Enlarge (credit: The_Grim_Sleeper) Bandai Namco, publisher of the Dark Souls role-playing game series, has taken down its player-versus-player servers while it investigates reports of a serious vulnerability that allows players to execute malicious code on the PCs of fellow players. Word of the critical remote-code-execution flaw emerged over the weekend in Reddit threads here and […]
Enlarge (credit: Getty Images) A newly discovered vulnerability affecting Java versions of Minecraft makes it possible for miscreants to execute malicious code on servers and end-user devices running the wildly popular game, several websites said on Thursday. And as if a vulnerability of this magnitude in the world’s best-selling game wasn’t serious enough, the breadth […]
Enlarge / The worm says, “I’ve got root! ” (credit: Andreus / Getty Images) The Ms 365 Defender Research Team released a blog post yesterday describing a newly found macOS vulnerability that can abuse entitlement inheritance in macOS’s System Integrity Protection (SIP) to allow execution of arbitrary code with root-level privilege. The vulnerability is listed […]
Enlarge / Apple’s AirTags—as seen clipped to a backpack, above—allow users to attempt to find their own device via location rebroadcast from other Apple users. If all else fails, the user can enable a “Lost mode” intended to display their phone number when a finder scans the missing AirTag. (credit: James D. Morgan / Getty […]
Enlarge (credit: Michael Dziedzic) A public proof-of-concept (PoC) exploit has been released for the Microsoft Azure Active Directory credentials brute-forcing flaw discovered by Secureworks and first reported by Ars. The exploit enables anyone to perform both username enumeration and password brute-forcing on vulnerable Azure servers. Although Microsoft had initially called the Autologon mechanism a “design” […]
Enlarge (credit: Michael Dziedzic) Imagine having unlimited attempts to guess someone’s username and password without getting caught. That would make an ideal scenario for a stealthy threat actor—leaving server admins with little to no visibility into the attacker’s actions, let alone the possibility of blocking them. A newly discovered bug in Microsoft Azure’s Active Directory […]
Enlarge / If you own the right domain, you can intercept hundreds of thousands of innocent third parties’ email credentials, just by operating a standard webserver. (credit: Guardicore) Security researcher Amit Serper of Guardicore discovered a severe flaw in Microsoft’s autodiscover—the protocol which allows automagical configuration of an email account with only the address and […]
Enlarge (credit: Dmitry Chernyshov) A code execution bug in Apple’s macOS allows remote attackers to run arbitrary commands on your device. And the worst part is, Apple hasn’t fully patched it yet, as tested by Ars. Those shortcut files can take over your Mac Independent security researcher Park Minchan has discovered a vulnerability in the […]
Enlarge (credit: Getty Images) A security flaw in Travis CI potentially exposed secrets of thousands of open source projects that rely on the hosted continuous integration service. Travis CI is a software-testing solution used by over 900,000 open source projects and 600,000 users. However, a vulnerability in the tool made it possible for secure environment […]
Enlarge (credit: Aurich Lawson | Getty Images) Apple has released several security updates this week to patch a “FORCEDENTRY” vulnerability on iOS devices. The “zero-click, zero-day” vulnerability has been actively exploited by Pegasus, a spyware app developed by the Israeli company NSO Group, which has been known to target activists, journalists, and prominent people around […]