Three vulnerabilities have been disclosed, including an authentication bypass, command injection, and SQL injection, with one allowing remote execution without authentication.
The attack exploited the lack of proper authentication security when linking a new phone key to a Tesla, allowing an attacker to add a new “Phone Key” and gain unauthorized access to the vehicle.
Hackers are exploiting a critical authentication bypass vulnerability (CVE-2024-27198) in TeamCity On-Premises, leading to the creation of hundreds of unauthorized users on unpatched instances.
Multi-factor & Risk-based Authentication , Security Operations Calls Grow to Block Browser-Based Password Storage as Malware Comes Calling Mathew J. Schwartz (euroinfosec) • March 1, 2024 Hackers want you to store passwords in browsers. (Image: Shutterstock) Typing passwords is a drag. Ever-helpful browser makers and online services know this and offer to save […]
The Black Basta and Bl00dy ransomware gangs are exploiting a critical authentication bypass vulnerability (CVE-2024-1709) in unpatched ScreenConnect servers to gain admin access and deploy ransomware.
The flaw allows attackers to bypass authentication and access restricted resources on vulnerable devices. The exploitation volume is high, with over 170 distinct IP addresses attempting to exploit the vulnerability.
The authentication bypass flaw in OFBiz allows attackers to remotely execute arbitrary code and access sensitive information. Upgrading to OFBiz version 18.12.11 is crucial to patch both this zero-day vulnerability and another equally serious hole.
Attackers target user accounts without robust authentication measures, creating new OAuth apps with high privileges to ensure continued access and hide their malicious activities.
A Bluetooth authentication bypass vulnerability, tracked as CVE-2023-45866, allows attackers to connect to Apple, Android, and Linux devices and inject keystrokes to run arbitrary commands.