Texas at Dallas study of 100 mobile apps for kids found that 72 violated a federal law aimed at protecting children’s online privacy. Dr. Kanad Basu, assistant professor of electrical and computer engineering in the Erik Jonsson S… Continue reading Researchers create tool for protecting children’s online privacy

New technique protects consumers from voice spoofing attacks

Researchers from CSIRO’s Data61 have developed a new technique to protect consumers from voice spoofing attacks. Fraudsters can record a person’s voice for voice assistants like Amazon Alexa or Google Assistant and replay it to impersonate that i… Continue reading New technique protects consumers from voice spoofing attacks

Analysis of the Top10 Hacktivist Operations

Key Points The most relevant hacktivist operations in the last 12 months were: #OpIceIsis, #OpChile, #OpChildSafety, #OpKillingBay and #OpBeast.  The operation #OpGeorgeFloyd, born after George Floyd was killed by police in Minneapolis in May 2020… Continue reading Analysis of the Top10 Hacktivist Operations

Does a generalization of tracking data cover up our traces on the internet?

Tracking of our browsing behavior is part of the daily routine of internet use. Companies use it to adapt ads to the personal needs of potential clients or to measure their range. Many providers of tracking services advertise secure data protection by … Continue reading Does a generalization of tracking data cover up our traces on the internet?