Security News

US Treasury: Russia may bypass sanctions using ransomware payments
2022-03-09 16:41

The Treasury Department's Financial Crimes Enforcement Network warned U.S. financial institutions this week to keep an eye out for attempts to evade sanctions and US-imposed restrictions following Russia's invasion of Ukraine. FinCEN said [PDF] that it's critical to "Identify and quickly report suspicious activity associated with potential sanctions evasion, and conduct appropriate risk-based customer due diligence or, where required, enhanced due diligence."

Experts Create Apple AirTag Clone That Can Bypass Anti-Tracking Measures
2022-02-28 02:01

Cybersecurity researchers have managed to build a clone of Apple Airtag that circumvents the anti-stalking protection technology built into its Find My Bluetooth-based tracking protocol. The result is a stealth AirTag that can successfully track an iPhone user for over five days without triggering a tracking notification, Positive Security's co-founder Fabian Bräunlein said in a deep-dive published last week.

Microsoft fixes Defender flaw letting hackers bypass antivirus scans
2022-02-11 00:20

Microsoft has recently addressed a weakness in the Microsoft Defender Antivirus on Windows that allowed attackers to plant and execute malicious payloads without triggering Defender's malware detection engine. After finding out what folders were added to the antivirus exclusion list, attackers could deliver and execute malware from an excluded folder on a compromised Windows system without having to fear that its malicious payload will be detected and neutralized.

Phishing kits that bypass MFA protection are growing in popularity
2022-02-04 11:39

The increased use of multi-factor authentication has pushed developers of phishing kits to come up with ways to bypass that added account protection measure. Proofpoint researchers have flagged three such phishing kits: Modlishka, Muraena/Necrobrowser, and Evilginx2.

Low-Detection Phishing Kits Increasingly Bypass MFA
2022-02-03 22:10

More and more phishing kits are focusing on bypassing multi-factor authentication methods, researchers have warned - typically by stealing authentication tokens via a man-in-the-middle attack. According to an analysis from Proofpoint, MFA-bypass phishing kits are proliferating rapidly, "Ranging from simple open-source kits with human readable code and no-frills functionality to sophisticated kits utilizing numerous layers of obfuscation and built-in modules that allow for stealing usernames, passwords, MFA tokens, Social Security numbers and credit-card numbers."

Cryptocoin broker Crypto.com says 2FA bypass led to $35m theft
2022-01-21 19:25

Details of how the crooks pulled off the attack aren't given in the report, which says simply that "Transactions were being approved without the 2FA authentication control being inputted by the user." What the report doesn't explain, or even mention, is whether 2FA codes were entered by someone - albeit not by customers themselves - in order to authorise the fraudulent withdrawals, or whether the 2FA part of the authentication process was somehow bypassed entirely.

Box 2FA Bypass Opens User Accounts to Attack
2022-01-19 18:30

Clearly, the stakes are high - gaining access to a Box account could give cyberattackers access to a vast array of sensitive documents and data for both individuals and organizations. When a user goes to log on with his or her credentials, Box generates the cookies and the user is asked to navigate to an SMS verification page, where the person is instructed to enter a one-time passcode sent to an enrolled mobile phone.

Researchers Bypass SMS-based Multi-Factor Authentication Protecting Box Accounts
2022-01-18 06:40

Cybersecurity researchers have disclosed details of a now-patched bug in Box's multi-factor authentication mechanism that could be abused to completely sidestep SMS-based login verification. "Using this technique, an attacker could use stolen credentials to compromise an organization's Box account and exfiltrate sensitive data without access to the victim's phone," Varonis researchers said in a report shared with The Hacker News.

Zoho patches new critical authentication bypass in Desktop Central
2022-01-17 18:04

Zoho has addressed a new critical severity vulnerability that affects the company's Desktop Central and Desktop Central MSP unified endpoint management solutions. ManageEngine Desktop Central is an endpoint management platform that allows admins to deploy patches and software over the network and troubleshoot them remotely.

Microsoft Defender weakness lets hackers bypass malware detection
2022-01-13 18:08

Threat actors can take advantage of a weakness that affects Microsoft Defender antivirus on Windows to learn locations excluded from scanning and plant malware there. Like any antivirus solution, Microsoft Defender lets users add locations on their systems that should be excluded from malware scans.