Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

TrickBot Malware Shifted its Focus on "Systematically" Targeting Ukraine

In what's being described as an "unprecedented twist," the operators of the TrickBot malware have resorted to systematically targeting Ukraine since the onset of the war in late February 2022. The group is believed to have orchestrated at least six phishing campaigns aimed at targets that align with Russian state interests, with the emails acting as lures for delivering malicious software such

The Hacker News
Open in Source
#vulnerability#microsoft#intel#backdoor#ssh#ibm#The Hacker News
Stealthy Cyber-Campaign Ditches Cobalt Strike for Rival 'Brute Ratel' Pen Test Tool

The latest criminal use of a legitimate red-teaming tool helps attackers stay under the radar and better access living-off-the-land binaries.

CVE-2021-29281: Unrestricted File Upload | OWASP Foundation

File upload vulnerability in GFI Mail Archiver versions up to and including 15.1 via insecure implementation of Telerik Web UI plugin which is affected by CVE-2014-2217, and CVE-2017-11317.

CVE-2022-33680

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33638, CVE-2022-33639.

China's Tonto Team APT Ramps Up Spy Operations Against Russia

In a significant spike of activity, the state-sponsored group is going after intelligence on Russian government agencies.

CVE-2022-32441: Night fuzzing session - IdaPro 6.6 - part 2

A memory corruption in Hex Rays Ida Pro v6.6 allows attackers to cause a Denial of Service (DoS) via a crafted file. Related to Data from Faulting Address controls subsequent Write Address starting at msvcrt!memcpy+0x0000000000000056.

Empower Your Security Operations Team to Combat Emerging Threats

When examining the modern threat landscape, empowering your security operations and overcoming the limitations inherent with other malware prevention solutions is imperative.

CVE-2021-4234: Access Server Release Notes | OpenVPN

OpenVPN Access Server 2.10 and prior versions are susceptible to resending multiple packets in a response to a reset packet sent from the client which the client again does not respond to, resulting in a limited amplification attack.

CVE-2022-2295: Chromium: CVE-2022-2295 Heap buffer overflow in WebRTC

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**

CVE-2022-2294: Chromium: CVE-2022-2294 Type Confusion in V8

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 103.0.1264.49 7/6/2022 103.0.5060.114 Extended Stable: 102.0.1245.56 7/6/2022 102.0.5005.148