Security News
Cisco says that a new authentication bypass flaw affecting multiple small business VPN routers will not be patched because the devices have reached end-of-life. "A successful exploit could allow the attacker to bypass authentication and access the IPSec VPN network," Cisco explained in a security advisory issued on Wednesday.
A new phishing-as-a-service toolkit dubbed EvilProxy is being advertised on the criminal underground as a means for threat actors to bypass two-factor authentication protections employed against online services. "EvilProxy actors are using reverse proxy and cookie injection methods to bypass 2FA authentication - proxifying victim's session," Resecurity researchers said in a Monday write-up.
Resecurity has recently identified a new Phishing-as-a-Service called EvilProxy advertised in the Dark Web. While the incident with Twilio is solely related to the supply chain, cybersecurity risks obviously lead to attacks against downstream targets, the productized underground service like EvilProxy enables threat actors to attack users with enabled MFA on the largest scale without the need to hack upstream services.
A business email compromise scheme targeting CEOs and CFOs using Microsoft Office 365 combines phishing with a man-in-the-middle attack to bypass multi-factor authentication. These attacks take advantage of a Microsoft 365 design flaw that allows miscreants to compromise accounts with MFA enabled and achieve persistence in victims' systems by adding a new, compromised, authentication method allowing them to come back at any time.
Active adversaries are increasingly exploiting stolen session cookies to bypass multi-factor authentication and gain access to corporate resources, according to Sophos. "Over the past year, we've seen attackers increasingly turn to cookie theft to work around the growing adoption of MFA. Attackers are turning to new and improved versions of information stealing malware like Raccoon Stealer to simplify the process of obtaining authentication cookies, also known as access tokens," said Sean Gallagher, principal threat researcher, Sophos.
In a sign that malicious actors continue to find ways to work around Google Play Store security protections, researchers have spotted a previously undocumented Android dropper trojan that's currently in development. Dubbed BugDrop by the Dutch security firm, the dropper app is explicitly designed to defeat new features introduced in the upcoming version of Android that aim to make it difficult for malware to request Accessibility Services privileges from victims.
A security feature bypass vulnerability has been uncovered in three signed third-party Unified Extensible Firmware Interface boot loaders that allow bypass of the UEFI Secure Boot feature. "These vulnerabilities can be exploited by mounting the EFI System Partition and replacing the existing bootloader with the vulnerable one, or modifying a UEFI variable to load the vulnerable loader instead of the existing one," hardware security firm Eclypsium said in a report shared with The Hacker News.
Some signed third-party bootloaders for the Unified Extensible Firmware Interface could allow attackers to execute unauthorized code in an early stage of the boot process, before the operating system loads. Eclypsium security researchers Mickey Shkatov and Jesse Michael discovered vulnerabilities affecting UEFI bootloaders from third-party vendors that could be exploited to bypass the Secure Boot feature on Windows machines.
An authentication bypass Zimbra security vulnerability is actively exploited to compromise Zimbra Collaboration Suite email servers worldwide. Zimbra is an email and collaboration platform used by more than 200,000 businesses from over 140 countries, including over 1,000 government and financial organizations.
Proof-of-concept exploit code is now publicly available online for a critical authentication bypass security flaw in multiple VMware products that enables attackers to gain admin privileges.A week ago, VMware released updates to address the vulnerability affecting VMware Workspace ONE Access, Identity Manager, and vRealize Automation.