The flaw is classed as an unauthenticated RCE vulnerability in Aruba ClearPass Policy Manager, which acts as a secure access gatekeeper for IoT, BYOD, and guest devices on corporate networks.

A carryover function in the node-forge JavaScript library contains a flaw that could allow attackers to carry out prototype pollution attacks against applications, according to an advisory on GitHub.

Critical flaws in MFA implementation in cloud environments where WS-Trust is enabled could allow attackers to bypass MFA and access cloud applications such as Microsoft 365, according to Proofpoint.

According to a new report published by IBM, the Mozi botnet accounted for 90% of the IoT network traffic observed between October 2019 and June 2020.

The vulnerability resides in the SSDP engine of the browser that can be exploited by attackers to target Android phones connected to the same Wi-Fi network as the attacker, with Firefox app installed.

The default login option for agents used by the Australian Taxation Office (ATO) is vulnerable to a code replay attack, security researchers Ben Frengley and Vanessa Teague said.

Mozilla has fixed a bug that can be abused to hijack all the Firefox for Android browsers on the same WiFi network and force users to access malicious sites, such as phishing pages.

Researchers lay bare the details for Zerologon, a now-patched Windows vulnerability that could have allowed access to an organization’s Active Directory domain controllers.

While repairing an old AM radio and listening to a podcast on his iPhone, researcher Doctor Cube discovered that the radio was receiving the audio from his iPhone when tuned to 950-970kHz.

The malware could steal 2FA SMS codes for Google accounts. Also contained vague functionality to do the same for Telegram and various social networks.