Tag

Saml

All articles tagged with #saml

technology1 year ago•2 min saved

GitHub Patches Critical Authentication Bypass in Enterprise Server

GitHub has patched a critical security flaw in its Enterprise Server software that scored a 10 out of 10 on the CVSS severity scale. The vulnerability, identified as CVE-2024-4985, affects instances using SAML single sign-on with encrypted assertions, allowing attackers to gain full admin access. The issue impacts versions prior to 3.13.0, and GitHub learned about it through its bug bounty program, potentially rewarding the discoverer up to $30,000 or more.

via The Register|

#github #patch #saml

cybersecurity2 years ago•2 min saved

"Ivanti Issues Patches for Active Zero-Day Exploits in Connect Secure VPN"

Ivanti has warned of two new vulnerabilities affecting its Connect Secure, Policy Secure, and ZTA gateways, including a zero-day bug (CVE-2024-21893) being actively exploited, allowing attackers to bypass authentication and access restricted resources. Another flaw (CVE-2024-21888) enables threat actors to escalate privileges to those of an administrator. Patches and mitigation measures have been released, with over 460 compromised devices discovered on January 30 alone. The vulnerabilities have been exploited in widespread attacks targeting government, military, telecom, finance, and tech organizations, with custom malware strains deployed to steal credentials and drop additional malicious payloads.

via BleepingComputer|

#cybersecurity #ivanti #saml