Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

Sophisticated Phishing Campaign Deploying Agent Tesla, OriginBotnet, and RedLine Clipper

A sophisticated phishing campaign is using a Microsoft Word document lure to distribute a trifecta of threats, namely Agent Tesla, OriginBotnet, and OriginBotnet, to gather a wide range of information from compromised Windows machines. "A phishing email delivers the Word document as an attachment, presenting a deliberately blurred image and a counterfeit reCAPTCHA to lure the recipient into

The Hacker News
Open in Source
#web#mac#windows#microsoft#botnet#The Hacker News
CVE-2023-37875: Wing FTP Server History

Improper encoding or escaping of output in Wing FTP Server (User Web Client) allows Cross-Site Scripting (XSS).This issue affects Wing FTP Server: <= 7.2.0.

CVE-2022-4896: Multiple Vulnerabilities Control De Ciber | INCIBE-CERT

Cyber Control, in its 1.650 version, is affected by a vulnerability in the generation on the server of pop-up windows with the messages "PNTMEDIDAS", "PEDIR", "HAYDISCOA" or "SPOOLER". A complete denial of service can be achieved by sending multiple requests simultaneously on a core.

CVE-2023-38160: Windows TCP/IP Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

CVE-2023-38163: Windows Defender Attack Surface Reduction Security Feature Bypass

**What kind of security feature could be bypassed by successfully exploiting this vulnerability?** An attacker who successfully exploited this vulnerability could bypass the Windows Defender Attack Surface Reduction blocking feature.

CVE-2023-38149: Windows TCP/IP Denial of Service Vulnerability

The following workaround may be helpful in your situation. In all cases, Microsoft strongly recommends that you install the updates for this vulnerability as soon as they become available even if you plan to leave this workaround in place: **Disable router discovery on IPv6 interface.** You can disable router discovery on the IPv6 interface to prevent attackers from exploiting the vulnerability, with the following PowerShell command: * Set-NetIPInterface -InterfaceIndex \[interface\_index\] -RouterDiscovery Disabled You can disable router discovery on the IPv6 interface to prevent attackers from exploiting the vulnerability, with the following Network Shell (netsh) command: * netsh interface ipv6 set interface \[interface\_name\] routerdiscovery=disabled Please refer to the workaround section of this security bulletin for more information: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-006 **Note:** No reboot is needed after making the change...

CVE-2023-38150: Windows Kernel Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2023-38161: Windows GDI Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2023-35355: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2023-36804: Windows GDI Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.