Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

I Stopped Using Passwords. It's Great—and a Total Mess

Passkeys are here to replace passwords. When they work, it’s a seamless vision of the future. But don’t ditch your old logins just yet.

Wired
Open in Source
#web#android#windows#apple#google#microsoft#amazon#auth#sap#ssl
Critical Bootloader Vulnerability in Shim Impacts Nearly All Linux Distros

The maintainers of shim have released version 15.8 to address six security flaws, including a critical bug that could pave the way for remote code execution under specific circumstances. Tracked as CVE-2023-40547 (CVSS score: 9.8), the vulnerability could be exploited to achieve a Secure Boot bypass. Bill Demirkapi of the Microsoft Security Response Center (MSRC) has been&

Global Coalition and Tech Giants Unite Against Commercial Spyware Abuse

A coalition of dozens of countries, including France, the U.K., and the U.S., along with tech companies such as Google, MDSec, Meta, and Microsoft, have signed a joint agreement to curb the abuse of commercial spyware to commit human rights abuses. The initiative, dubbed the Pall Mall Process, aims to tackle the proliferation and irresponsible use of commercial cyber intrusion tools by

State of Malware 2024: What consumers need to know

The State of Malware 2024 report covers some topics that are of special interest to home users: privacy, passwords, malvertising, banking Trojans, and Mac malware.

Beware: Fake Facebook Job Ads Spreading 'Ov3r_Stealer' to Steal Crypto and Credentials

Threat actors are leveraging bogus Facebook job advertisements as a lure to trick prospective targets into installing a new Windows-based stealer malware codenamed Ov3r_Stealer. "This malware is designed to steal credentials and crypto wallets and send those to a Telegram channel that the threat actor monitors," Trustwave SpiderLabs said in a report shared with The Hacker News. Ov3r_Stealer

Experts Detail New Flaws in Azure HDInsight Spark, Kafka, and Hadoop Services

Three new security vulnerabilities have been discovered in Azure HDInsight's Apache Hadoop, Kafka, and Spark services that could be exploited to achieve privilege escalation and a regular expression denial-of-service (ReDoS) condition. "The new vulnerabilities affect any authenticated user of Azure HDInsight services such as Apache Ambari and Apache Oozie," Orca security

How are user credentials stolen and used by threat actors?

You’ve probably heard the phrase, “Attackers don’t hack anyone these days. They log on.” In this blog, we describe the various tools and techniques bad actors are using to steal credentials so they can 'log on' with valid account details, and outline our recommendations for defense.

Running Windows 11 and 2022 Server Virtual Machines in Red Hat OpenShift with persistent vTPM

The trusted platform module (TPM) is a self-contained hardware encryption technology present in recent computer systems. It provides, among other things, hardware random number generation and more secure storage for encryption keys. This enables administrators to encrypt operating system disks that will then only be decryptable on the same system. Version 2.0 of the TPM specification was published in 2015, and Microsoft’s Windows 11 requires a version 2.0 TPM to be present to install.To support operating systems like Windows 11 that require a TPM, libvirt provides a virtual TPM (vTPM) that c

Gentoo Linux Security Advisory 202402-05

Gentoo Linux Security Advisory 202402-5 - Multiple vulnerabilities have been discovered in Microsoft Edge, the worst of which could lead to remote code execution. Versions greater than or equal to 120.0.2210.61 are affected.

WhatsUp Gold 2022 22.1.0 Build 39 Cross Site Scripting

WhatsUp Gold 2022 version 22.1.0 Build 39 suffers from a persistent cross site scripting vulnerability.