security bypass – WindowsTechs.com

Microsoft patches four zero-days, finally takes action against crimeware kernel drivers

Posted on July 12, 2023 by Paul Ducklin

Here’s a brief reminder to do two things. The first is to patch. The second is to read up why it’s a good idea to patch…
Continue reading Microsoft patches four zero-days, finally takes action against crimeware kernel drivers→

Serious Security: Learning from curl’s latest bug update

Posted on May 12, 2022 by Paul Ducklin

Learn how to write plain-speaking and purposeful security advisories from one of the most widely-used open source tools in the world. Continue reading Serious Security: Learning from curl’s latest bug update→

Windows “PetitPotam” network attack – how to protect against it

Posted on July 26, 2021 by Paul Ducklin

A cute name but an annoying and potentially damaging attack. Here’s what to do. Continue reading Windows “PetitPotam” network attack – how to protect against it→

Bugs in Critical Infrastructure Gear Allow Sophisticated Cyberattacks

Posted on November 12, 2020 by Tara Seals

Security problems in Schneider Electric programmable logic controllers allow compromise of the hardware, responsible for physical plant operations. Continue reading Bugs in Critical Infrastructure Gear Allow Sophisticated Cyberattacks→

Amazon-Themed Phishing Campaigns Swim Past Security Checks

Posted on July 16, 2020 by Tara Seals

A pair of recent campaigns aim to lift credentials and other personal information under the guise of Amazon package-delivery notices. Continue reading Amazon-Themed Phishing Campaigns Swim Past Security Checks→

No password required! “Sign in with Apple” account takeover flaw patched

Posted on June 1, 2020 by Paul Ducklin

A bug bounty hunter found a way to login using “Sign in with Apple”… but without the part where you have to put in a password. Continue reading No password required! “Sign in with Apple” account takeover flaw patched→

MacOS Zero-Day Allows Trusted Apps to Run Malicious Code

Posted on June 3, 2019 by Tom Spring

Apple 0-Day allows hackers to mimic mouse-clicks to allow malicious behavior on macOS Majove, despite mitigations. Continue reading MacOS Zero-Day Allows Trusted Apps to Run Malicious Code→

Phone fingerprint scanner fooled by chewing gum packet

Posted on April 23, 2019 by Paul Ducklin

A video has surfaced claiming to show someone unlocking a Nokia 9 by tapping a gum packet against the fingerprint scanner. Continue reading Phone fingerprint scanner fooled by chewing gum packet→

Adobe Reader and Acrobat Get Patches for Two Critical Flaws

Posted on January 4, 2019 by Lucian Constantin

Adobe Systems released new security patches for Adobe Reader and Acrobat to fix two critical vulnerabilities that could allow hackers to execute malicious code on computers. Both flaws were reported privately by external researchers through Trend Micr… Continue reading Adobe Reader and Acrobat Get Patches for Two Critical Flaws→

MacOS Mojave Fixes Flaws, Yet Privacy Feature Can Be Bypassed

Posted on September 26, 2018 by Lucian Constantin

Apple’s new macOS Mojave (10.14) fixes eight vulnerabilities in the kernel and various other components. However, researchers have already found a way to bypass one of its new privacy features that restricts access to certain folders containing … Continue reading MacOS Mojave Fixes Flaws, Yet Privacy Feature Can Be Bypassed→