#microsoft

A pair of major data breaches rock the UK, North Korea hacks a Russian missile maker, and Microsoft’s Chinese Outlook breach sparks new problems.

Multiple security vulnerabilities have been disclosed in AudioCodes desk phones and Zoom's Zero Touch Provisioning (ZTP) that could be potentially exploited by a malicious attacker to conduct remote attacks. "An external attacker who leverages the vulnerabilities discovered in AudioCodes Ltd.'s desk phones and Zoom's Zero Touch Provisioning feature can gain full remote control of the devices,"

# Microsoft Security Advisory CVE-2023-35391: .NET Information Disclosure Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET core 2.1, .NET 6.0 and, .NET 7.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in ASP.NET Core 2.1, .NET 6.0 and, .NET 7.0 applications using SignalR when redis backplane use might result in information disclosure. ## Announcement Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/267 ### <a name="mitigation-factors"></a>Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. ## <a name="affected-software"></a>Affected software * Any .NET 7.0 application running on .NET 7.0.9 or earlier. * Any .NET 6.0 application running on .NET 6.0.20 or earlier. If your appli...

By Deeba Ahmed MoustachedBouncer is a Belarusian government-backed hacking group that has been active since 2014. This is a post from HackRead.com Read the original post: MoustachedBouncer Hackers Caught Spying on Embassies

By Habiba Rashid The new attack has been dubbed Phishing 3.0. This is a post from HackRead.com Read the original post: Phishing 3.0: Crooks Leverage AWS in Deceptive Email Campaigns

Cross Site Scripting (XSS) vulnerability in Name Input Field in Contact Us form in Laborator Kalium before 3.0.4, allows remote attackers to execute arbitrary code.

Cross Site Scripting (XSS) vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload.

The Chinese threat actor known as APT31 (aka Bronze Vinewood, Judgement Panda, or Violet Typhoon) has been linked to a set of advanced backdoors that are capable of exfiltrating harvested sensitive information to Dropbox. The malware is part of a broader collection of more than 15 implants that have been put to use by the adversary in attacks targeting industrial organizations in Eastern Europe

Categories: Threat Intelligence Tags: exploit kits Tags: eks Tags: rigek Tags: purplefoxek Internet Explorer may be a thing of the past, but there are still users and threat actors trying to deliver drive-by downloads. (Read more...) The post Old exploit kits still kicking around in 2023 appeared first on Malwarebytes Labs.

A set of 15 high-severity security flaws have been disclosed in the CODESYS V3 software development kit (SDK) that could result in remote code execution and denial-of-service under specific conditions, posing risks to operational technology (OT) environments. The flaws, tracked from CVE-2022-47379 through CVE-2022-47393 and dubbed CoDe16, carry a CVSS score of 8.8 with the exception of