Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

Microsoft’s May Patch Tuesday Updates Cause Windows AD Authentication Errors

Microsoft's May Patch Tuesday update is triggering authentication errors.

Threatpost
#vulnerability#mac#windows#microsoft#perl#auth
Iran’s COBALT MIRAGE Threat Group Behind Ransomware Attacks in US

By Deeba Ahmed Cobalt Mirage is an Irani threat group believed to be linked to the Iranian Cobalt Illusion threat group,… This is a post from HackRead.com Read the original post: Iran’s COBALT MIRAGE Threat Group Behind Ransomware Attacks in US

Custom PowerShell RAT targets Germans seeking information about the Ukraine crisis

Malwarebytes Threat Intelligence has uncovered an attack using the lure of information about the war in Ukraine to target people in Germany. The post Custom PowerShell RAT targets Germans seeking information about the Ukraine crisis appeared first on Malwarebytes Labs.

CVE-2022-25865: Fix git fetch - addresses a potential security concern regarding git fetch by kenotron · Pull Request #103 · microsoft/workspace-tools

The package workspace-tools before 0.18.4 are vulnerable to Command Injection via git argument injection. When calling the fetchRemoteBranch(remote: string, remoteBranch: string, cwd: string) function, both the remote and remoteBranch parameters are passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection.

CVE-2022-25865: Fix git fetch - addresses a potential security concern regarding git fetch by kenotron · Pull Request #103 · microsoft/workspace-tools

The package workspace-tools before 0.18.4 are vulnerable to Command Injection via git argument injection. When calling the fetchRemoteBranch(remote: string, remoteBranch: string, cwd: string) function, both the remote and remoteBranch parameters are passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection.

Threat Roundup for May 6 to May 13

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 6 and May 13. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,... [[ This is only the beginning! Please visit the blog for the complete entry ]]

Linux, OpenSSF Champion Plan to Improve Open Source Security

The White House and tech industry pledge $150 million over two years to boost open source resiliency and supply chain security.

Anatomy of a Security Update

The Microsoft Security Response Center is part of the defender community and on the front line of security response for our customers and the company. Our mission is to protect customers and Microsoft from current and emerging threats related to security and privacy. We monitor threats and provide updated tools and guidance to help organizations … Anatomy of a Security Update Read More »

COOPER Analysis Tool

Cooper utilizes cooperative mutation to test the binding code of scripting languages to find memory-safe issues. Cooperative mutation simultaneously modifies the script code and the related document objects to explore various code paths of the binding code. To support cooperative mutation, the authors infer the relationship between script code and document objects to guide the two-dimensional mutation. They applied their tool Cooper on three popular commercial PDF tools, Adobe Acrobat, Foxit Reader, and Microsoft Word. Cooper detected 134 previously unknown bugs, which resulted in 33 CVE entries and 22K bug bounties.

Data Transformation: 3 Sessions to Attend at RSA 2022

Three RSA 2022 sessions take deep dives into the security considerations around data cloud transformation.