ZKTeco ZEM/ZMM 8.88 - Missing Authentication Vulnerability

Exploit Title: ZKTeco ZEM/ZMM 8.88 - Missing Authentication Exploit Author: RedTeam Pentesting GmbH CVE: CVE-2022-42953 Advisory: Missing Authentication in ZKTeco ZEM/ZMM Web Interface The ZKTeco time attendance device does not require authentication to use the web interface, exposing the databas...

ZKSecurity BIO 3.0.5.0_R Privilege Escalation Vulnerability

ADVISORY INFORMATION Product: ZKSecurity BIO Vendor: ZKTeco Version Affected: 3.0.5.0R CVE: CVE-2022-36634 Vulnerability: User privilege escalation CREDIT This vulnerability was discovered and researched by Caio Burgardt and Silton Santos. INTRODUCTION Based on the hybrid biometric technology and...

ZKSecurity BIO 4.1.2 SQL Injection / Code Execution

ADVISORY INFORMATION Product: ZKSecurity BIO Vendor: ZKTeco https://www.zkteco.com/en/ZKBiosecurity/ZKBioSecurityV50004.1.2 Version Affected: 4.1.2 CVE: CVE-2022-36635 Vulnerability: SQL Injection with a plus: RCE CREDIT This vulnerability was discovered and researched by Caio Burgardt and Silton...

ZKSecurity BIO 3.0.5.0_R Privilege Escalation

ADVISORY INFORMATION Product: ZKSecurity BIO Vendor: ZKTeco Version Affected: 3.0.5.0R CVE: CVE-2022-36634 Vulnerability: User privilege escalation CREDIT This vulnerability was discovered and researched by Caio Burgardt and Silton Santos. INTRODUCTION Based on the hybrid biometric technology and...

Samsung Pass licensing issue vulnerability

Samsung Pass is a secure and easy way to log in to websites and applications on cell phones using biometric technology from Samsung of South Korea.An authorization issue vulnerability exists in versions prior to Samsung Pass 4.0.00.33, which stems from improper authorization. An attacker could us...

Nationwide Facial Recognition Ban Proposed By Lawmakers

Lawmakers have proposed legislation that would indefinitely ban the use of facial recognition technology by law enforcement nationwide. The new bill comes after months of public concerns surrounding facial recognition’s implications for data privacy, government surveillance and racial bias. The...

The passwordless present: Will biometrics replace passwords forever?

When it comes to securing your sensitive, personally identifiable information against criminals who can engineer countless ways to snatch it from under your nose, experts have long recommended the use of strong, complex passwords. Using long passphrases with combinations of numbers, letters, and...

Go passwordless to strengthen security and reduce costs

We all know passwords are inherently unsecure. They’re also expensive to manage. Users struggle to remember them. It’s why we’re so passionate about eliminating passwords entirely. Passwordless solutions, such as Windows Hello, FIDO2 security keys, and the Microsoft Authenticator app, provide mor...

White House Facial Recognition Pilot Raises Privacy Alarms

Privacy advocates are up in arms after the Department of Homeland Security unveiled a facial recognition pilot program for surveilling public areas surrounding the White House. The program, outlined last week, will use biometrics to confirm the identity of various U.S. Secret Service USSS...

New Boom in Facial Recognition Tech Prompts Privacy Alarms

Somewhat quietly over the past couple of years there has been a flurry of breakthroughs in biometric technology, led by some leapfrog advances in facial recognition systems. Now facial recognition appears to be on the verge of blossoming commercially, with security use-cases paving the way. Last...

Anviz AIM CrossChex Standard 4.3 - CSV Injection

Anviz AIM CrossChex Standard 4.3 - CSV Injection Exploit Title: Anviz AIM CrossChex Standard 4.3 - CSV Injection Author: Gjoko 'LiquidWorm' Krstic @zeroscience Date: 2018-11-01 Vendor: Anviz Biometric Technology Co., Ltd. Product web page: https://www.anviz.com Affected version: 4.3.6.0 Tested on...

Anviz AIM CrossChex Standard 4.3 Excel Macro Injection

Summary Access Control and Time Attendance Management System. Complying with our self-developed fingerprint, facial, iris, etc. devices, CrossChex Standard integrates intelligent management of time attendance and relevant functions of access control. It has been widely used in many office buildin...

Anviz AIM CrossChex Standard 4.3 Excel Macro Injection

Anviz AIM CrossChex Standard 4.3 Excel Macro Injection Vendor: Anviz Biometric Technology Co., Ltd. Product web page: https://www.anviz.com Affected version: 4.3.6.0 Summary: Access Control and Time Attendance Management System. Complying with our self-developed fingerprint, facial, iris, etc...

Doctor Implanted 6 MicroChips Under His Skin to Unlock Doors and Secure Data

Biohacking could be a next big thing in this smart world. At the beginning of this month, several dozen employees of Three Square Market 32M received microchip implants in their hands during a "chip party," allowing them to log into their office computers, open doors, and pay for food and drinks,...

Samsung Galaxy S8's Facial Unlocking Feature Can Be Fooled With A Photo

Samsung launched its new flagship smartphones, the Galaxy S8 and Galaxy S8 Plus, at its Unpacked 2017 event on Wednesday in New York, with both IRIS and Facial Recognition features, making it easier for users to unlock their smartphone and signing into websites. All users need to do is simply hol...

Search Warrant Targets Fingerprints to Crack Open iPhones

Civil libertarians and security experts say a Department of Justice search warrant goes too far in seeking fingerprint data to crack open smartphones. The warrant in question would allow law enforcement to search a Lancaster, Calif., residence for an undisclosed number of smartphones. The warrant...

PayPal Wants To Integrate Password with Human Body

You would have been holding a number of online accounts for different services, but how many of you hold a different and unique password for every single account? Probably a very few of you. The majority of people have one or two passwords that are quite simple and easy to remember and comfortabl...

Time For a Change in Security Thinking, Experts Say

WASHINGTON–Security, like a lot of other things, tends to go in phases. A new attack technique is developed, vendors respond with a new defensive technology and then attackers find a way to defeat it. It has always been that way. And right now, things seem to be in one of those periodic down cycl...