Network World

Easy-to-exploit authentication bypass flaw puts Netgear routers at risk

For the past half year Netgear has been working on fixing a serious and easy-to-exploit vulnerability in many of its routers. And it’s still not done. While Netgear has worked to fix the issue, the ...
Bleeping Computer

DoubleDoor Botnet Chains Exploits to Bypass Firewalls

Crooks are building a botnet that for the first time is bundling two exploits together in an attempt to bypass enterprise firewalls and infect devices. Discovered by researchers from NewSky Security, ...
Bleeping Computer

VMware warns of public exploit for critical auth bypass vulnerability

Proof-of-concept exploit code is now publicly available online for a critical authentication bypass security flaw in multiple VMware products that enables attackers to gain admin privileges. A week ...
Dark Reading

Attackers Exploit Microsoft Security-Bypass Zero-Day Bugs

Microsoft's scheduled Patch Tuesday security update for February includes fixes for two zero-day security vulnerabilities under active attack, plus 71 other flaws across a wide range of its products.
CSOonline

JSON-based SQL injection attacks trigger need to update web application firewalls

Security researchers have developed a generic technique for SQL injection that bypasses multiple web application firewalls (WAFs). At the core of the issue was WAF vendors failing to add support for ...
Network World

JavaScript-based ASLR bypass attack simplifies browser exploits

Researchers have devised a new attack that can bypass one of the main exploit mitigations in browsers: address space layout randomization (ASLR). The attack takes advantage of how modern processors ...