Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

Emerging H0lyGh0st Ransomware Tied to North Korea

Microsoft has linked a threat that emerged in June 2021 and targets small-to-mid-sized businesses to state-sponsored actors tracked as DEV-0530.

Threatpost
Open in Source
#web#mac#windows#microsoft#git#intel#c++
Sandworm APT Trolls Researchers on Its Trail as It Targets Ukraine

Researchers who helped thwart the Russian nation-state group's recent attack on Ukraine's power supply will disclose at Black Hat USA what they found while reverse-engineering the powerful Industroyer2 malware used by the powerful hacking team.

Windows Kernel nt!MiRelocateImage Invalid Read

The Microsoft Windows kernel suffers from an invalid read in nt!MiRelocateImage while parsing a malformed PE file.

Windows LSA Service LsapGetClientInfo Impersonation Level Check Privilege Escalation

On Microsoft Windows, the LsapGetClientInfo API in LSASRV will fallback and directly capture a caller's impersonation token if it fails to impersonate, leading to elevation of privilege if the impersonation level is not checked.

CVE-2022-35409: Releases · Mbed-TLS/mbedtls

An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information disclosure based on error responses. Affected configurations have MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled and MBEDTLS_SSL_IN_CONTENT_LEN less than a threshold that depends on the configuration: 258 bytes if using mbedtls_ssl_cookie_check, and possibly up to 571 bytes with a custom cookie check function.

Crunch time for EU web authentication plan as Mozilla launches campaign to protect status quo

Mozilla’s message to MEPs appears to be gaining traction, says senior public policy manager at the non-profit

North Korean Hackers Targeting Small and Midsize Businesses with H0lyGh0st Ransomware

An emerging threat cluster originating from North Korea has been linked to developing and using ransomware in cyberattacks targeting small businesses since September 2021. The group, which calls itself H0lyGh0st after the ransomware payload of the same name, is being tracked by the Microsoft Threat Intelligence Center under the moniker DEV-0530, a designation assigned for unknown, emerging, or a

CVE-2022-1881: Security Advisory 2022-06

In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists where it is possible for a user to download Project Exports from a Project they do not have permissions to access. This vulnerability only impacts projects within the same Space.

CVE-2022-29890: Security Advisory 2022-07

In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link.

Mantis Botnet Behind the Largest HTTPS DDoS Attack Targeting Cloudflare Customers

The botnet behind the largest HTTPS distributed denial-of-service (DDoS) attack in June 2022 has been linked to a spate of attacks aimed at nearly 1,000 Cloudflare customers. Calling the powerful botnet Mantis, the web performance and security company attributed it to more than 3,000 HTTP DDoS attacks against its users. The most attacked industry verticals include internet and telecom, media,