Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

CVE-2021-39295: GitHub - openbmc/openbmc: OpenBMC Distribution

In OpenBMC 2.9, crafted IPMI messages allow an attacker to cause a denial of service to the BMC via the netipmid (IPMI lan+) interface.

CVE
Open in Source
#web#ios#mac#google#microsoft#ubuntu#linux#dos#git#intel#c++#bios#ssh#ibm
Security Roundup: Leak of Top-Secret US Intel Risks a New Wave of Mass Surveillance

Plus: Hackers claim to have stolen 10 TB from Western Digital, a new spyware has emerged, and WhatsApp gets a fresh security feature.

CVE-2023-2033: Chromium: CVE-2023-2033 Type Confusion in V8

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**

Google Releases Urgent Chrome Update to Fix Actively Exploited Zero-Day Vulnerability

Google on Friday released out-of-band updates to resolve an actively exploited zero-day flaw in its Chrome web browser, making it the first such bug to be addressed since the start of the year. Tracked as CVE-2023-2033, the high-severity vulnerability has been described as a type confusion issue in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been

CVE-2023-24934

Microsoft Defender Security Feature Bypass Vulnerability

Russian SolarWinds Culprits Launch Fresh Barrage of Espionage Cyberattacks

The threat group behind the SolarWinds supply chain attacks is back with new tools for spying on officials in NATO countries and Africa.

Threat Roundup for April 7 to April 14

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 7 and April 14. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key

Microsoft Word Remote Code Execution

Microsoft Word appears to suffer from a remote code execution vulnerability when a user load a malicious file that reaches out to an attacker-controller server to get a hostile payload.

Russia-Linked Hackers Launches Espionage Attacks on Foreign Diplomatic Entities

The Russia-linked APT29 (aka Cozy Bear) threat actor has been attributed to an ongoing cyber espionage campaign targeting foreign ministries and diplomatic entities located in NATO member states, the European Union, and Africa. According to Poland's Military Counterintelligence Service and the CERT Polska team, the observed activity shares tactical overlaps with a cluster tracked by Microsoft as

CVE-2023-24934: Microsoft Defender Security Feature Bypass Vulnerability

**What kind of security feature could be bypassed by successfully exploiting this vulnerability?** An attacker who successfully exploited this vulnerability could bypass the Windows Defender detection with a specially crafted file.