Security News

Microsoft issues advisory for Surface Pro 3 TPM bypass vulnerability
2021-10-19 09:12

Microsoft has published an advisory regarding a security feature bypass vulnerability impacting Surface Pro 3 tablets which could allow threat actors to introduce malicious devices within enterprise environments. Device Health Attestation is a cloud and on-premises service that validates TPM and PCR logs for endpoints and informs Mobile Device Management solutions if Secure Boot, BitLocker, and Early Launch Antimalware are enabled, Trusted Boot is correctly signed, and more.

Microsoft fixes Surface Pro 3 TPM bypass with public exploit code
2021-10-19 09:12

Microsoft has patched a security feature bypass vulnerability impacting Surface Pro 3 tablets, enabling threat actors to introduce malicious devices within enterprise environments. Device Health Attestation is a cloud and on-premises service that validates TPM and PCR logs for endpoints and informs Mobile Device Management solutions if Secure Boot, BitLocker, and Early Launch Antimalware are enabled, Trusted Boot is correctly signed, and more.

Microsoft asks admins to patch PowerShell to fix WDAC bypass
2021-10-18 13:30

Microsoft has asked system administrators to patch PowerShell 7 against two vulnerabilities allowing attackers to bypass Windows Defender Application Control enforcements and gain access to plain text credentials. PowerShell is a cross-platform solution that provides a command-line shell, a framework, and a scripting language focused on automation for processing PowerShell cmdlets.

Microsoft shares Windows 11 TPM check bypass for unsupported PCs
2021-10-06 10:27

Microsoft has published a new support webpage where they provide an official method to bypass the TPM 2.0 check and have Windows 11 installed on unsupported systems. Visit the Windows 11 software download page, select "Create tool now", and follow the installation instructions.

iOS 15 launches with 22 documented security patches – including a Face ID bypass using a “3D model”
2021-09-21 18:19

Bypass attacks against Face ID have been announced before, notably by a Vietnamese researcher who claimed in 2017 to be able to get past Face ID using a mask, and by Chinese researchers from cybersecurity company Tencent in 2019, who were able to get around Face ID's "Are you awake?" detection and unlock the device of someone who was asleep. Along with updates for the otherwise brand-new iOS 15, iPadOS 15, tvOS 15 and watchOS 8, the latest security announcements also cover iTunes, macOS, Safari and Apple's Xcode developer tools, as well as iOS 14.8 and iPadOS 14.8.

Critical Auth Bypass Bug Affect NETGEAR Smart Switches — Patch and PoC Released
2021-09-06 03:33

Networking, storage and security solutions provider Netgear on Friday issued patches to address three security vulnerabilities affecting its smart switches that could be abused by an adversary to gain full control of a vulnerable device. The flaws, which were discovered and reported to Netgear by Google security engineer Gynvael Coldwind, impact the following models -.

Cisco fixes critical authentication bypass bug with public exploit
2021-09-02 12:14

Cisco has addressed an almost maximum severity authentication bypass Enterprise NFV Infrastructure Software vulnerability with public proof-of-concept exploit code.CVE-2021-34746 is caused by incomplete validation of user-supplied input passed to an authentication script during the sign-in process which allows unauthenticated, remote attackers to log into unpatched device as an administrator.

Hackers can bypass Cisco security products in data theft attacks
2021-08-19 17:30

Cisco said that unauthenticated attackers could bypass TLS inspection filtering tech in multiple products to exfiltrate data from previously compromised servers inside customers' networks. The threat actors can exploit a vulnerability in the Server Name Identification request filtering impacting 3000 Series Industrial Security Appliances, Firepower Threat Defense, and Web Security Appliance products.

Kerberos Authentication Spoofing: Don’t Bypass the Spec
2021-08-18 13:19

Yaron Kassner, CTO at Silverfort, discusses authentication-bypass bugs in Cisco ASA, F5 Big-IP, IBM QRadar and Palo Alto Networks PAN-OS. Authentication is the front gate to security systems, so if you bypass it, you can pretty much do whatever you want. For these reasons, the authentication protocols used by security systems must be flawless.

Malware campaign uses clever 'captcha' to bypass browser warning
2021-08-17 15:00

A malware campaign uses a clever captcha prompt to trick users into bypassing browsers warnings to download the Ursnif banking trojan.Yesterday, security researcher MalwareHunterTeam shared a suspicious URL with BleepingComputer that downloads a file when attempting to watch an embedded YouTube video about a New Jersey women's prison.