Security News

The financially motivated threat actors behind the Casbaneiro banking malware family have been observed making use of a User Account Control bypass technique to gain full administrative privileges on a machine, a sign that the threat actor is evolving their tactics to avoid detection and execute malicious code on compromised assets. Casbaneiro, also known as Metamorfo and Ponteiro, is best known for its banking trojan, which first emerged in mass email spam campaigns targeting the Latin American financial sector in 2018.

Adobe released an emergency ColdFusion security update that fixes critical vulnerabilities, including a fix for a new zero-day exploited in attacks. As part of today's out-of-band update, Adobe fixed three vulnerabilities: a critical RCE tracked as CVE-2023-38204, a critical Improper Access Control flaw tracked as CVE-2023-38205, and a moderate Improper Access Control flaw tracked as CVE-2023-38206.

Many still lack the necessary tools to investigate the security and organizational impact of these infections and effectively mitigate follow-on attacks - with 98% indicating better visibility into at-risk applications would significantly improve their security posture. Seemingly innocuous actions like these can inadvertently expose organizations to malware and follow-on attacks including ransomware stemming from the stolen access details.

SonicWall warned customers today to urgently patch multiple critical vulnerabilities impacting the company's Global Management System firewall management and Analytics network reporting engine software suites."This suite of vulnerabililtes, which was responsibility disclosed, includes four vulnerabilities with a CVSSv3 rating of CRITICAL, that allows an attacker to bypass authentication and could potentially result in exposure of sensitive information to an unauthorized actor," SonicWall said.

An authentication bypass vulnerability in the Arcserve Unified Data Protection enterprise data protection solution can be exploited to compromise admin accounts and take over vulnerable instances, MDSec researchers Juan Manuel Fernández and Sean Doherty have found - and have released a PoC exploit for it."At this time, Arcserve is not aware of any active attempts to exploit this vulnerability," the company said on Tuesday, when it pushed out fixes for the flaw.

Data protection vendor Arcserve has addressed a high-severity security flaw in its Unified Data Protection backup software that can let attackers bypass authentication and gain admin privileges.According to the company, Arcserve UDP is a data and ransomware protection solution designed to help customers thwart ransomware attacks, restore compromised data, and enable effective disaster recovery to ensure business continuity.

Grafana has released security fixes for multiple versions of its application, addressing a vulnerability that enables attackers to bypass authentication and take over any Grafana account that uses Azure Active Directory for authentication. Grafana is a widely used open-source analytics and interactive visualization app that offers extensive integration options with a wide range of monitoring platforms and applications.

Tired of those annoying CAPTCHA images that leave you feeling like you're solving a puzzle just to log in online? Learn how to use Apple's "CAPTCHA killer" feature called Automatic Verification in iOS 16. CAPTCHAs can be quite annoying when you just want to try to create a new account or log in to a website.

VMware has addressed multiple high-severity security flaws in vCenter Server, which can let attackers gain code execution and bypass authentication on unpatched systems. vCenter Server is the control center for VMware's vSphere suite and a server management solution that helps admins manage and monitor virtualized infrastructure.

A report from the Microsoft Defender Experts reveals a new multi-staged adversary in the middle phishing attack combined with a business email compromise attack targeting banking and financial institutions. The phishing email impersonates one of the target's trusted vendors to appear more legitimate and blend with legitimate email traffic and bypass detections, especially when an organization has policies to automatically allow emails from trusted vendors.