Security News

20% of malware attacks bypass antivirus protection
2023-07-13 04:00

Many still lack the necessary tools to investigate the security and organizational impact of these infections and effectively mitigate follow-on attacks - with 98% indicating better visibility into at-risk applications would significantly improve their security posture. Seemingly innocuous actions like these can inadvertently expose organizations to malware and follow-on attacks including ransomware stemming from the stolen access details.

SonicWall warns admins to patch critical auth bypass bugs immediately
2023-07-12 20:08

SonicWall warned customers today to urgently patch multiple critical vulnerabilities impacting the company's Global Management System firewall management and Analytics network reporting engine software suites."This suite of vulnerabililtes, which was responsibility disclosed, includes four vulnerabilities with a CVSSv3 rating of CRITICAL, that allows an attacker to bypass authentication and could potentially result in exposure of sensitive information to an unauthorized actor," SonicWall said.

PoC for Arcserve UDP authentication bypass flaw published (CVE-2023-26258)
2023-06-29 11:08

An authentication bypass vulnerability in the Arcserve Unified Data Protection enterprise data protection solution can be exploited to compromise admin accounts and take over vulnerable instances, MDSec researchers Juan Manuel Fernández and Sean Doherty have found - and have released a PoC exploit for it."At this time, Arcserve is not aware of any active attempts to exploit this vulnerability," the company said on Tuesday, when it pushed out fixes for the flaw.

Exploit released for new Arcserve UDP auth bypass vulnerability
2023-06-28 20:50

Data protection vendor Arcserve has addressed a high-severity security flaw in its Unified Data Protection backup software that can let attackers bypass authentication and gain admin privileges.According to the company, Arcserve UDP is a data and ransomware protection solution designed to help customers thwart ransomware attacks, restore compromised data, and enable effective disaster recovery to ensure business continuity.

Grafana warns of critical auth bypass due to Azure AD integration
2023-06-24 15:18

Grafana has released security fixes for multiple versions of its application, addressing a vulnerability that enables attackers to bypass authentication and take over any Grafana account that uses Azure Active Directory for authentication. Grafana is a widely used open-source analytics and interactive visualization app that offers extensive integration options with a wide range of monitoring platforms and applications.

How to bypass CAPTCHAs online with Safari on iOS 16
2023-06-22 19:00

Tired of those annoying CAPTCHA images that leave you feeling like you're solving a puzzle just to log in online? Learn how to use Apple's "CAPTCHA killer" feature called Automatic Verification in iOS 16. CAPTCHAs can be quite annoying when you just want to try to create a new account or log in to a website.

VMware fixes vCenter Server bugs allowing code execution, auth bypass
2023-06-22 16:07

VMware has addressed multiple high-severity security flaws in vCenter Server, which can let attackers gain code execution and bypass authentication on unpatched systems. vCenter Server is the control center for VMware's vSphere suite and a server management solution that helps admins manage and monitor virtualized infrastructure.

New phishing and business email compromise campaigns increase in complexity, bypass MFA
2023-06-13 22:15

A report from the Microsoft Defender Experts reveals a new multi-staged adversary in the middle phishing attack combined with a business email compromise attack targeting banking and financial institutions. The phishing email impersonates one of the target's trusted vendors to appear more legitimate and blend with legitimate email traffic and bypass detections, especially when an organization has policies to automatically allow emails from trusted vendors.

Vivaldi is spoofing Edge Browser to bypass Bing Chat restrictions
2023-06-08 22:24

The Vivaldi Browser is now spoofing Microsoft Edge on Android devices starting today to bypass browser restrictions Microsoft placed in Bing Chat. Since Microsoft released its Bing Chat, they have restricted it so users can only use it on the Microsoft Edge Browser.

Malicious PyPI Packages Using Compiled Python Code to Bypass Detection
2023-06-01 12:16

Researchers have discovered a novel attack on the Python Package Index repository that employs compiled Python code to sidestep detection by application security tools. PYC files are compiled bytecode files that are generated by the Python interpreter when a Python program is executed.