Security News

F-Secure Patches Old AV Bypass Vulnerability
2020-02-18 15:37

A vulnerability addressed by F-Secure in some of its business products could have been exploited to bypass their scanning engine using malformed archives. The patched issue is actually over a decade old - it was initially detailed in 2009 by security researcher Thierry Zoller - and resides in an anti-virus application's inability to scan a compressed archive that a user can access.

TrickBot Switches to a New Windows 10 UAC Bypass to Evade Detection
2020-02-03 12:15

The TrickBot trojan has evolved again to bolster its ability to elude detection, this time adding a feature that can bypass Windows 10 User Account Control to deliver malware across multiple workstations and endpoints on a network, researchers have discovered. Researchers at Morphisec Labs team said they discovered code last March that uses the Windows 10 WSReset UAC Bypass to circumvent user account control and deliver malware in recent samples of TrickBot, according to a report released last week.

Live Webinar | Targeted Attacks: How Sophisticated Criminals Bypass Enterprise Security Measures
2020-01-20 15:04

Though SpyCloud helped bring this particular criminal to justice, these tactics are common in targeted attacks. Targeted attacks are manual, creative, and elusive, making them one of the most difficult aspects of security and risk management.

Update now! Popular WordPress plugins have password bypass flaws
2020-01-16 13:47

Researchers have discovered password bypass vulnerabilities affecting two WordPress plugins from a publisher called Revmakx. The first vulnerable plugin is RevMakx's InfiniteWP Client, a tool that allows admins to manage multiple WordPress sites from the same interface.

Snatch Ransomware Reboots Windows in Safe Mode to Bypass Antivirus
2019-12-10 01:28

Cybersecurity researchers have spotted a new variant of the Snatch ransomware that first reboots infected Windows computers into Safe Mode and only then encrypts victims' files to avoid antivirus...

OpenBSD devs patch authentication bypass bug
2019-12-06 11:31

One of the internet's most popular free operating systems allowed attackers to bypass its authentication controls.

Severe Auth Bypass and Priv-Esc Vulnerabilities Disclosed in OpenBSD
2019-12-05 03:31

OpenBSD, an open-source operating system built with security in mind, has been found vulnerable to four new high-severity security vulnerabilities, one of which is an old-school type...

Dangerous Kubernetes Bugs Allow Authentication Bypass, DoS
2019-10-17 14:25

The flaws in the container technology, CVE-2019-16276 and CVE-2019-11253, are simple to exploit.

iPhone lockscreen bypass: iOS 13 tricked into showing your contacts
2019-09-16 11:43

This time, José Rodríguez came up with a way to trick the iOS 13 beta into showing its address book without the need to unlock the screen.

iPhone iOS 13 Lockscreen Bypass Flaw Exposes Contacts
2019-09-13 19:15

Apple will not fix the glitch until the release of iOS 13.1 later in September.