Security News

Fileless UAC Bypass Uses Windows Backup and Restore Utility (Threatpost)
2017-03-27 16:13

Researcher Matt Nelson disclosed another Windows UAC bypass, this one abusing the sdclt.exe backup and restore utility to execute a payload without triggering an alert.

Fileless Attack Can Bypass User Account Control in Windows 10 (SecurityWeek)
2017-03-20 20:47

App Paths Used to Bypass User Account Control in Windows 10 (SecurityWeek)
2017-03-19 14:33

Researcher Discloses Google ReCaptcha v2 Bypass (SecurityWeek)
2017-03-03 15:40

Google reCaptcha Bypass Technique Uses Google’s Own Tools (Threatpost)
2017-03-02 12:00

A proof of concept bypass of Google's CAPTCHA verification system uses Google's own web-based tools to pull off the skirting of the system.

Java, Python FTP Injection Attacks Bypass Firewalls (Threatpost)
2017-02-23 14:19

Newly disclosed FTP injection vulnerabilities in Java and Python that are fueled by rather common XML External Entity (XXE) flaws allow for firewall bypasses.

Unpatched Flaws in Python, Java Allow Firewall Bypass (SecurityWeek)
2017-02-21 13:08

App-in-the-Middle Attacks Bypass Android Sandbox: Skycure (SecurityWeek)
2017-02-17 16:53

Researchers bypass ASLR protection with simple JavaScript code (Help Net Security)
2017-02-15 20:41

A group of researchers from the Systems and Network Security Group at VU Amsterdam have discovered a way to bypass address space layout randomization (ASLR) protections of major operating systems...

Cisco Patches Authentication Bypass in Cisco Prime Home (Threatpost)
2017-02-03 15:23

Cisco patched a critical remote authentication bypass vulnerability in its Prime Home remote management tool used by service providers.