Security News

A variety of attack tools by a variety of threat actors are involved in exploiting the Pulse Secure systems, including four variants of a novel malware family FireEye/Mandiant has named SLOWPULSE. Three of the four variants of SLOWPULSE allow attackers to bypass two-factor authentication mechanisms in the VPN system. There is no information yet as to whether or which industrial or critical infrastructure sites might have been targeted.

A critical vulnerability in the VMware Carbon Black Cloud Workload appliance could be exploited to bypass authentication and take control of vulnerable systems. Carbon Black Cloud Workload is a data center security product from VMware that aims to protect critical servers and workloads hosted on vSphere, the company's cloud-computing virtualization platform.

VMware has addressed a critical vulnerability in the VMware Carbon Black Cloud Workload appliance that could allow attackers to bypass authentication after exploiting vulnerable servers. VMware Carbon Black Cloud Workload is a Linux data center security software designed to protect workloads running in virtualized environments.

Recent Linux kernel updates include patches for a couple of vulnerabilities that could allow an attacker to bypass mitigations designed to protect devices against Spectre attacks. Symantec reported on Monday that Piotr Krysiuk, a member of its Threat Hunter team, has identified two new vulnerabilities in the Linux kernel that can be exploited to bypass mitigations for the Spectre vulnerabilities.

Cybersecurity researchers on Monday disclosed two new vulnerabilities in Linux-based operating systems that, if successfully exploited, could let attackers circumvent mitigations for speculative attacks such as Spectre and obtain sensitive information from kernel memory. While CVE-2020-27170 can be abused to reveal content from any location within the kernel memory, CVE-2020-27171 can be used to retrieve data from a 4GB range of kernel memory.

Phishing sites are now using JavaScript to evade detection by checking whether a visitor is browsing the site from a virtual machine or headless device. Cybersecurity firms commonly use headless devices or virtual machines to determine if a website is used for phishing.

Security researchers with threat intelligence firm Gemini Advisory say they have observed dark web activities related to bypassing 3D Secure, which is designed to improve the security of online credit and debit card transactions. Gemini's security researchers say that vulnerabilities in earlier versions of 3DS could have been exploited to bypass security.

Cybercriminals are constantly exploring and documenting new ways to go around the 3D Secure protocol used for authorizing online card transactions. 3DS adds a layer of security for online purchases using credit or debit cards.

Germany-based cybersecurity company Genua has fast-tracked a fix for a critical flaw in one of its firewall products. Affected by the critical flaws is the GenuGate High Resistance Firewall, which Genua touts as a two-tier firewall that includes an application-level gateway and a packet filter for blocking malicious data.

Researchers have uncovered gaps in Amazon's skill vetting process for the Alexa voice assistant ecosystem that could allow a malicious actor to publish a deceptive skill under any arbitrary developer name and even make backend code changes after approval to trick users into giving up sensitive information. Amazon Alexa allows third-party developers to create additional functionality for devices such as Echo smart speakers by configuring "Skills" that run on top of the voice assistant, thereby making it easy for users to initiate a conversation with the skill and complete a specific task.