Security
Headlines
HeadlinesLatestCVEs

Tag

#cisco

Microsoft Releases Updates to Patch Critical Flaws in Windows and Other Software

Microsoft has rolled out fixes for its Windows operating system and other software components to remediate major security shortcomings as part of Patch Tuesday updates for June 2023. Of the 73 flaws, six are rated Critical, 63 are rated Important, two are rated Moderated, and one is rated Low in severity. This also includes three issues the tech giant addressed in its Chromium-based Edge browser

The Hacker News
Open in Source
#vulnerability#web#android#windows#google#microsoft#ubuntu#linux#debian#cisco#red_hat#git#oracle#wordpress#rce#vmware#lenovo#samsung#auth#ibm#dell#zero_day#chrome#firefox#sap#The Hacker News
Microsoft fixes six critical vulnerabilities in June Patch Tuesday

Categories: Exploits and vulnerabilities Categories: News Tags: Microsoft Tags: patch Tuesday Tags: CVE-2023-29357 Tags: CVE-2023-29363 Tags: CVE-2023-32014 Tags: CVE-2023-32015 Tags: CVE-2023-32013 Tags: CVE-2023-24897 Tags: CVE-2023-32031 Tags: SharePoint Tags: PGM Tags: Exchange Tags: Hyper-V Patch Tuesday of June 2023 is relatively relaxed. No actively exploited zero-days and only six critical vulnerabilities. (Read more...) The post Microsoft fixes six critical vulnerabilities in June Patch Tuesday appeared first on Malwarebytes Labs.

Hydra Network Logon Cracker 9.5

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.

Two remote code execution vulnerabilities disclosed in Microsoft Excel

Microsoft disclosed these issues and patched them as part of June’s monthly security release for the company.

Microsoft discloses 5 critical vulnerabilities in June's Patch Tuesday, no zero-days

For the first time in four months, none of the vulnerabilities Microsoft disclosed this Patch Tuesday have been exploited in the wild.

".Zip" top-level domains draw potential for information leaks

As a result of user applications increasingly registering actual “.zip” files as URLs, these filenames may trigger unintended DNS queries or web requests, thereby revealing possibly sensitive or internal company data in a file’s name to any actor monitoring the associated DNS server

Use of Multifactor Authentication (MFA) Nearly Doubles Since 2020, Okta Secure Sign-in Trends Report Finds

Okta platform data-based study finds FastPass and WebAuthn offer far stronger security and faster, more reliable user experiences.

Critical RCE Flaw Discovered in Fortinet FortiGate Firewalls - Patch Now!

Fortinet has released patches to address a critical security flaw in its FortiGate firewalls that could be abused by a threat actor to achieve remote code execution. The vulnerability, tracked as CVE-2023-27997, is "reachable pre-authentication, on every SSL VPN appliance," Lexfo Security researcher Charles Fol, who discovered and reported the flaw, said in a tweet over the weekend. Details

Former TikTok exec: Chinese Communist Party had "God mode" entry to US data

Categories: News Categories: Privacy Tags: Yu Tags: TikTok Tags: ByteDance Tags: CCP Tags: influence Tags: data access Tags: loaded gun A former executive at TikTok’s parent company ByteDance has claimed in court documents that the Chinese Community Party (CCP) had access to TikTok data, despite the data being stored in the US. (Read more...) The post Former TikTok exec: Chinese Communist Party had "God mode" entry to US data appeared first on Malwarebytes Labs.