Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

What Squid Game Teaches Us About Cybersecurity

When life inside the security operations center feels treacherous, here are some suggestions for getting out alive.

DARKReading
Open in Source
#microsoft
'Lone Wolf' Hacker Group Targeting Afghanistan and India with Commodity RATs

A new malware campaign targeting Afghanistan and India is exploiting a now-patched, 20-year-old flaw affecting Microsoft Office to deploy an array of commodity remote access trojans (RATs) that allow the adversary to gain complete control over the compromised endpoints. Cisco Talos attributed the cyber campaign to a "lone wolf" threat actor operating a Lahore-based fake IT company called Bunse

Researchers Discover Microsoft-Signed FiveSys Rootkit in the Wild

A newly identified rootkit has been found with a valid digital signature issued by Microsoft that's used to proxy traffic to internet addresses of interest to the attackers for over a year targeting online gamers in China. Bucharest-headquartered cybersecurity technology company Bitdefender named the malware "FiveSys," calling out its possible credential theft and in-game-purchase hijacking

CVE-2021-42715: In stb_image's HDR reader, loading a specially constructed invalid HDR file can result in an infinite loop within the RLE decoder · Issue #1224 · nothings/stb

An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An attacker could potentially have caused denial of service in applications using stb_image by submitting crafted HDR files.

Microsoft Launches Security Program for Nonprofits

A new set of security tools is built to assess risk, provide monitoring and notification if an attack occurs, and train IT pros and users.

CVE-2021-37996: Chromium: CVE-2021-37996 Insufficient validation of untrusted input in Downloads

*What is the version information for this release?* Microsoft Edge Version Date Released Based on Chromium Version 95.0.1020.30 10/21/2021 95.0.4638.54

CVE-2021-37995: Chromium: CVE-2021-37995 Inappropriate implementation in WebApp Installer

*What is the version information for this release?* Microsoft Edge Version Date Released Based on Chromium Version 95.0.1020.30 10/21/2021 95.0.4638.54

CVE-2021-37994: Chromium: CVE-2021-37994 Inappropriate implementation in iFrame Sandbox

*What is the version information for this release?* Microsoft Edge Version Date Released Based on Chromium Version 95.0.1020.30 10/21/2021 95.0.4638.54

CVE-2021-37993: Chromium: CVE-2021-37993 Use after free in PDF Accessibility

*What is the version information for this release?* Microsoft Edge Version Date Released Based on Chromium Version 95.0.1020.30 10/21/2021 95.0.4638.54

CVE-2021-37992: Chromium: CVE-2021-37992 Out of bounds read in WebAudio

*What is the version information for this release?* Microsoft Edge Version Date Released Based on Chromium Version 95.0.1020.30 10/21/2021 95.0.4638.54