Security News

WhatsApp adds proxy support to help bypass Internet blocks
2023-01-05 17:19

Starting today, WhatsApp allows users to connect via proxy servers due to Internet shutdowns or if their governments block the service in their country. The new proxy support option is available to all users running the latest WhatsApp iOS and Android applications.

Hackers use CAPTCHA bypass to make 20K GitHub accounts in a month
2023-01-05 14:00

According to Palo Alto Networks Unit 42, the threat actors use a new CAPTCHA solving system, follow a more aggressive use of CPU resources for mining, and mixe 'freejacking' with the "Play and Run" technique to abuse free cloud resources. Whereas Sysdig identified 3,200 malicious accounts belonging to 'PurpleUrchin,' Unit 42 now reports that the threat actor has created and used over 130,000 accounts on the platforms since August 2019, when the first signs of its activities can be traced.

BlueNoroff APT Hackers Using New Ways to Bypass Windows MotW Protection
2022-12-27 14:57

BlueNoroff, a subcluster of the notorious Lazarus Group, has been observed adopting new techniques into its playbook that enable it to bypass Windows Mark of the Web protections. "BlueNoroff created numerous fake domains impersonating venture capital companies and banks," security researcher Seongsu Park said, adding the new attack procedure was flagged in its telemetry in September 2022.

Ghost CMS vulnerable to critical authentication bypass flaw
2022-12-23 08:12

A critical vulnerability in the Ghost CMS newsletter subscription system could allow external users to create newsletters or modify existing ones so that they contain malicious JavaScript. [...]

Comcast Xfinity accounts hacked in widespread 2FA bypass attacks
2022-12-22 19:32

Comcast Xfinity customers report their accounts being hacked in widespread attacks that bypass two-factor authentication. Similar to Gmail, Xfinity allows customers to configure a secondary email address to be used for account notifications and password resets in the event they lose access to their Xfinity account.

Ransomware Hackers Using New Way to Bypass MS Exchange ProxyNotShell Mitigations
2022-12-21 07:41

Threat actors affiliated with a ransomware strain known as Play are leveraging a never-before-seen exploit chain that bypasses blocking rules for ProxyNotShell flaws in Microsoft Exchange Server to achieve remote code execution through Outlook Web Access. "The new exploit method bypasses URL rewrite mitigations for the Autodiscover endpoint," CrowdStrike researchers Brian Pitchford, Erik Iker, and Nicolas Zilio said in a technical write-up published Tuesday.

Microsoft Details Gatekeeper Bypass Vulnerability in Apple macOS Systems
2022-12-20 05:52

Microsoft has disclosed details of a now-patched security flaw in Apple macOS that could be exploited by an attacker to get around security protections imposed to prevent the execution of malicious applications. The shortcoming, dubbed Achilles, was addressed by the iPhone maker in macOS Ventura 13, Monterey 12.6.2, and Big Sur 11.7.2, describing it as a logic issue that could be weaponized by an app to circumvent Gatekeeper checks.

Microsoft finds macOS bug that lets malware bypass security checks
2022-12-19 19:37

Apple has fixed a vulnerability attackers could leverage to deploy malware on vulnerable macOS devices via untrusted applications capable of bypassing Gatekeeper application execution restrictions. Found and reported by Microsoft principal security researcher Jonathan Bar Or, the security flaw is now tracked as CVE-2022-42821.

Microsoft: Achilles macOS bug lets hackers bypass Gatekeeper
2022-12-19 19:37

Apple has fixed a vulnerability attackers could leverage to deploy malware on vulnerable macOS devices via untrusted applications capable of bypassing Gatekeeper application execution restrictions. Apple addressed the bug in macOS 13, macOS 12.6.2, and macOS 1.7.2 one week ago, on December 13.

Researchers Detail New Attack Method to Bypass Popular Web Application Firewalls
2022-12-10 06:18

A new attack method can be used to circumvent web application firewalls of various vendors and infiltrate systems, potentially enabling attackers to gain access to sensitive business and customer information. Web application firewalls are a key line of defense to help filter, monitor, and block HTTP(S) traffic to and from a web application, and safeguard against attacks such as cross-site forgery, cross-site-scripting, file inclusion, and SQL injection.