Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

The US Could Finally Ban Inane Forced Password Changes

Plus: The US Justice Department indicts three Iranians over Trump campaign hack, EU regulators fine Meta $100 million for a password security lapse, and the Tor Project enters a new phase.

Wired
Open in Source
#vulnerability#web#google#microsoft#linux#git#intel#auth
Novel Exploit Chain Enables Windows UAC Bypass

Adversaries can exploit CVE-2024-6769 to jump from regular to admin access without triggering UAC, but Microsoft says it's not really a vulnerability.

Could Security Misconfigurations Become No. 1 in OWASP Top 10?

As Superman has kryptonite, software has weaknesses — with misconfigurations leading the pack.

Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks

The threat actor known as Storm-0501 has targeted government, manufacturing, transportation, and law enforcement sectors in the U.S. to stage ransomware attacks. The multi-stage attack campaign is designed to compromise hybrid cloud environments and perform lateral movement from on-premises to cloud environment, ultimately resulting in data exfiltration, credential theft, tampering, persistent

New HTML Smuggling Campaign Delivers DCRat Malware to Russian-Speaking Users

Russian-speaking users have been targeted as part of a new campaign distributing a commodity trojan called DCRat (aka DarkCrystal RAT) by means of a technique known as HTML smuggling. The development marks the first time the malware has been deployed using this method, a departure from previously observed delivery vectors such as compromised or fake websites, or phishing emails bearing PDF

Old Vulnerability Rated 9.9 Impacts All GNU/Linux Systems, Researcher Claims

A researcher claims to have found a decade-old vulnerability rated 9.9 that affects all GNU/Linux systems, allowing attackers…

Are hardware supply chain attacks “cyber attacks?”

It shouldn’t just be viewed as a cybersecurity issue, because for a hardware supply chain attack, an adversary would likely need to physically infiltrate or tamper with the manufacturing process.

CVE-2024-9123: Chromium: CVE-2024-9123 Integer overflow in Skia

**What is the version information for this release?** Microsoft Edge Channel Microsoft Edge Version Based on Chromium Version Date Released Stable 129.0.2792.65 129.0.6668.70/.71 9/26/2024

CVE-2024-9122: Chromium: CVE-2024-9122 Type Confusion in V8

**What is the version information for this release?** Microsoft Edge Channel Microsoft Edge Version Based on Chromium Version Date Released Stable 129.0.2792.65 129.0.6668.70/.71 9/26/2024

CVE-2024-9121: Chromium: CVE-2024-9121 Inappropriate implementation in V8

**What is the version information for this release?** Microsoft Edge Channel Microsoft Edge Version Based on Chromium Version Date Released Stable 129.0.2792.65 129.0.6668.70/.71 9/26/2024