Atlassian has published a security advisory warning of a critical vulnerability in its Jira software that could be abused by a remote, unauthenticated attacker to circumvent authentication protections. Tracked as CVE-2022-0540, the flaw is rated 9.9 out of 10 on the CVSS scoring system and resides in Jira's authentication framework, Jira Seraph. Khoadha of Viettel Cyber … [Read more...] about Atlassian Drops Patches for Critical Jira Authentication Bypass Vulnerability
Bypass
Expert Details macOS Bug That Could Let Malware Bypass Gatekeeper Security
Apple recently fixed a security vulnerability in the macOS operating system that could be potentially exploited by a threat actor to "trivially and reliably" bypass a "myriad of foundational macOS security mechanisms" and run arbitrary code. Security researcher Patrick Wardle detailed the discovery in a series of tweets on Thursday. Tracked as CVE-2021-30853 (CVSS score: 5.5), … [Read more...] about Expert Details macOS Bug That Could Let Malware Bypass Gatekeeper Security
Malware Can Use This Trick to Bypass Ransomware Defense in Antivirus Solutions
Researchers have disclosed significant security weaknesses in popular software applications that could be abused to deactivate their protections and take control of allow-listed applications to perform nefarious operations on behalf of the malware to defeat anti-ransomware defenses. The twin attacks, detailed by academics from the University of Luxembourg and the University of … [Read more...] about Malware Can Use This Trick to Bypass Ransomware Defense in Antivirus Solutions
New Bugs Could Let Hackers Bypass Spectre Attack Mitigations On Linux Systems
Cybersecurity researchers on Monday disclosed two new vulnerabilities in Linux-based operating systems that, if successfully exploited, could let attackers circumvent mitigations for speculative attacks such as Spectre and obtain sensitive information from kernel memory. Discovered by Piotr Krysiuk of Symantec's Threat Hunter team, the flaws — tracked as CVE-2020-27170 and … [Read more...] about New Bugs Could Let Hackers Bypass Spectre Attack Mitigations On Linux Systems
Malicious Amazon Alexa Skills Can Easily Bypass Vetting Process
Researchers have uncovered gaps in Amazon's skill vetting process for the Alexa voice assistant ecosystem that could allow a malicious actor to publish a deceptive skill under any arbitrary developer name and even make backend code changes after approval to trick users into giving up sensitive information. The findings were presented on Wednesday at the Network and Distributed … [Read more...] about Malicious Amazon Alexa Skills Can Easily Bypass Vetting Process
New Hack Lets Attackers Bypass MasterCard PIN by Using Them As Visa Card
Cybersecurity researchers have disclosed a novel attack that could allow criminals to trick a point of sale terminal into transacting with a victim's Mastercard contactless card while believing it to be a Visa card. The research, published by a group of academics from the ETH Zurich, builds on a study detailed last September that delved into a PIN bypass attack, permitting bad … [Read more...] about New Hack Lets Attackers Bypass MasterCard PIN by Using Them As Visa Card
Apple Removes macOS Feature That Allowed Apps to Bypass Firewall Security
Apple has removed a controversial feature from its macOS operating system that allowed the company's own first-party apps to bypass content filters, VPNs, and third-party firewalls. Called "ContentFilterExclusionList," it included a list of as many as 50 Apple apps like iCloud, Maps, Music, FaceTime, HomeKit, the App Store, and its software update service that were routed … [Read more...] about Apple Removes macOS Feature That Allowed Apps to Bypass Firewall Security
2-Factor Authentication Bypass Flaw Reported in cPanel and WHM Software
cPanel, a provider of popular administrative tools to manage web hosting, has patched a security vulnerability that could have allowed remote attackers with access to valid credentials to bypass two-factor authentication (2FA) protection on an account. The issue, tracked as "SEC-575" and discovered by researchers from Digital Defense, has been remedied by the company in … [Read more...] about 2-Factor Authentication Bypass Flaw Reported in cPanel and WHM Software
New PIN Verification Bypass Flaw Affects Visa Contactless Payments
Even as Visa issued a warning about a new JavaScript web skimmer known as Baka, cybersecurity researchers have uncovered an authentication flaw in the company's EMV enabled payment cards that permits cybercriminals to obtain funds and defraud cardholders as well as merchants illicitly.The research, published by a group of academics from the ETH Zurich, is a PIN bypass attack … [Read more...] about New PIN Verification Bypass Flaw Affects Visa Contactless Payments
Joker Malware Apps Once Again Bypass Google’s Security to Spread via Play Store
Cybersecurity researchers took the wraps off yet another instance of Android malware hidden under the guise of legitimate applications to stealthily subscribe unsuspecting users for premium services without their knowledge.In a report published by Check Point research today, the malware — infamously called Joker (or Bread) — has found another trick to bypass Google's Play Store … [Read more...] about Joker Malware Apps Once Again Bypass Google’s Security to Spread via Play Store