Cybersecurity researchers on Monday disclosed two new vulnerabilities in Linux-based operating systems that, if successfully exploited, could let attackers circumvent mitigations for speculative attacks such as Spectre and obtain sensitive information from kernel memory. Discovered by Piotr Krysiuk of Symantec's Threat Hunter team, the flaws — tracked as CVE-2020-27170 and … [Read more...] about New Bugs Could Let Hackers Bypass Spectre Attack Mitigations On Linux Systems
Bypass
Malicious Amazon Alexa Skills Can Easily Bypass Vetting Process
Researchers have uncovered gaps in Amazon's skill vetting process for the Alexa voice assistant ecosystem that could allow a malicious actor to publish a deceptive skill under any arbitrary developer name and even make backend code changes after approval to trick users into giving up sensitive information. The findings were presented on Wednesday at the Network and Distributed … [Read more...] about Malicious Amazon Alexa Skills Can Easily Bypass Vetting Process
New Hack Lets Attackers Bypass MasterCard PIN by Using Them As Visa Card
Cybersecurity researchers have disclosed a novel attack that could allow criminals to trick a point of sale terminal into transacting with a victim's Mastercard contactless card while believing it to be a Visa card. The research, published by a group of academics from the ETH Zurich, builds on a study detailed last September that delved into a PIN bypass attack, permitting bad … [Read more...] about New Hack Lets Attackers Bypass MasterCard PIN by Using Them As Visa Card
Apple Removes macOS Feature That Allowed Apps to Bypass Firewall Security
Apple has removed a controversial feature from its macOS operating system that allowed the company's own first-party apps to bypass content filters, VPNs, and third-party firewalls. Called "ContentFilterExclusionList," it included a list of as many as 50 Apple apps like iCloud, Maps, Music, FaceTime, HomeKit, the App Store, and its software update service that were routed … [Read more...] about Apple Removes macOS Feature That Allowed Apps to Bypass Firewall Security
2-Factor Authentication Bypass Flaw Reported in cPanel and WHM Software
cPanel, a provider of popular administrative tools to manage web hosting, has patched a security vulnerability that could have allowed remote attackers with access to valid credentials to bypass two-factor authentication (2FA) protection on an account. The issue, tracked as "SEC-575" and discovered by researchers from Digital Defense, has been remedied by the company in … [Read more...] about 2-Factor Authentication Bypass Flaw Reported in cPanel and WHM Software
New PIN Verification Bypass Flaw Affects Visa Contactless Payments
Even as Visa issued a warning about a new JavaScript web skimmer known as Baka, cybersecurity researchers have uncovered an authentication flaw in the company's EMV enabled payment cards that permits cybercriminals to obtain funds and defraud cardholders as well as merchants illicitly.The research, published by a group of academics from the ETH Zurich, is a PIN bypass attack … [Read more...] about New PIN Verification Bypass Flaw Affects Visa Contactless Payments
Joker Malware Apps Once Again Bypass Google’s Security to Spread via Play Store
Cybersecurity researchers took the wraps off yet another instance of Android malware hidden under the guise of legitimate applications to stealthily subscribe unsuspecting users for premium services without their knowledge.In a report published by Check Point research today, the malware — infamously called Joker (or Bread) — has found another trick to bypass Google's Play Store … [Read more...] about Joker Malware Apps Once Again Bypass Google’s Security to Spread via Play Store
Hackers Using Google Analytics to Bypass Web Security and Steal Credit Cards
Researchers reported on Monday that hackers are now exploiting Google's Analytics service to stealthily pilfer credit card information from infected e-commerce sites.According to several independent reports from PerimeterX, Kaspersky, and Sansec, threat actors are now injecting data-stealing code on the compromised websites in combination with tracking code generated by Google … [Read more...] about Hackers Using Google Analytics to Bypass Web Security and Steal Credit Cards
Yikes! iOS 13 Coming Next Week With iPhone LockScreen Bypass Bug
Good news... next week, on September 19, Apple will roll out iOS 13, the latest version of its mobile operating system.Yes, we're excited about, but here comes the bad news...iOS 13 contains a vulnerability that could allow anyone to bypass the lockscreen protection on your iPhone and access some sensitive information.Jose Rodriguez, a Spanish security researcher, contacted The … [Read more...] about Yikes! iOS 13 Coming Next Week With iPhone LockScreen Bypass Bug
Insights Regarding the Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability
This blog post was authored by Eugenio Iavarone, Cisco PSIRT. On August 28th, 2019, Cisco published a Security Advisory titled “Cisco REST API Container for Cisco IOS XE Software Authentication Bypass Vulnerability”, disclosing an internally found vulnerability which affects the Cisco REST API container for Cisco IOS XE. An exploit could be used to bypass authentication on … [Read more...] about Insights Regarding the Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability