#zero_day

Trend Micro VPN Proxy Pro version 5.2.1026 and below contains a vulnerability involving some overly permissive folders in a key directory which could allow a local attacker to obtain privilege escalation on an affected system.

The first half of the year saw more than 11,800 reported security vulnerabilities, but figuring out which ones to patch first remains a thankless job for IT teams.

Recent LofyLife campaign steals tokens and infects client files to monitor various user actions, such as log-ins, password changes and payment methods.

rpc.py version 0.6.0 suffers from a remote code execution vulnerability.

By Jon Munshaw.  Welcome to this week’s edition of the Threat Source newsletter.  Between the White House’s recent meeting, countless conference talks and report after report warning of cybersecurity burnout, there’s been a ton of talk recently around the cybersecurity skills gap and hiring.  Everyone wants to know the magic ticket to figure out how to increase hiring at their cybersecurity practice without hiring somehow with under-developed skills that could leave clients open to attack. This is not a problem exclusive to cybersecurity, but I do find it interesting that there’s been so much talk about the problems the cybersecurity workforce faces and not much about actual solutions.  I think a good place to start would change the meaning of what an “entry-level” position truly is in security. I came into this field with zero security experience from the domain of journalism. My family considered me to be “a computer guy” just because I was good at searching the internet fo...

By Deeba Ahmed According to Microsoft, hackers are exploiting the IIS web servers to install backdoors and steal credentials in their… This is a post from HackRead.com Read the original post: Microsoft: Hackers are Using Malicious IIS Extensions to Backdoor Exchange Servers

A cyber mercenary that "ostensibly sells general security and information analysis services to commercial customers" used several Windows and Adobe zero-day exploits in limited and highly-targeted attacks against European and Central American entities. The company, which Microsoft describes as a private-sector offensive actor (PSOA), is an Austria-based outfit called DSIRF that's linked to the

Microsoft flagged the company's Subzero tool set as on offer to unscrupulous governments and shady business interests.

The fax is dead. Long live the online fax? A new study suggests many healthcare professionals believe that flaws in today’s web security landscape are prompting a return to what’s been deemed an “extr

FileWave's mobile device management (MDM) system has been found vulnerable to two critical security flaws that could be leveraged to carry out remote attacks and seize control of a fleet of devices connected to it. "The vulnerabilities are remotely exploitable and enable an attacker to bypass authentication mechanisms and gain full control over the MDM platform and its managed devices," Claroty