Severe Auth Bypass and Priv-Esc Vulnerabilities Disclosed in OpenBSD

Posted by & filed under Security Alerts.

OpenBSD, an open-source operating system built with security in mind, has been found vulnerable to four new high-severity security vulnerabilities, one of which is an old-school type authentication bypass vulnerability in BSD Auth framework. The other three vulnerabilities are privilege escalation issues that could allow local users or malicious software to gain privileges of an… Read more »

New Mac Malware Exploits GateKeeper Bypass Bug that Apple Left Unpatched

Posted by & filed under Security Alerts.

Cybersecurity researchers from Intego are warning about possible active exploitation of an unpatched security vulnerability in Apple’s macOS Gatekeeper security feature details and PoC for which were publicly disclosed late last month. Intego team last week discovered four samples of new macOS malware on VirusTotal that leverage the GateKeeper bypass vulnerability to execute untrusted code on macOS… Read more »

Android Malware Bypasses 2FA by Stealing One-Time Passwords

Posted by & filed under Security Alerts.

Researchers monitoring malware that affects Android devices discovered malicious apps that can steal one-time passwords (OTP) from the notification system. This development bypasses Google’s ban on apps that access SMS and call logs without justification. Google enforced the restriction earlier this year specifically to lower the risk of sensitive permissions where they are not necessary. In theory,… Read more »