#microsoft

An AI's "world" only includes the data on which it was trained, so it otherwise lacks context — opening the door for creative attacks from cyber adversaries.

A malicious extension for Chromium-based web browsers has been observed to be distributed via a long-standing Windows information stealer called ViperSoftX. Czech-based cybersecurity company dubbed the rogue browser add-on VenomSoftX owing to its standalone features that enable it to access website visits, steal credentials and clipboard data, and even swap cryptocurrency addresses via an

Orgs are in the middle of a rapid increase in the use of new collaboration tools to serve the needs of an increasingly dispersed workforce — and they're paying a very real security price.

Analysts see an uptick in token theft from authenticated users, allowing threat actors to bypass MFA protections.

Here's what that means about our current state as an industry, and why we should be happy about it.

This is a whitepaper along with a proof of concept eml file discussing CVE-2020-16947 where a remote code execution vulnerability exists in Microsoft Outlook 2019 version 16.0.13231.20262 when it fails to properly handle objects in memory.

This is a whitepaper along with a proof of concept eml file that demonstrates an out-of-bounds read on Outlook 2019 version 16.0.12624.20424. NIST references this issue as simply an information disclosure.

This is a whitepaper discussing CVE-2020-1349 where a remote code execution vulnerability exists in Microsoft Outlook 2019 version 16.0.12624.20424 when it fails to properly handle objects in memory.

David Bouman discovered that the netfilter subsystem in the Linux kernel did not properly validate passed user register indices. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. David Bouman and Billy Jheng Bing Jhong discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.

Ubuntu Security Notice 5728-2 - Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the memory address space accounting implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.