Security
Headlines
HeadlinesLatestCVEs

Headline

Backdoor.Win32.Prorat.lkt Hardcoded Password

Backdoor.Win32.Prorat.lkt malware suffers from a weak hardcoded password vulnerability.

Packet Storm

Related news

Backdoor.Win32.Prorat.ntz Weak Hardcoded Password

Backdoor.Win32.Prorat.ntz malware suffers from having a weak hardcoded password.

Patch now! Microsoft fixes 71 Windows vulnerabilities in October Patch Tuesday

October 2021's Patch Tuesday includes some patches to block potentially dangerous vulnerabilities. We made a selection of the most "promising" ones. Categories: Exploits and vulnerabilities Tags: microsoft patch tuesday patches vulnerabilities *( Read more... ( https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/10/patch-now-microsoft-fixes-71-windows-vulnerabilities-in-october-patch-tuesday/ ) )* The post Patch now! Microsoft fixes 71 Windows vulnerabilities in October Patch Tuesday appeared first on Malwarebytes Labs.

Microsoft Oct. Patch Tuesday Squashes 4 Zero-Day Bugs

Microsoft's October 2021 Patch Tuesday included security fixes for 74 vulnerabilities, one of which is an actively exploited zero-day.

Azure Active Directory Brute Forcer

This code is a proof-of-concept of the recently revealed Azure Active Directory password brute-forcing vulnerability announced by Secureworks.

Apple Patches Zero-Days in iOS, Known Vuln in macOS

One of the iOS vulnerabilities was discovered by Citizen Lab; the Google Threat Analysis Group reported iOS and macOS flaws.

CVE-2021-33693: SAP Security Patch Day – August 2021 - Product Security Response at SAP - Community Wiki

SAP Cloud Connector, version - 2.0, allows an authenticated administrator to modify a configuration file to inject malicious codes that could potentially lead to OS command execution.

CVE-2021-33694: SAP Security Patch Day – August 2021 - Product Security Response at SAP - Community Wiki

SAP Cloud Connector, version - 2.0, does not sufficiently encode user-controlled inputs, allowing an attacker with Administrator rights, to include malicious codes that get stored in the database, and when accessed, could be executed in the application, resulting in Stored Cross-Site Scripting.

Apple Patches Zero-Days in iOS 14.8 Update

An important security update addresses vulnerabilities in CoreGraphics and WebKit that may have been actively exploited.

Packet Storm: Latest News

Ivanti EPM Agent Portal Command Execution