Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

Contrast Security Launches Alliance Program to Change the Way Customers Scale Their Security Solutions

The Security Innovation Alliance (SIA) empowers customers to create holistic security programs by leveraging robust end-to-end integration partnerships.

DARKReading
Open in Source
#vulnerability#web#microsoft#amazon#git#vmware#aws#ibm#ssl
Fortra's Terranova Security 2022 Gone Phishing Tournament Results Reveal Large Organizations at Highest Risk of Compromising Data

Findings underscore security awareness training that leverages practical, hands-on exercises is essential to creating a security-aware culture.

How to protect your business from supply chain attacks

Categories: Business Categories: News Many have been calling attention to supply chain attacks for years. Is your business ready to listen? (Read more...) The post How to protect your business from supply chain attacks appeared first on Malwarebytes Labs.

CVE-2022-27537: HP PC BIOS August 2022 Additional Updates for Potential SMM and TOCTOU Vulnerabilities

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate these potential vulnerabilities.

CVE-2022-27538: HP PC BIOS December 2022 Security Update (TOCTOU)

A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in the BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability.

CVE-2022-3990: Privilege escalation via HPSFViewer | HP® Customer Support

HPSFViewer might allow Escalation of Privilege. This potential vulnerability was remediated on July 29th, 2022. Customers who opted for automatic updates should have already received the remediation.

CVE-2021-3809: HP PC BIOS - May 2022 Security Updates

Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities.

Hackers Abused Microsoft's "Verified Publisher" OAuth Apps to Hack Corporate Email Accounts

Microsoft on Tuesday said it took steps to disable fake Microsoft Partner Network (MPN) accounts that were used for creating malicious OAuth applications as part of a malicious campaign designed to breach organizations' cloud environments and steal email. "The applications created by these fraudulent actors were then used in a consent phishing campaign, which tricked users into granting

CVE-2022-47769: Security Advisory: Serenissima Informatica – FastCheckIn (CVE-2022-47768/CVE-2022-47769/ CVE-2022-47770)

An arbitrary file write vulnerability in Serenissima Informatica Fast Checkin v1.0 allows unauthenticated attackers to upload malicious files in the web root of the application to gain access to the server via the web shell.

Microsoft の調査 – 検証済みの発行者確認を悪用する脅威アクターの同意フィッシング キャンペーンについて

本ブログは、Microsoft Investigation – Threat actor consent phishing campaign abusing the verified publisher process の抄訳版です。最新の情報は原文を参照してくださ