Security News
Apple has removed a controversial feature from its macOS operating system that allowed the company's own first-party apps to bypass content filters, VPNs, and third-party firewalls. Called "ContentFilterExclusionList," it included a list of as many as 50 Apple apps like iCloud, Maps, Music, FaceTime, HomeKit, the App Store, and its software update service that were routed through Network Extension Framework, effectively circumventing firewall protections.
Apple has removed a contentious macOS feature that allowed some Apple apps to bypass content filters, VPNs and third-party firewalls. The feature, first uncovered in November in a beta release of the macOS Big Sur feature, was called "ContentFilterExclusionList" and included a list of at least 50 Apple apps - including Maps, Music, FaceTime, the App Store and its software update service.
Loading remotely hosted images instead of embeedding them directly into emails is one of the latest tricks employed by phishers to bypass email filters. Images have also been used for ages as a way to circumvent an email's textual content analysis but, as security technologies became more adept at extracting and analyzing content from images, phishers began trying out several tricks to make the process more difficult and time-consuming for security scanners.
A three-year-old attack technique to bypass Google's audio reCAPTCHA by using its own Speech-to-Text API has been found to still work with 97% accuracy. ReCAPTCHA is a popular version of the CAPTCHA technology that was acquired by Google in 2009.
A high-severity authentication bypass vulnerability was recently addressed in the Bouncy Castle cryptography library. Synopsys CyRC security researchers revealed this week that an authentication vulnerability they identified in the OpenBSDBcrypt class of the Java cryptography library could be abused to bypass password checks in applications relying on the library.
A severe authentication bypass vulnerability has been reported in Bouncy Castle, a popular open-source cryptography library. The.NET version of Bouncy Castle alone has been downloaded over 16,000,000 times, speaking to the seriousness of vulnerabilities in Bouncy Castle, a library relied on by developers of mission-critical applications.
A severe authentication bypass vulnerability has been reported in Bouncy Castle, a popular open-source cryptography library. The.NET version of Bouncy Castle alone has been downloaded over 16,000,000 times, speaking to the seriousness of vulnerabilities in Bouncy Castle, a library relied on by developers of mission-critical applications.
A severe authentication bypass vulnerability has been reported in Bouncy Castle, a popular open-source cryptography library. The.NET version of Bouncy Castle alone has been downloaded over 16,000,000 times, speaking to the seriousness of vulnerabilities in Bouncy Castle, a library relied on by developers of mission-critical applications.
This week, Mattermost, in coordination with Golang has disclosed 3 critical vulnerabilities within Go language's XML parser. The XML round-trip vulnerabilities listed below lurk in Golang's XML language parser encoding/xml which doesn't return reliable results when encoding and decoding XML input.
A domain spoofing email phishing campaign that very convincingly impersonates Microsoft and successfully tricks legacy secure email gateways has recently been spotted by Ironscales. Spoofed the sender's domain to make it look like the email comes from Microsoft.