Security News
Despite the absence of a critical remote code or command execution bug, the patches include a number of serious programming blunders, particularly in the context of the network security appliances where they were found. The Adaptive Security Appliance range - Cisco's fancy term for a firewall - is host to 11 of the bug fixes.
The Salt configuration tool has patched two vulnerabilities whose combined effect was to expose Salt installations to complete control by an attacker. Salt is a tool from SaltStack which has both commercial and open source editions.
A DLL side-loading vulnerability related to the Microsoft Terminal Services Client can be exploited to bypass security controls, but Microsoft says it will not be releasing a patch due to exploitation requiring elevated privileges. This allows an attacker who can replace the legitimate DLL to bypass security controls such as AppLocker, which is designed to help users control which apps and files can be run.
New research has found that it's possible to use 3D printing technology to create "Fake fingerprints" that can bypass most fingerprint scanners used by popular devices. Cisco Talos today came out with some new research regarding how these scanners can be defeated using different technologies like 3D printing, and basically looking at fingerprint scanners and the security behind them in general.
Publicised by ProtonVPN, the issue is a bypass flaw caused by iOS not closing existing connections as it establishes a VPN tunnel, affecting iOS 13.3.1 as well as the latest version. A VPN app should open a private connection to a dedicated server through which all internet traffic from the device is routed before being forwarded to the website or service someone is accessing.
Researchers said the Apple VPN bypass bug in iOS fails to terminate all existing connections and leaves a limited amount of data unprotected, such as a device's IP address, exposing it for a limited window of time. "Most connections are short-lived and will eventually be re-established through the VPN tunnel on their own. However, some are long-lasting and can remain open for minutes to hours outside the VPN tunnel," researchers explained in a technical analysis of the flaw.
Proton Technologies, the company behind the privacy-focused ProtonMail and ProtonVPN services, this week disclosed the existence of a vulnerability in Apple's iOS mobile operating system that prevents VPN applications from encrypting all traffic. When a VPN is used, the device's operating system should close all existing internet connections and reestablish them through a VPN tunnel to protect the user's data and privacy.
Over the coming weeks, a new alternative routing feature will become available across all of the ProtonMail and ProtonVPN mobile and desktop applications, the company says. "While we have largely been able to overcome censorship and attacks, it's imperative that we remain one step ahead of those who would seek to spy on people and restrict the freedom of information. Alternative routing is an additional capability which helps us ensure users can access our services," Proton says.
A threat actor - likely a state-sponsored cyberespionage group - has used a sophisticated technique to allow a piece of malware hosted on a server to communicate with command and control servers through a firewall. It's unclear exactly how the attackers planted the malware, but researchers believe they may have accessed the server through a dictionary attack on an exposed SSH port.
A vulnerability addressed by F-Secure in some of its business products could have been exploited to bypass their scanning engine using malformed archives. The patched issue is actually over a decade old - it was initially detailed in 2009 by security researcher Thierry Zoller - and resides in an anti-virus application's inability to scan a compressed archive that a user can access.