Critical Aruba ClearPass RCE vulnerability exposes underlying systems

The flaw is classed as an unauthenticated RCE vulnerability in Aruba ClearPass Policy Manager, which acts as a secure access gatekeeper for IoT, BYOD, and guest devices on corporate networks.

Node.js applications open to prototype pollution attacks via legacy function in popular encryption library

A carryover function in the node-forge JavaScript library contains a flaw that could allow attackers to carry out prototype pollution attacks against applications, according to an advisory on GitHub.

New vulnerabilities allow hackers to bypass MFA for Microsoft 365

Critical flaws in MFA implementation in cloud environments where WS-Trust is enabled could allow attackers to bypass MFA and access cloud applications such as Microsoft 365, according to Proofpoint.

Mozi Botnet is responsible for most of the IoT Traffic

According to a new report published by IBM, the Mozi botnet accounted for 90% of the IoT network traffic observed between October 2019 and June 2020.

A Bug Could Let Attackers Hijack Firefox for Android via Wi-Fi Network

The vulnerability resides in the SSDP engine of the browser that can be exploited by attackers to target Android phones connected to the same Wi-Fi network as the attacker, with Firefox app installed.

Australian Taxation Office declines to fix code replay flaw within myGovID

The default login option for agents used by the Australian Taxation Office (ATO) is vulnerable to a code replay attack, security researchers Ben Frengley and Vanessa Teague said.

Firefox bug lets you hijack nearby mobile browsers via WiFi

Mozilla has fixed a bug that can be abused to hijack all the Firefox for Android browsers on the same WiFi network and force users to access malicious sites, such as phishing pages.

New Windows Vulnerability Enables Domain Takeover

New Windows Vulnerability Enables Domain Takeover - Cybersecurity news - Malware and Vulnerabilities
Researchers lay bare the details for Zerologon, a now-patched Windows vulnerability that could have allowed access to an organization’s Active Directory domain controllers.

Listening To An IPhone With AM Radio

While repairing an old AM radio and listening to a podcast on his iPhone, researcher Doctor Cube discovered that the radio was receiving the audio from his iPhone when tuned to 950-970kHz.

Iranian hacker group developed Android malware to steal 2FA SMS codes

The malware could steal 2FA SMS codes for Google accounts. Also contained vague functionality to do the same for Telegram and various social networks.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags