ZDNet

OpenBSD patches authentication bypass, privilege escalation vulnerabilities

OpenBSD has patched four vulnerabilities including privilege escalation flaws and a remotely exploitable authentication bypass. OpenBSD is an open source Unix operating system based on Berkeley ...
Threat Post

Microsoft Flaw Allows Full Multi-Factor Authentication Bypass

This is similar to taking a room key for a building and turning it into a skeleton key that works on every door in the building. A vulnerability in Microsoft’s Active Directory Federation Services ...
ZDNet

'Skeleton Key' malware unlocks corporate networks

The newly-discovered "Skeleton Key" malware is able to circumvent authentication on Active Directory systems, according to Dell researchers. The Dell SecureWorks Counter Threat Unit (CTU) team ...
Threat Post

Netgear Authentication Bypass Allows Router Takeover

Microsoft researchers discovered the firmware flaws in the DGN-2200v1 series router that can enable authentication bypass to take over devices and access stored credentials. Netgear has patched three ...
Bleeping Computer

Exploit released for critical VMware SSH auth bypass vulnerability

Proof-of-concept exploit code has been released for a critical SSH authentication bypass vulnerability in VMware's Aria Operations for Networks analysis tool (formerly known as vRealize Network ...
Bleeping Computer

Hackers target new MOVEit Transfer critical auth bypass bug

Threat actors are already trying to exploit a critical authentication bypass flaw in Progress MOVEit Transfer, less than a day after the vendor disclosed it. MOVEit Transfer is a managed file transfer ...
Dark Reading

GitLab Warns of Max Severity Authentication Bypass Bug

Organizations with self-hosted GitLab instances configured for SAML-based authentication might want to update immediately to new versions of the DevOps platform that the company released this week.