Security News
Today, Ivanti urged customers to patch a critical authentication bypass vulnerability impacting Virtual Traffic Manager (vTM) appliances that can let attackers create rogue administrator accounts. [...]
Elastic Security Labs has lifted the lid on a slew of methods available to attackers who want to run malicious apps without triggering Windows' security warnings, including one in use for six years. The research focused on ways to bypass Windows SmartScreen and Smart App Control, the go-to built-in protections against running potentially nasty software downloaded from the web in Windows 8 and 11 respectively.
Threat actors have been abusing a bug in how Windows handles LNK files with non-standard target paths and internal structures to prevent in-built protections from stopping malicious payloads and trick users into running them. If the file is not listed, SmartScreen will prevent the file from being executed and show a warning.
A design flaw in Windows Smart App Control and SmartScreen that enables attackers to launch programs without triggering security warnings has been under exploitation since at least 2018. [...]
Ransomware operators have been leveraging CVE-2024-37085, an authentication bypass vulnerability affecting Active Directory domain-joined VMware ESXi hypervisors, to gain full administrative access to them and encrypt their file system."ESXi is a bare-metal hypervisor that is installed directly onto a physical server and provides direct access and control of underlying resources. ESXi hypervisors host virtual machines that may include critical servers in a network," Microsoft's threat analysts explained.
Microsoft warned today that ransomware gangs are actively exploiting a VMware ESXi authentication bypass vulnerability in attacks. Ransomware groups have focused on creating lockers dedicated to encrypting ESXi VMs rather than targeting specific ESXi vulnerabilities that would provide them a quicker way of acquiring and maintaining access to a victim's hypervisors.
Hundreds of UEFI products from 10 vendors are susceptible to compromise due to a critical firmware supply-chain issue known as PKfail, which allows attackers to bypass Secure Boot and install malware. As the Binarly Research Team found, affected devices use a test Secure Boot "Master key"-also known as Platform Key-generated by American Megatrends International, which was tagged as "DO NOT TRUST" and that upstream vendors should've replaced with their own securely generated keys.
A critical-severity Docker Engine vulnerability may be exploited by attackers to bypass authorization plugins via specially crafted API request, allowing them to perform unauthorized actions, including privilege escalation. "An attacker could exploit a bypass using an API request with Content-Length set to 0, causing the Docker daemon to forward the request without the body to the AuthZ plugin, which might approve the request incorrectly," Docker Senior Security Engineer Gabriela Georgieva explained.
Docker is warning of a critical flaw impacting certain versions of Docker Engine that could allow an attacker to sidestep authorization plugins under specific circumstances. "An attacker could exploit a bypass using an API request with Content-Length set to 0, causing the Docker daemon to forward the request without the body to the AuthZ plugin, which might approve the request incorrectly," the Moby Project maintainers said in an advisory.
Docker has issued security updates to address a critical vulnerability impacting certain versions of Docker Engine that could allow an attacker to bypass authorization plugins (AuthZ) under...