Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

GHSA-rvj4-q8q5-8grf: ACME DNS: Azure Identity Libraries Elevation of Privilege Vulnerability

### Impact There is a vulnerability in [Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability](https://nvd.nist.gov/vuln/detail/CVE-2024-35255). ### References - [CVE-2024-35255](https://nvd.nist.gov/vuln/detail/CVE-2024-35255) ### Patches - https://github.com/traefik/traefik/releases/tag/v2.11.5 - https://github.com/traefik/traefik/releases/tag/v3.0.3 ### Workarounds No workaround. ### For more information If you have any questions or comments about this advisory, please [open an issue](https://github.com/traefik/traefik/issues).

ghsa
Open in Source
#vulnerability#microsoft#git#auth
French Diplomatic Entities Targeted in Russian-Linked Cyber Attacks

State-sponsored actors with ties to Russia have been linked to targeted cyber attacks aimed at French diplomatic entities, the country's information security agency ANSSI said in an advisory. The attacks have been attributed to a cluster tracked by Microsoft under the name Midnight Blizzard (formerly Nobelium), which overlaps with activity tracked as APT29, BlueBravo, Cloaked Ursa, Cozy Bear,

Chinese Cyber Espionage Targets Telecom Operators in Asia Since 2021

Cyber espionage groups associated with China have been linked to a long-running campaign that has infiltrated several telecom operators located in a single Asian country at least since 2021. "The attackers placed backdoors on the networks of targeted companies and also attempted to steal credentials," the Symantec Threat Hunter Team, part of Broadcom, said in a report shared with The Hacker News

New Rust-based Fickle Malware Uses PowerShell for UAC Bypass and Data Exfiltration

A new Rust-based information stealer malware called Fickle Stealer has been observed being delivered via multiple attack chains with the goal of harvesting sensitive information from compromised hosts. Fortinet FortiGuard Labs said it's aware of four different distribution methods -- namely VBA dropper, VBA downloader, link downloader, and executable downloader -- with some of them using a

CVE-2024-38082: Microsoft Edge (Chromium-based) Spoofing Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** The user would have to click on a specially crafted URL to be compromised by the attacker.

CVE-2024-38093: Microsoft Edge (Chromium-based) Spoofing Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** The user would have to click on a specially crafted URL to be compromised by the attacker.

Experts Uncover New Evasive SquidLoader Malware Targeting Chinese Organizations

Cybersecurity researchers have uncovered a new evasive malware loader named SquidLoader that spreads via phishing campaigns targeting Chinese organizations. AT&T LevelBlue Labs, which first observed the malware in late April 2024, said it incorporates features that are designed to thwart static and dynamic analysis and ultimately evade detection. Attack chains leverage phishing emails that

'ONNX' MFA Bypass Targets Microsoft 365 Accounts

The service, likely a rebrand of a previous operation called "Caffeine," mainly targets financial institutions in the Americas and EMEA and uses malicious QR codes and other advanced evasion tactics.

CHERI Alliance Aims to Secure Hardware Memory

The consortium of private companies and academia will focus on ways to protect hardware memory from attacks.

Cut & Paste Tactics Import Malware to Unwitting Victims

"ClearFake" and "ClickFix" attackers are tricking people into cutting and pasting malicious PowerShell scripts to infect their own machines with RATs and infostealers.