Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

TSPlus 16.0.2.14 Insecure Permissions

TSPlus version 16.0.2.14 suffers from an insecure permissions vulnerability.

Packet Storm
#vulnerability#web#windows#microsoft#js#git#java#auth
Update now! WinRAR files can be abused to run malware

Categories: Exploits and vulnerabilities Categories: News Tags: WinRAR Tags: CVE-2023-40477 Tags: RCE Tags: Windows 11 A new version of WinRAR is available that patches two vulnerabilities attackers could use for remote code execution. (Read more...) The post Update now! WinRAR files can be abused to run malware appeared first on Malwarebytes Labs.

Carderbee Attacks: Hong Kong Organizations Targeted via Malicious Software Updates

A previously undocumented threat cluster has been linked to a software supply chain attack targeting organizations primarily located in Hong Kong and other regions in Asia. The Symantec Threat Hunter Team, part of Broadcom, is tracking the activity under its insect-themed moniker Carderbee. The attacks, per the cybersecurity firm, leverage a trojanized version of a legitimate software called

New Supply Chain Attack Hit Close to 100 Victims—and Clues Point to China

The hackers, who mostly targeted victims in Hong Kong, also hijacked Microsoft’s trust model to make their malware harder to detect.

Chinese Hackers Using Stolen Ivacy VPN Certificate To Sign Malware

By Waqas Bronze Starlight hackers have been cleverly utilizing a valid Ivacy VPN code-signing certificate to target the Southeast Asian gambling industry. This is a post from HackRead.com Read the original post: Chinese Hackers Using Stolen Ivacy VPN Certificate To Sign Malware

QR codes used to phish for Microsoft credentials

Categories: News Tags: QR codes Tags: attachment Tags: phishing Tags: Bing Tags: Microsoft Tags: credentials Researchers have been monitoring a phishing campaign that uses QR codes and Bing redirects to lead targets to phishing sites. (Read more...) The post QR codes used to phish for Microsoft credentials appeared first on Malwarebytes Labs.

CVE-2023-36787

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2023-38158

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

How to Investigate an OAuth Grant for Suspicious Activity or Overly Permissive Scopes

From a user’s perspective, OAuth works like magic. In just a few keystrokes, you can whisk through the account creation process and gain immediate access to whatever new app or integration you’re seeking. Unfortunately, few users understand the implications of the permissions they allow when they create a new OAuth grant, making it easy for malicious actors to manipulate employees into giving

CVE-2023-4349: Chromium: CVE-2023-4349 Use after free in Device Trust Connectors

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**