#bypass Archives - Alireza Gharib Blog

January 9, 2025

CVE-2024-54010 – Aruba Networking CX 10000 Series Switches ICMP and UDP Packet Forwarding Vulnerability

CVE ID : CVE-2024-54010 Published : Jan. 8, 2025, 9:15 p.m. | 29 minutes ago Description : A vulnerability in the firewall component of HPE Aruba Networking CX 10000 Series Switches exists. It could allow an unauthenticated adjacent attacker to conduct a packet forwarding attack against the ICMP and UDP protocol. For this attack to be…

CVE, Cybersecurity, Cybersecurity awareness, Security, Threat Intelligence

#attack, #author, #bypass, #cve, #cybersecurity, #data, #security, #un
January 9, 2025

CVE-2024-13189 – ZeroWdd MyBlog Remote File Permission Bypass Vulnerability

CVE ID : CVE-2024-13189 Published : Jan. 8, 2025, 8:15 p.m. | 1 hour, 28 minutes ago Description : A vulnerability classified as critical has been found in ZeroWdd myblog 1.0. This affects an unknown part of the file src/main/java/com/wdd/myblog/config/MyBlogMvcConfig.java. The manipulation leads to permission issues. It is possible to initiate the attack remotely. The exploit has…

CVE, Cybersecurity, Cybersecurity awareness, Security, Threat Intelligence

#attack, #bypass, #cve, #cybersecurity, #file, #remote, #security, #un
January 9, 2025

SonicWall urges admins to patch exploitable SSLVPN bug immediately

SonicWall urges admins to patch exploitable SSLVPN bug immediately SonicWall is emailing customers urging them to upgrade their firewall’s SonicOS firmware to patch an authentication bypass vulnerability in SSL VPN and SSH management that is “susceptible to actual ex … Read more Published Date: Jan 08, 2025 (2 hours, 27 minutes ago) Vulnerabilities has been mentioned in this…

CVE, Cybersecurity, Cybersecurity awareness, Security, Threat Intelligence

#bug, #bypass, #cve, #cybersecurity, #go, #management, #security
January 9, 2025

12 Months of Fighting Cybercrime & Defending Enterprises | SentinelLABS 2024 Review

From ransomware repurposed for espionage to increased exploitation of cloud platforms, learn about the key trends from SentinelLABS research in 2024. From the convergence of cybercrime and nation-state espionage to the strategic misuse of trusted platforms like Microsoft Azure and SaaS APIs, the cybersecurity landscape has grown more complex than ever in 2024. SentinelLABS has…

#attack, #azure, #bypass, #innovation, #tech
January 9, 2025

LABScon24 Replay | PKfail: Supply-Chain Failures in Secure Boot Key Management

Binarly’s Alex Matrosov and Fabio Pagani present PKfail, a firmware supply-chain security issue affecting major device vendors and hundreds of device models. Modern computing heavily relies on establishing and maintaining trust, which begins with trusted foundations and extends through operating systems and applications in a chain-like manner. This ensures that end users can confidently rely…

#attack, #author, #bypass, #secure, #tech
January 9, 2025

BlueNoroff Hidden Risk | Threat Actor Targets Macs with Fake Crypto News and Novel Persistence

SentinelLabs has observed a suspected DPRK threat actor targeting Crypto-related businesses with novel multi-stage malware. Executive Summary SentinelLabs has observed a suspected DPRK threat actor targeting Crypto-related businesses with novel multi-stage malware. We assess with high confidence that the same actor is responsible for earlier attacks attributed to BlueNoroff and the RustDoor/ThiefBucket and RustBucket campaigns.…

#attack, #author, #browser, #bypass, #tech
January 9, 2025

ZDI Threat Hunting 2024: Highlights, Trends, & Challenges

Reflecting on 2024, it has been an eventful year for the Zero Day Initiative Threat Hunting team. Throughout the year, we identified numerous threat actor campaigns exploiting zero-day vulnerabilities, uncovered additional variants of these vulnerabilities, and discovered even more vulnerabilities through our in-the-wild research. In this blog, we will highlight some of the key achievements…

Cybersecurity, Security, Vulnerabilities

#82, #attack, #browser, #bypass, #cybersecurity, #security, #tech, #zero_day
January 8, 2025

Zloader Banking a new Malware attack can be bypass Microsoft Signature Verification.

A ZLoader malware campaign is exploiting a nine-year-old flaw in Microsoft’s digital signature verification to steal credentials and sensitive information using remote monitoring tools. According to Check Point Research, which has been tracking the sophisticated infection chain since November 2021, it has been attributed to a cybercriminal group dubbed MalSmoke, citing similarities with previous attacks.…

CyberCrime, CyberManiac, Cybersecurity, Cybersecurity awareness, Security Awareness, Threat Intelligence

#attack, #bypass, #cyber-crime, #cyber-crime-news, #malware, #microsoft

Tag: #bypass