| Date | Title | Description |
| 30.01.2025 | В тренде VM: под угрозой продукты Microsoft, сайты на WordPress и веб-приложения на Apache Struts | Хабр, привет! Я Александр Леонов, ведущий эксперт лаборатории PT Expert Security Center. Мы с командой аналитиков Positive Technologies каждый месяц исследуем информацию об уязвимостях из баз и бюллетеней безопасности вендоров, социальных с... |
| 06.01.2025 | Хакерские утилиты Дидье Стивенса | Дидье Стивенс — бельгийский разработчик и авторитетный специалист по информационной безопасности. Наиболее известен своими инструментами по взлому паролей Windows, анализу документов PDF и внедрению туда вредоносных файлов, а также как авто... |
| 26.03.2024 | Thousands of phones and routers swept into proxy service, unbeknownst to users | Enlarge
Getty Images reader comments 86
Crooks are working overtime to anonymize their illicit online activities using thousands of devices of unsuspecting users, as evidenced by two unrelated reports published Tuesday.
The first, from secu... |
| 08.08.2023 | Менеджеры паролей. Какие бывают и правда ли безопасны? | В 1997 году американский криптограф и специалист по компьютерной безопасности Брюс Шнайер написал первый в мире менеджер паролей — Password Safe.
Это была простая и бесплатная утилита для Windows 95 с примитивным пользовательским интерфейсо... |
| 12.07.2023 | Microsoft scrambles zero-day fixes in bumper patch crop | Microsoft’s monthly patch day brings with it a warning of an as-yet-unpatched zero-day vulnerability in which Word documents are the attack vector.
In a blog post, Microsoft accused a Russian threat actor dubbed “Storm-0978” of using CVE-20... |
| 04.07.2023 | 200+ подкастов про информационную безопасность и хакерские атаки | Привет! Мы решили сделать для вас подборку ИБ-подкастов. Это аудиоконтент с различными шоу и экспертными интервью, которые помогут прокачать профессиональные навыки, узнать последние новости, сориентироваться в индустрии и заодно прокачать ... |
| 19.06.2023 | Домены .zip и .mov — новый вектор для фишинга | В мае этого года компания Google Registry открыла для регистрации восемь новых gTLD: .dad, .phd, .prof, .esq, .foo, .zip, .mov и .nexus.
Особенное внимание привлекают .zip и .mov. Эти домены, созвучные с расширениями файлов, могут использов... |
| 14.06.2023 | Microsoft patches 94 vulnerabilities | Microsoft has addressed 94 vulnerabilities in this month’s Patch Tuesday, but just four rate greater than nine (9) on the Common Vulnerability Scoring System and none are flagged as under exploitation.
Windows Pragmatic General Multicast (P... |
| 16.03.2023 | Scammers already exploiting Silicon Valley Bank collapse | Several security researchers have reported that threat actors are registering suspicious domains, setting up phishing pages and preparing for business email compromise (BEC) attacks.
The objective is to steal money, acquire account data or ... |
| 11.01.2023 | Microsoft sends security admins their first gift for 2023 | Microsoft has kicked off its Patch Tuesday cycle for 2023 with 98 patches; 11 of these are critical, and Microsoft is aware of an exploit for one.
The exploited zero-day is CVE-2023-21674, a Windows Advanced Local Procedure Call (ALPC) esca... |
| 09.11.2022 | Microsoft ships 68 patches, including 10 rated critical | Microsoft’s monthly shipment of patches covers 68 vulnerabilities, 10 of which are rated as critical.
Of the critical vulnerabilities, the SANS Institute said one is under active exploitation: CVE-2022-41128, a remote code execution (RCE) b... |
| 02.11.2022 | Проблема LotL-атак: старый и надежный метод нелегитимного использования легитимного ПО | В последние годы предприятия и корпорации находятся под атакой продвинутых злоумышленников, которые используют все более творческие подходы к компрометации систем безопасности. Одним из наиболее распространенных методов являются LotL-атаки ... |
| 26.10.2022 | Apple warns of actively exploited iOS and iPadOS zero-day | Apple has issued a set of security updates for its iOS and iPadOS mobile operating systems that, among other patches, handle an actively exploited vulnerability, a zero day for which no prior fix existed.
The updates in iOS version 16.1 and... |
| 14.10.2022 | Microsoft Security: Windows 0Day Under Attack, Most Versions Vulnerable—Update Now | |
| 12.10.2022 | October Patch Wednesday handles 13 critical vulnerabilities | Microsoft's regular set of security updates address 96 vulnerabilities, 13 of them rated as critical, for October.
Critical remote code execution vulnerabilities are found in its Office productivity suite, and in the Windows point-to-point ... |
| 19.09.2022 | Браузерные менеджеры паролей — изначально ошибочная защита | В этой статье рассказывается об очень серьёзной и распространённой угрозе бизнес-данным, так что давайте сразу же перейдём к ней:
Стандартные функции управления паролями браузеров Chrome, Firefox и Edge обеспечивают лишь видимость защищённо... |
| 14.09.2022 | Four remote code execution bugs in Microsoft's September Patch Tuesday | Microsoft's 'Patch Tuesday' is important this month, with five critical vulnerabilities patched, and one vulnerability already exploited.
Microsoft’s advisory says CVE-2022-37969 has an exploit circulating in the wild.
It’s an elevation of ... |
| 14.09.2022 | Remote code execution bug fixes and more in Microsoft's September Patch Tuesday | Microsoft's 'Patch Tuesday' is important this month, with five critical vulnerabilities patched, and one vulnerability already exploited.
Microsoft’s advisory says CVE-2022-37969 has an exploit circulating in the wild.
It’s an elevation of ... |
| 21.07.2022 | Apple releases large surprise set of security patches | Apple has pushed out another large set of security patches for its mobile, desktop, wearable and TV operating systems, addressing a range of issues.
There are patches for macOS Catalina, Big Sur and Monterey, with the first two operating sy... |
| 01.06.2022 | Suspected Chinese threat group seen attacking Microsoft Office Follina flaw | Suspected Chinese threat actors have been observed by security researchers attacking the Microsoft Office zero-day flaw 'Follina', which was widely publicised this week.
Researchers at security vendor Proofpoint said in a tweet that the adv... |
| 26.05.2022 | Old Python package comes back to life and delivers malicious payload | Image: sharafmaksumov/Adobe Stock
Python packages are generally updated often as their developers add new functionalities or features, remove bugs or increase stability.
An old Python package named “ctx,” not updated since 2014, suddenly ca... |
| 25.05.2022 | Popular Python and PHP software repo-jacked | Software in Python Package Index (PyPI) and Hypertext Preprocessor (PHP) repositories have been targeted in supply-chain attacks, which researchers say are aimed at stealing users' Amazon Web Services credentials.
Reported by white hat hack... |
| 17.05.2022 | Apple patches actively exploited macOS Big Sur bug | Apple has patched an actively exploited vulnerability in its older macOS Big Sur operating system, the details of which were first made public in April.
At the time, macOS Monterey along with iPadOS and iOS received patches for two actively... |
| 01.04.2022 | SANS spots Spring4shell vulnerability exploitation attempts | After debate around its seriousness among security researchers, the Spring4Shell remote code execution vulnerability in the Spring framework for Java is now rated as criticial, with a 9.8 out of 10 score and patches released.
Security resea... |
| 29.03.2022 | Russian network 'hijacked' Twitter traffic | In what could either be an accident or an attempted hijack, a Russian telecommunications carrier briefly advertised itself as the destination for Twitter traffic for more than two hours yesterday.
As noted by Johannes Ullrich of the SANS In... |
| 07.03.2022 | What to Make of Microsoft’s Year in Cybersecurity | On Feb. 1, Microsoft announced a new cybersecurity offering for federal government customers called the Modern Log Management Program. The program includes a suite of Microsoft’s visibility and remediation tools, which pull diagnostic data ... |
| 07.02.2022 | CVE-2022-21907: Microsoft Windows HTTP protocol DOS vulnerability | CVE-2022-21907: Microsoft Windows HTTP protocol DOS vulnerability
2022-02-07 | 6 min read Recently, a CVE for Microsoft Windows HTTP protocol stack was publicly disclosed where a remote, unauthenticated attacker can cause a full compromise ... |
| 26.01.2022 | A bug lurking for 12 years gives attackers root on every major Linux distro | Enlarge
Getty Images reader comments 103 with 80 posters participating, including story author
Share this story
Share on Facebook
Share on Twitter
Share on Reddit
Linux users on Tuesday got a major dose of bad news—a 12-year-old vulnerabili... |
| 26.01.2022 | A bug lurking for 12 years gives attackers root on most major Linux distros | Enlarge
Getty Images reader comments 172 with 103 posters participating, including story author
Share this story
Share on Facebook
Share on Twitter
Share on Reddit
Linux users on Tuesday got a major dose of bad news—a 12-year-old vulnerabil... |
| 30.12.2021 | ТОП-3 ИБ-событий недели по версии Jet CSIRT | Сегодня в ТОП-3 — новая уязвимость в Log4j, атаки с использованием платформы сборки приложений MSBuild и атака на норвежскую медиакомпанию Amedia. Новости собирала Алла Крджоян, младший аналитик центра мониторинга и реагирования на инцидент... |
| 15.12.2021 | Qualys : Log4Shell Exploit Detection and Response with Qualys Multi-Vector EDR | Author: Hiep Dang & Malware Threat Research Team
On Dec 9, 2021, the world first learned about the Log4Shell vulnerability (aka Log4J CVE-2021-44228) found in the Log4j2 library commonly used by Java applications. Since then, everyone i... |
| 13.12.2021 | The Log4Shell 0-day, four days on: What is it, and how bad is it really? | Enlarge
Getty Images / Bill Hinton reader comments 167 with 103 posters participating
Share this story
Share on Facebook
Share on Twitter
Share on Reddit
Log4Shell is the name given to a critical zero-day vulnerability that surfaced on Thur... |
| 13.12.2021 | The Log4Shell 0-day, four days on: What is it, and how bad is it really? | Enlarge
Getty Images / Bill Hinton reader comments 214 with 118 posters participating
Share this story
Share on Facebook
Share on Twitter
Share on Reddit
Log4Shell is the name given to a critical zero-day vulnerability that surfaced on Thur... |
| 07.10.2021 | Fake lies matter: Brand impersonation attacks | While a great deal of news articles, white papers, and security solutions are focused on 0-days and vulnerabilities, the core vulnerability of all of our information technology is people. Our entire tech stack makes it easy for users to mak... |
| 03.08.2021 | PetitPotam: Novel Attack Chain Can Fully Compromise Windows Domains Running AD CS | Late last month (July 2021), security researcher Topotam published a proof-of-concept (PoC) implementation of a novel NTLM relay attack christened 'PetitPotam.' The technique used in the PoC allows a remote, unauthenticated attacker to comp... |
| 14.04.2021 | 100 million more IoT devices are exposed—and they won’t be the last | Enlarge
Elena Lacey reader comments 89 with 63 posters participating
Share this story
Share on Facebook
Share on Twitter
Share on Reddit
Over the last few years, researchers have found a shocking number of vulnerabilities in seemingly basic... |
| 05.02.2021 | Chrome users have faced 3 security concerns over the past 24 hours | Chrome reader comments 56 with 42 posters participating
Share this story
Share on Facebook
Share on Twitter
Share on Reddit
Users of Google’s Chrome browser have faced three security concerns over the past 24 hours in the form of a maliciou... |
| 01.12.2020 | Oracle vulnerability that executes malicious code is under active attack | Enlarge
Oracle reader comments 28 with 19 posters participating
Share this story
Share on Facebook
Share on Twitter
Share on Reddit
Attackers are targeting a recently patched Oracle WebLogic vulnerability that allows them to execute code of... |
| 29.10.2020 | Hackers are on the hunt for Oracle servers vulnerable to potent exploit | Enlarge
Victorgrigas reader comments 54 with 41 posters participating
Share this story
Share on Facebook
Share on Twitter
Share on Reddit
Hackers are scanning the Internet for machines that have yet to patch a recently disclosed flaw that f... |
| 24.08.2020 | Google's Anti-Hijacking Tool Blamed for 50% of Root Traffic | CJ Robles, Tech Times 24 August 2020, 06:08 am
Google programmed its Chrome browser and Chromium-based associates to randomly test using three domain names to prevent any DNS takeover. However, ZDNet reported that experts claim that half of... |
| 19.06.2019 | Oracle issues emergency update to patch actively exploited WebLogic flaw | Enlarge / Security team KnownSec404 proof-of-concept image, showing an instance of Windows Calculator being run on the remote WebLogic server.
KnownSec 404 reader comments 28 with 16 posters participating, including story author
Share this ... |
| 23.05.2019 | Why a Windows flaw patched nine days ago is still spooking the Internet | Enlarge / Artist's impression of a malicious hacker coding up a BlueKeep-based exploit.
Getty Images / Bill Hinton reader comments 84 with 57 posters participating
Share this story
Share on Facebook
Share on Twitter
Share on Reddit
It has b... |
| 30.04.2019 | Zero-day attackers deliver a double dose of ransomware—no clicking required | Enlarge
Cisco Talos reader comments 86 with 63 posters participating
Share this story
Share on Facebook
Share on Twitter
Share on Reddit
Attackers have been actively exploiting a critical zero-day vulnerability in the widely used Oracle Web... |
| 03.07.2018 | Really dumb malware targets cryptocurrency fans using Macs | Enlarge
Lucasfilm reader comments 177 with 104 posters participating, including story author
Share this story
Share on Facebook
Share on Twitter
Share on Reddit
Someone impersonating administrators of cryptocurrency-related discussion chann... |
| 09.05.2018 | Critical Windows bug fixed today is actively being exploited to hack users | Enlarge
Lisa Brewster / Flickr reader comments 85 with 46 posters participating
Share this story
Share on Facebook
Share on Twitter
Share on Reddit
Microsoft on Tuesday patched two Windows vulnerabilities that attackers are actively exploit... |
| 15.02.2018 | Security specialist Greenbone develops dedicated Scan-profile for quick vulnerability checking | Osnabrueck / London, February 15th 2018 – Greenbone, a provider of vulnerability management solutions for IT networks, has announced the availability of a purpose-built scan-profile, allowing users of Greenbone’s products to scan for the vu... |
| 09.01.2018 | Oracle app server hack let one attacker mine $226,000 worth of cryptocoins | If "java" suddenly dies on your WebLogic or PeopleSoft server, you may be getting mined for Monero.
David Cairns / Getty Images reader comments 25 with 24 posters participating
Share this story
Share on Facebook
Share on Twitter
S... |
| 08.01.2018 | Hackers find new ways to print digital money for free | US Treasury Department reader comments 58 with 41 posters participating
Share this story
Share on Facebook
Share on Twitter
Share on Reddit
The sky-high valuations of cryptocurrencies isn't lost on hackers, who are responding with increasin... |
| 03.01.2018 | How to Protect Your Home Router from Attacks | Your router, that box sitting in a corner of your house giving you internet access, is in many ways more important than your laptop or mobile phone. It might not store any of your personal information directly, but sensitive data passes thr... |
| 16.08.2017 | Bank-fraud malware not detected by any AV hosted in Chrome Web Store. Twice | Enlarge reader comments 23 with 19 posters participating
Share this story
Share on Facebook
Share on Twitter
Share on Reddit
A researcher has uncovered an elaborate bank-fraud scam that's using a malicious extension in Google's Chrome Web S... |
| 28.06.2017 | Windows Systems Hit by New Ransomware Wave | News Windows Systems Hit by New Ransomware Wave By Kurt MackieJune 28, 2017
Just over a month after the WannaCry/WannaCrypt outbreak, a new ransomware attack has reportedly crippled Windows systems worldwide, according to an article by Reut... |
| 28.06.2017 | Windows Systems Hit by New Ransomware Wave | News Windows Systems Hit by New Ransomware Wave By Kurt MackieJune 28, 2017
Just over a month after the WannaCry/WannaCrypt outbreak, a new ransomware attack has reportedly crippled Windows systems worldwide, according to an article by Reut... |
| 12.05.2017 | Large-Scale Ransomware Attack Targets Windows Systems | News Large-Scale Ransomware Attack Targets Windows Systems By Kurt MackieMay 12, 2017
A widespread ransomware outbreak on Friday has attacked an estimated 45,000 systems in 74 countries, according to a report from the SANS Institute's Inter... |
| 12.05.2017 | Large-Scale Ransomware Attack Targets Windows Systems | News Large-Scale Ransomware Attack Targets Windows Systems By Kurt MackieMay 12, 2017
A widespread ransomware outbreak on Friday has attacked an estimated 45,000 systems in 74 countries, according to a report from the SANS Institute's Inter... |
| 06.02.2017 | Gov't Security Group Warns of Windows Zero-Day Flaw | News Gov't Security Group Warns of Windows Zero-Day Flaw By Kurt MackieFebruary 06, 2017
Windows systems are vulnerable to zero-day attacks that exploit the Server Message Block (SMB) protocol, according to an advisory issued last week by t... |
| 06.02.2017 | Gov't Security Group Warns of Windows Zero-Day Flaw | News Gov't Security Group Warns of Windows Zero-Day Flaw By Kurt MackieFebruary 06, 2017
Windows systems are vulnerable to zero-day attacks that exploit the Server Message Block (SMB) protocol, according to an advisory issued last week by t... |
| 30.11.2016 | Deutsche Telekom Mirai attack part of wider global onslaught | Outages that have hit hundreds of thousands of Deutsche Telekom customers in Germany since Sunday were part of a worldwide attempt to hijack routing devices, German government and commercial security experts said.
Other operators globally w... |
| 28.11.2016 | Newly discovered router flaw being hammered by in-the-wild attacks | Enlarge reader comments 106 with 69 posters participating
Share this story
Share on Facebook
Share on Twitter
Share on Reddit
Online criminals—at least some of them wielding the notorious Mirai malware that transforms Internet-of-things dev... |
| 12.11.2016 | New attack reportedly lets 1 modest laptop knock big servers offline | Bonnie Natko reader comments 68 with 43 posters participating
Share this story
Share on Facebook
Share on Twitter
Share on Reddit
Researchers said they have discovered a simple way lone attackers with limited resources can knock large serve... |
| 03.10.2016 | How hard is it to hack the average DVR? Sadly, not hard at all | reader comments 103 with 54 posters participating
Share this story
Share on Facebook
Share on Twitter
Share on Reddit
A major battle is underway for control over hundreds of millions of network-connected digital video recorders, cameras, an... |
| 07.06.2016 | Drive-by exploit kit bypasses Microsoft EMET protections | Malware writers have updated the widely-used Angler exploit kit to bypass Microsoft's Enhanced Mitigation Experience Toolkit (EMET), which is used to prevent software vulnerabilities from being exploited.
Angler is used to deploy ransomware... |
| 26.02.2016 | Palo Alto Networks patches serious vulnerabilities | Security vendor Palo Alto Networks has issued a security advisory covering four vulnerabilities affecting its PAN-OS operating system and is advising users to patch immediately.
Two vulnerabilities in particular appear to be particularly da... |
| 21.09.2015 | Apple scrambles after 40 malicious “XcodeGhost” apps haunt App Store | PhotoAtelier reader comments 237 with 103 posters participating, including story author
Share this story
Share on Facebook
Share on Twitter
Share on Reddit
Apple officials are cleaning up the company's App Store after a security firm report... |
| 25.06.2015 | A ‘Tech Dad’ Emailed 97,931 People Their Hacked Passwords | New hacker horror stories are being spun all the time, whether it's Uber accounts being sold on the dark web, or an Anonymous affiliate posting the emails and passwords of Canadian government officials. Have you ever wondered if your email ... |
| 24.01.2015 | Zombie Pirate Bay Tracker Fuels Chinese DDoS Attacks | On November 2009 The Pirate Bay announced that it would shut down its tracker for good.
Trackers were outdated according to the site’s owners. Instead, they encouraged BitTorrent users to rely on DHT, PEX and other trackerless technologies.... |
| 15.12.2014 | Worm exploits nasty Shellshock bug to commandeer network storage systems | reader comments 17 with 12 posters participating
Share this story
Share on Facebook
Share on Twitter
Share on Reddit
Criminal hackers are actively exploiting the critical shellshock vulnerability to install a self-replicating backdoor on a ... |
| 30.09.2014 | Shellshock fixes beget another round of patches as attacks mount | reader comments 46 with 22 posters participating
Share this story
Share on Facebook
Share on Twitter
Share on Reddit
Over the past few days, Apple, Red Hat, and others have pushed out patches to vulnerabilities in the GNU Bourne Again Shell... |
| 28.07.2014 | CloudFlare’s Matthew Prince: Building A Better Internet | ReadWriteBuilders is a series of interviews with developers, designers and other architects of the programmable future.
For a 100-person company founded in 2009, the tech firm Cloudflare certainly seems to have an outsized impact on the Int... |
| 20.06.2014 | At least 32,000 servers broadcast admin passwords in the clear, advisory warns | reader comments 59 with 38 posters participating, including story author
Share this story
Share on Facebook
Share on Twitter
Share on Reddit
An alarming number of servers containing motherboards manufactured by Supermicro continue to expose... |
| 13.06.2014 | P.F. Chang’s turns to vintage 1970s tech after credit card breach | The carbon copy is yours to keep, madam.
eBay reader comments 210 with 127 posters participating
Share this story
Share on Facebook
Share on Twitter
Share on Reddit
US restaurant chain P.F. Chang's China Bistro plans to temporarily bring ba... |
| 05.05.2014 | Infecting DVRs with Bitcoin-mining malware even easier than you suspected | The dialog that appears when users want to manually change the default password on their EPCOM Hikvision S04 DVR.
Sans Institute reader comments 47 with 33 posters participating
Share this story
Share on Facebook
Share on Twitter
Share on R... |
| 21.04.2014 | Heartbleed as Metaphor | I begin with a paragraph from Wikipedia:
Self-organized criticality is one of a number of important discoveries made in statistical physics and related fields over the latter half of the 20th century, discoveries which relate particularly t... |
| 02.04.2014 | “Internet of Things” is the new Windows XP—malware’s favorite target | Jitter Buffer reader comments 120 with 66 posters participating
Share this story
Share on Facebook
Share on Twitter
Share on Reddit
The past few days have revealed new data that suggests the recent upsurge in malware targeting routers—as Ar... |
| 20.02.2014 | Hardware Needs To Be Harder To Hack | News that Linksys and Belkin hardware was inherently insecure and could easily allow hackers to access your local network and control your gear.
First, there is “The Moon,” a piece of malware that can infect E1000, E1200 and E2400 routers f... |
| 18.02.2014 | ASUS routers may be showing your personal files to EVERYONE | One of the main advantages to using a router is knowing that your personal information is kept away from the privy eyes of the Internet, unless you choose to make the data publicly available. A number of ASUS routers, however, are making fi... |
| 13.02.2014 | Bizarre attack infects Linksys routers with self-replicating malware | reader comments 85 with 57 posters participating, including story author
Share this story
Share on Facebook
Share on Twitter
Share on Reddit
Researchers say they have uncovered an ongoing attack that infects home and small-office wireless r... |
| 21.09.2011 | New JavaScript hacking tool can intercept PayPal, other secure sessions | reader comments 53 with 40 posters participating, including story author
Share this story
Share on Facebook
Share on Twitter
Share on Reddit
On Friday, a pair of security researchers will present a hacking tool which they claim decrypts sec... |
| 09.09.2011 | Microsoft posts security bulletins 4 days early, scrambles to fix mistake | Photograph by Dale Lane reader comments 38 with 28 posters participating
Share this story
Share on Facebook
Share on Twitter
Share on Reddit
Each month, there is a clearly defined process Microsoft uses to release security patches to fix fl... |
| 06.09.2011 | Ataque à DigiNotar pode (e deve) causar mudanças na segurança da web | Na semana passada um usuário da internet no Irã chamado Ali Borhani recebeu um aviso do Chrome ao tentar logar no Google dizendo que o certificado de segurança era inválido. O certificado foi emitido em nome do Google, mas era menos do que ... |
| 02.06.2011 | Apple working on a Sophisticated Infrared System for iOS Cameras
Categories
Search | The Problem to Solve
Many electronic devices include cameras designed to detect images. For example, a traditional cellular telephone or portable media player may include a camera. Such cameras can typically detect images based on visible l... |
| 04.05.2011 | We got Osama bin Laden so that malware alarmists can get you | In the light of [NAME OF NEWS EVENT] we are cautioning users to beware of Internet scams and other abuse. Be on the lookout for Facebook messages related to [NAME OF NEWS EVENT], scrutinize search engine results related to [NAME OF NEWS EVE... |
| 18.08.2010 | Newly detected SQL injection attack snags Apple in wide net | reader comments 61 with 36 posters participating
Share this story
Share on Facebook
Share on Twitter
Share on Reddit
A new series of mass SQL injection attacks has planted links to malware sites and hidden iframes in over a million webpages... |
| 19.07.2010 | New Windows Shortcut zero-day exploit confirmed | reader comments 91 with 57 posters participating
Share this story
Share on Facebook
Share on Twitter
Share on Reddit
Reports have been circulating for a few weeks about a new attack being targeted at certain Windows users that used USB memo... |
| - | Confluence vulnerabilities under active ransomware exploitation | The Atlassian Confluence Data Centre and Server vulnerability first disclosed last week is under active exploitation.
Security company Rapid7 said it has seen attackers exploiting improper authorisation vulnerability designated CVE-2023-225... |
| - | Microsoft discloses three critical RCEs | Microsoft’s monthly crop of patches includes three bugs in its message queuing service which are rated as critical, and which enable remote code execution (RCE).
CVE-2023-35385, CVE-2023-36910, and CVE-2023-36911 all expose servers to attac... |
| - | Azure CLI credential leak part of Microsoft's monthly patch rollup | Microsoft’s regular patch day includes patches for zero-days and bugs already under exploitation, along with three vulnerabilities rated critical.
One of the critical vulnerabilities, CVE-2023-36052, is important enough to receive a detaile... |
| - | Microsoft releases 60 Windows patches | Microsoft’s patch cycle this month has a handful of notable vulnerabilities – apparently none of them zero-days – in a total crop of 60 Windows patches.
CVE-2024-21334 is a vulnerability in open management infrastructure (OMI) and carries a... |
| - | Curious engineer catches backdoor in Linux compression package | A curious Microsoft engineer has turned up a backdoor in the nearly-ubiquitous open source XZ Utils package that’s set Linux maintainers into a patching frenzy.
Andres Freund, who describes himself on LinkedIn as a “PostgreSQL developer and... |