Security News

Mozilla Offering Rewards for Bypassing Firefox Exploit Mitigations
2020-08-21 12:58

Mozilla announced on Thursday that it has expanded its bug bounty program with a new category that focuses on bypass methods for the exploit mitigations, security features and defense-in-depth measures in Firefox. Mozilla says mitigation bypasses have until now been classified as low- or moderate-severity issues, but they are now eligible for a reward associated with a high-severity flaw as part of the new Exploit Mitigation Bug Bounty.

Week in review: MacOS ransomware, attackers bypassing WAFs, how to select a SIEM solution
2020-07-05 13:10

How do I select a SIEM solution for my business?To select an appropriate SIEM solution for your business, you need to think about a variety of factors. New EvilQuest macOS ransomware is a smokescreen for other threatsA new piece of ransomware dubbed EvilQuest is being delivered bundled up with pirated versions of popular macOS software, researchers warned.

Week in review: EasyJet breach, shadow IT risks, phishers bypassing Office 365 MFA
2020-05-24 07:00

Over half of security leaders still rely on spreadsheetsSenior security leaders within financial services companies are being challenged with a lack of trusted data to make effective security decisions and reduce their risk from cyber incidents, according to Panaseer. Security threats associated with shadow ITAs cyber threats and remote working challenges linked to COVID-19 continue to rise, IT teams are increasingly pressured to keep organizations' security posture intact.

Cisco Research Shows High Success Rate in Bypassing Fingerprint Authentication
2020-04-08 13:38

Cisco has conducted a research project on bypassing fingerprint authentication systems and it achieved a success rate of roughly 80 percent, but the company's experts were unsuccessful against Windows devices. In the case of mobile phones, the researchers bypassed fingerprint authentication on a majority of devices.

Unlocking news: We decrypt those cryptic headlines about Scottish cops bypassing smartphone encryption
2020-01-17 08:34

Police Scotland to roll out encryption bypass technology, as one publication reported this week, causing some Register readers to silently mouth: what the hell? "The technology allows specially trained officers to triage mobile devices to determine if they contain information which may be of value to a police investigation or incident," the Scottish cops say of the program.

Updated your WordPress plugins lately? Here are 320,000 auth-bypassing reasons why you should
2020-01-15 00:15

A pair of widely used WordPress plugins need to be patched on more than 320,000 websites to close down vulnerabilities that can be exploited to gain admin control of the web publishing software. The team at WebArx, a security firm specializing in WordPress and other CRM and publishing platforms, took credit for discovering and reporting the flaws in WP Time Capsule and InfiniteWP. Both plugins were patched earlier this month by the developer, and updates should be applied.

Chinese Hackers Bypassing Two-Factor Authentication
2019-12-26 12:19

Interesting story of how a Chinese state-sponsored hacking group is bypassing the RSA SecurID two-factor authentication system. How they did it remains unclear; although, the Fox-IT team has their...

Hackers bypassing some types of 2FA security FBI warns
2019-10-11 11:13

Some types of 2FA security can no longer be guaranteed to keep the bad guys out, the FBI warned US companies.

FBI: Cybercriminals Are Bypassing Multifactor Authentication
2019-10-09 14:48

Threat Actors Using Social Engineering, Other Technical Techniques to Circumvent MFA ProtectionsThe FBI is warning banks, businesses and other organizations that cybercriminals are using social...

Bypassing Apple FaceID's Liveness Detection Feature
2019-08-15 11:19

Apple's FaceID has a liveness detection feature, which prevents someone from unlocking a victim's phone by putting it in front of his face while he's sleeping. That feature has been hacked:...