Apple removes feature that allowed its apps to bypass macOS firewalls and VPNs

Apple has removed a controversial feature from the macOS operating system that allowed 53 of Apple’s own apps to bypass third-party firewalls, security tools, and VPN apps installed by users for their protection. Known as the ContentFilterExclusionList, the list was Read More …

CISCO says it won’t patch 74 security bugs in older RV routers that reached EOL

Networking equipment vendor Cisco said yesterday it was not going to release firmware updates to fix 74 vulnerabilities that had been reported in its line of RV routers, which had reached end-of-life (EOL). Affected devices include Cisco Small Business RV110W, Read More …

Sophisticated Hacks Against Android, Windows Reveal Zero-Day Trove

Google researchers have detailed a major hacking campaign that was detected in early 2020, which mounted a series of sophisticated attacks, some using zero-day flaws, against Windows and Android platforms. Working together, researchers from Google Project Zero and the Google Read More …

Critical Microsoft Defender Bug Actively Exploited; Patch Tuesday Offers 83 Fixes

Microsoft addressed 10 critical bugs, one under active exploit and another publicly known, in its January Patch Tuesday roundup of fixes. In total it patched 83 vulnerabilities. The most serious bug is a flaw in Microsoft’s Defender anti-malware software that Read More …

Investigation launched into vulnerabilities found within US Judiciary case file system

The United States Judiciary has announced an audit into its systems, following concerns its case file system has been compromised. In making the announcement, the Judiciary said the Administrative Office of the US Courts was working with the Department of Read More …

Windows PsExec zero-day vulnerability gets a free micropatch

A free micropatch fixing a local privilege escalation (LPE) vulnerability in Microsoft’s Windows PsExec management tool is now available through the 0patch platform. PsExec is a fully interactive telnet-replacement that allows system admins to execute programs on remote systems. PsExec Read More …

Backdoor account discovered in more than 100,000 Zyxel firewalls, VPN gateways

More than 100,000 Zyxel firewalls, VPN gateways, and access point controllers contain a hardcoded admin-level backdoor account that can grant attackers root access to devices via either the SSH interface or the web administration panel. The backdoor account, discovered by Read More …