Security News

Grafana warns of critical auth bypass due to Azure AD integration
2023-06-24 15:18

Grafana has released security fixes for multiple versions of its application, addressing a vulnerability that enables attackers to bypass authentication and take over any Grafana account that uses Azure Active Directory for authentication. Grafana is a widely used open-source analytics and interactive visualization app that offers extensive integration options with a wide range of monitoring platforms and applications.

How to bypass CAPTCHAs online with Safari on iOS 16
2023-06-22 19:00

Tired of those annoying CAPTCHA images that leave you feeling like you're solving a puzzle just to log in online? Learn how to use Apple's "CAPTCHA killer" feature called Automatic Verification in iOS 16. CAPTCHAs can be quite annoying when you just want to try to create a new account or log in to a website.

VMware fixes vCenter Server bugs allowing code execution, auth bypass
2023-06-22 16:07

VMware has addressed multiple high-severity security flaws in vCenter Server, which can let attackers gain code execution and bypass authentication on unpatched systems. vCenter Server is the control center for VMware's vSphere suite and a server management solution that helps admins manage and monitor virtualized infrastructure.

New phishing and business email compromise campaigns increase in complexity, bypass MFA
2023-06-13 22:15

A report from the Microsoft Defender Experts reveals a new multi-staged adversary in the middle phishing attack combined with a business email compromise attack targeting banking and financial institutions. The phishing email impersonates one of the target's trusted vendors to appear more legitimate and blend with legitimate email traffic and bypass detections, especially when an organization has policies to automatically allow emails from trusted vendors.

Vivaldi is spoofing Edge Browser to bypass Bing Chat restrictions
2023-06-08 22:24

The Vivaldi Browser is now spoofing Microsoft Edge on Android devices starting today to bypass browser restrictions Microsoft placed in Bing Chat. Since Microsoft released its Bing Chat, they have restricted it so users can only use it on the Microsoft Edge Browser.

Malicious PyPI Packages Using Compiled Python Code to Bypass Detection
2023-06-01 12:16

Researchers have discovered a novel attack on the Python Package Index repository that employs compiled Python code to sidestep detection by application security tools. PYC files are compiled bytecode files that are generated by the Python interpreter when a Python program is executed.

Microsoft Details Critical Apple macOS Vulnerability Allowing SIP Protection Bypass
2023-05-31 11:57

Microsoft has shared details of a now-patched flaw in Apple macOS that could be abused by threat actors with root access to bypass security enforcements and perform arbitrary actions on affected devices. "The most straight-forward implication of a SIP bypass is that an attacker can create files that are protected by SIP and therefore undeletable by ordinary means," Microsoft researchers Jonathan Bar Or, Michael Pearse, and Anurag Bohra said.

Microsoft finds macOS bug that lets hackers bypass SIP root restrictions
2023-05-30 19:20

Apple has recently addressed a vulnerability that lets attackers with root privileges bypass System Integrity Protection to install "Undeletable" malware and access the victim's private data by circumventing Transparency, Consent, and Control security checks. Apple has patched the vulnerability in security updates for macOS Ventura 13.4, macOS Monterey 12.6.6, and macOS Big Sur 11.7.7, released two weeks ago, on May 18.

D-Link fixes auth bypass and RCE flaws in D-View 8 software
2023-05-25 16:57

D-Link has fixed two critical-severity vulnerabilities in its D-View 8 network management suite that could allow remote attackers to bypass authentication and execute arbitrary code.D-View is a network management suite developed by the Taiwanese networking solutions vendor D-Link, used by businesses of all sizes for monitoring performance, controlling device configurations, creating network maps, and generally making network management and administration more efficient and less time-consuming.

CISA warns of Samsung ASLR bypass flaw exploited in attacks
2023-05-19 19:07

CISA warned today of a security vulnerability affecting Samsung devices used in attacks to bypass Android address space layout randomization protection. The exposed info can be used by local attackers with high privileges to conduct an ASLR bypass which could enable the exploitation of memory-management issues.