Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

The severity of the Elevation of Privilege – Microsoft Streaming Service (CVE-2024-30090) vulnerability has increased

The severity of the Elevation of Privilege – Microsoft Streaming Service (CVE-2024-30090) vulnerability has increased. The vulnerability was fixed as part of the June Microsoft Patch Tuesday. At that time, no one highlighted this vulnerability. The vulnerability was discovered by a researcher with the nickname Angelboy from the DEVCORE company. The details are described in […]

Alexander V. Leonov
Open in Source
#vulnerability#web#microsoft#git#blog
Bumblebee and Latrodectus Malware Return with Sophisticated Phishing Strategies

Two malware families that suffered setbacks in the aftermath of a coordinated law enforcement operation called Endgame have resurfaced as part of new phishing campaigns. Bumblebee and Latrodectus, which are both malware loaders, are designed to steal personal data, along with downloading and executing additional payloads onto compromised hosts. Tracked under the names BlackWidow, IceNova, Lotus,

Threat actor abuses Gophish to deliver new PowerRAT and DCRAT

Cisco Talos recently discovered a phishing campaign using an open-source phishing toolkit called Gophish by an unknown threat actor.

Announcing the BlueHat 2024 Sessions

34 sessions from 54 presenters representing 20 organizations! We are thrilled to reveal the lineup of speakers and presentations for the 23rd BlueHat Security Conference, in Redmond WA from Oct 29-30. This year’s conference continues the BlueHat ethos and Secure Future Initiative mission of “Security Above All Else”. Security researchers and responders from inside and outside of Microsoft will gather on the Microsoft campus in Redmond, WA to share, debate, and challenge each other, with the shared goal of creating a safer and more secure world for all.

Unmanaged Cloud Credentials Pose Risk to Half of Orgs

These types of "long-lived" credentials pose a risk for users across all major cloud service providers, and must meet their very timely ends, researchers say.

Cisco Disables DevHub Access After Security Breach

The networking company confirms that cyberattackers illegally accessed data belonging to some of its customers.

THN Cybersecurity Recap: Top Threats, Tools and News (Oct 14 - Oct 20)

Hi there! Here’s your quick update on the latest in cybersecurity. Hackers are using new tricks to break into systems we thought were secure—like finding hidden doors in locked houses. But the good news? Security experts are fighting back with smarter tools to keep data safe. Some big companies were hit with attacks, while others fixed their vulnerabilities just in time. It's a constant battle.

A week in security (October 14 – October 20)

A list of topics we covered in the week of October 14 to October 20 of 2024

DPRK Uses Microsoft Zero-Day in No-Click Toast Attacks

The "Code-on-Toast" supply chain cyberattacks by APT37 delivered data-stealing malware to users in South Korea who had enabled Toast pop-up ads.

“HM Surf” macOS Flaw Lets Attackers Access Camera and Mic – Patch Now!

Researchers at Microsoft discovered a new macOS vulnerability, “HM Surf” (CVE-2024-44133), which bypasses TCC protections, allowing unauthorized access…