#microsoft

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have published a joint advisory regarding the active exploitation of a recently disclosed critical flaw in Progress Software's MOVEit Transfer application to drop ransomware. "The Cl0p Ransomware Gang, also known as TA505, reportedly began exploiting a previously unknown SQL injection

In this post, we will present confidential virtual machines (CVMs) as one of the use cases of confidential computing as well as the security benefits expected from this emerging technology. We will focus on the high level requirements for the Linux guest operating system to ensure data confidentiality both in use and at rest. This blog follows the recent release of Red Hat Enterprise Linux 9.2 running on Azure Confidential VMs. CVMs are also a critical building block for the upcoming OpenShift confidential containers in OpenShift 4.13 (dev-preview). For additional details on OpenShift

The External Visitor Manager portal of HID’s SAFE versions 5.8.0 through 5.11.3 are vulnerable to manipulation within web fields in the application programmable interface (API). An attacker could log in using account credentials available through a request generated by an internal user and then manipulate the visitor-id within the web API to access the personal data of other users. There is no limit on the number of requests that can be made to the HID SAFE Web Server, so an attacker could also exploit this vulnerability to create a denial-of-service condition.

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

By Habiba Rashid The massive and sophisticated mobile malware campaign has been operating undetected on Android devices across the globe for more than six months.  This is a post from HackRead.com Read the original post: Global Malware Attack Imitates VPN and Security Apps on Android Phones

Whitepaper called Bughunter's Life-Style: A DIY guide to become an alone long time bughunter for ordinary people. Written in Spanish.

USB Flash Drives Control version 4.1.0.0 suffers from an unquoted service path vulnerability.

Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs.

Microsoft has agreed to pay a penalty of $20 million to settle U.S. Federal Trade Commission (FTC) charges that the company illegally collected and retained the data of children who signed up to use its Xbox video game console without their parents' knowledge or consent. "Our proposed order makes it easier for parents to protect their children's privacy on Xbox, and limits what information

Categories: Threat Intelligence Tags: facebook Tags: posts Tags: google Tags: cloud run Clickbait posts on Facebook can lead to malicious websites. In this campaign, crooks are redirecting Facebook victims to scam pages hosted on Google's infrastructure. (Read more...) The post Facebook clickbait leads to money scam for users appeared first on Malwarebytes Labs.