System Integrity | Breaking Cybersecurity News | The Hacker News

Mitel has released security updates to address a critical security flaw in MiVoice MX-ONE that could allow an attacker to bypass authentication protections. "An authentication bypass vulnerability has been identified in the Provisioning Manager component of Mitel MiVoice MX-ONE, which, if successfully exploited, could allow an unauthenticated attacker to conduct an authentication bypass attack due to improper access control," the company said in an advisory released Wednesday. "A successful exploit of this vulnerability could allow an attacker to gain unauthorized access to user or admin accounts in the system." The shortcoming, which is yet to be assigned a CVE identifier, carries a CVSS score of 9.4 out of a maximum of 10.0. It affects MiVoice MX-ONE versions from 7.3 (7.3.0.0.50) to 7.8 SP1 (7.8.1.0.14). Patches for the issue have been made available in MXO-15711_78SP0 and MXO-15711_78SP1 for MX-ONE versions 7.8 and 7.8 SP1, respectively. Customers using M...

A new attack technique could be used to bypass Microsoft's Driver Signature Enforcement (DSE) on fully patched Windows systems, leading to operating system (OS) downgrade attacks. "This bypass allows loading unsigned kernel drivers, enabling attackers to deploy custom rootkits that can neutralize security controls, hide processes and network activity, maintain stealth, and much more," SafeBreach researcher Alon Leviev said in a report shared with The Hacker News. The latest findings build on an earlier analysis that uncovered two privilege escalation flaws in the Windows update process ( CVE-2024-21302 and CVE-2024-38202 ) that could be weaponized to rollback an up-to-date Windows software to an older version containing unpatched security vulnerabilities. The exploit materialized in the form of a tool dubbed Windows Downdate, which, per Leviev, could be used to hijack the Windows Update process to craft fully undetectable, persistent, and irreversible downgrades on...