Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

Geriatric Microsoft Bug Exploited by APT Using Commodity RATs

Disguised as an IT firm, the APT is hitting targets in Afghanistan & India, exploiting a 20-year-old+ Microsoft Office bug that's as potent as it is ancient.

Threatpost
Open in Source
#Hacks#Malware#Web Security#google#Cloud Security#Privacy#Vulnerabilities#Web Security#Government#Malware#Mobile Security#Vulnerabilities#Web Security#microsoft
Slack contains an XSLeak vulnerability that de-anonymizes users

Research inspired by similar flaws previously unearthed in Facebook, Twitter, and Microsoft Live

Lateral Movement – WebClient

Coercing elevated accounts such as machine accounts to authenticate to a host under the control of an attacker can provide an opportunity for privilege escalation… Continue reading → Lateral Movement – WebClient

Lateral Movement – WebClient

Coercing elevated accounts such as machine accounts to authenticate to a host under the control of an attacker can provide an opportunity for privilege escalation… Continue reading → Lateral Movement – WebClient

Lateral Movement – WebClient

Coercing elevated accounts such as machine accounts to authenticate to a host under the control of an attacker can provide an opportunity for privilege escalation… Continue reading → Lateral Movement – WebClient

Microsoft Warns of New Security Flaw Affecting Surface Pro 3 Devices

Microsoft has published a new advisory warning of a security bypass vulnerability affecting Surface Pro 3 convertible laptops that could be exploited by an adversary to introduce malicious devices within enterprise networks and defeat the device attestation mechanism. Tracked as CVE-2021-42299 (CVSS score: 5.6), the issue has been codenamed "TPM Carte Blanche" by Google software engineer Chris

Microsoft のバグハンティング:脆弱性発見者へのインタビューとMSRCについて ~ CODE BLUE Open Talkより

より安全で安心な製品やサービスを提供するために、マイクロソフトでは、マイクロソフトの製品やサービスに

Apple Releases Urgent iPhone and iPad Updates to Patch New Zero-Day Vulnerability

Apple on Monday released a security update for iOS and iPad to address a critical vulnerability that it says is being exploited in the wild, making it the 17th zero-day flaw the company has addressed in its products since the start of the year. The weakness, assigned the identifier CVE-2021-30883, concerns a memory corruption issue in the "IOMobileFrameBuffer" component that could allow an

Squirrel Bug Lets Attackers Execute Code in Games, Cloud Services

The out-of-bounds read vulnerability enables an attacker to escape a Squirrel VM in games with millions of monthly players – such as Counter-Strike: Global Offensive and Portal 2 – and in cloud services such as Twilio Electric Imp.