Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

Urgent: Microsoft Issues Patches for 97 Flaws, Including Active Ransomware Exploit

It's the second Tuesday of the month, and Microsoft has released another set of security updates to fix a total of 97 flaws impacting its software, one of which has been actively exploited in ransomware attacks in the wild. Seven of the 97 bugs are rated Critical and 90 are rated Important in severity. Interestingly, 45 of the shortcomings are remote code execution flaws, followed by 20

The Hacker News
Open in Source
#vulnerability#web#android#windows#apple#google#microsoft#ubuntu#linux#debian#cisco#red_hat#dos#apache#git#oracle#rce#samba#lenovo#amd#samsung#auth#ibm#dell#zero_day#chrome#firefox#sap#The Hacker News
Lazarus Sub-Group Labyrinth Chollima Uncovered as Mastermind in 3CX Supply Chain Attack

Enterprise communications service provider 3CX confirmed that the supply chain attack targeting its desktop application for Windows and macOS was the handiwork of a threat actor with North Korean nexus. The findings are the result of an interim assessment conducted by Google-owned Mandiant, whose services were enlisted after the intrusion came to light late last month. The threat intelligence

Don't plug your phone into a free charging station, warns FBI

Categories: Awareness Categories: News Tags: FBI Tags: juice jacking Tags: public chargers The FBI warned consumers against using free public charging stations, stating that criminals have managed to hijack public chargers to infect devices with malware. (Read more...) The post Don't plug your phone into a free charging station, warns FBI appeared first on Malwarebytes Labs.

Microsoft (& Apple) Patch Tuesday, April 2023 Edition

Microsoft today released software updates to plug 100 security holes in its Windows operating systems and other software, including a zero-day vulnerability that is already being used in active attacks. Not to be outdone, Apple has released a set of important updates addressing two zero-day vulnerabilities that are being used to attack iPhones, iPads and Macs.

Microsoft Patches 97 CVEs, Including Zero-Day & Wormable Bugs

The April 2023 Patch Tuesday security update also included a reissue of a fix for a 10-year-old bug that a threat actor recently exploited in the supply chain attack on 3CX.

GHSA-w4m3-43gp-x8hx: .NET Remote Code Execution Vulnerability

# Microsoft Security Advisory CVE-2023-28260: .NET Remote Code Execution Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET running on Windows where a runtime DLL can be loaded from an unexpected location, resulting in remote code execution. ## Announcement Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/250 ### <a name="mitigation-factors"></a>Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. ## <a name="affected-software"></a>Affected software * Any .NET 7.0 application running on .NET 7.0.4 or earlier. * Any .NET 6.0 application running on .NET 6.0.15 or earlier. ## Advisory FAQ ### <a name="how-affected"...

CVE-2023-28229

Windows CNG Key Isolation Service Elevation of Privilege Vulnerability

CVE-2023-28252

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVE-2023-28293

Windows Kernel Elevation of Privilege Vulnerability

CVE-2023-28298

Windows Kernel Denial of Service Vulnerability