August 26, 2021—KB5005103 (OS Build 18363.1766) Preview

August 26, 2021—KB5005103 OS Build 18363.1766 Preview NEW 8/24/2021 IMPORTANT Starting in October 2021, there will no longer be optional, non-security releases known as "C" releases for Windows 10, version 1909. Only cumulative monthly security updates known as the "B" or Update Tuesday release...

Microsoft Teams: Very Bad Tabs Could Have Led to BEC

Attackers could have stepped through a yawning security hole in the Microsoft Teams chat service that would have let them masquerade as a targeted company’s employee, by reading and sending email on their behalf. On Monday, Tenable’s Evan Grant explained in a post that he found the bug in Microso...

Tax Phish Swims Past Google Workspace Email Security

A W2 tax email scam is circulating in the U.S. using Typeform, a popular software that specializes in online surveys and form building. The campaign is aimed at harvesting victims’ email account credentials, researchers said. According to Armorblox, the campaign also bypasses native Google...

Description of the security update for SharePoint Enterprise Server 2016: April 13, 2021 (KB4504723)

Description of the security update for SharePoint Enterprise Server 2016: April 13, 2021 KB4504723 Summary This security update resolves a Microsoft Word remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2021-28453...

[SECURITY] Fedora 34 Update: gnome-online-miners-3.34.0-8.fc34

GNOME Online Miners provides a set of crawlers that go through your online content and index them locally in Tracker. It has miners for Facebook, Flic kr, Google, OneDrive and Nextcloud...

Fedora: Security Advisory for gnome-online-miners (FEDORA-2021-303f6623fa)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Metasploit Wrap-Up

Baron Samedit is coming to get you Last week, a critical bug in sudo came out and could potentially affect most of the Linux-based operating systems, since this tool is usually installed by default. This vulnerability is identified as CVE-2021-3156, but better known as "Baron Samedit", and is...

March 29, 2021—KB5000842 (OS Builds 19041.906 and 19042.906) Preview

March 29, 2021—KB5000842 OS Builds 19041.906 and 19042.906 Preview 2/24/21 IMPORTANT As part of the end of support for Adobe Flash, KB4577586 is now available as an optional update from Windows Update WU and Windows Server Update Services WSUS. Installing KB4577586 will remove Adobe Flash Player...

OneDrive Sync Provider Enumeration Module

This module will identify the Office 365 OneDrive endpoints for both business and personal accounts across all users providing access is permitted. It is useful for identifying document libraries that may otherwise not be obvious which could contain sensitive or useful information. Module Options...

Microsoft OneDrive for Mac suffers from dll hijacking vulnerability

Microsoft OneDrive is a cloud backup application. The program features automatic backup of photo albums, online work and file sharing. Microsoft OneDrive for Mac suffers from a dll hijacking vulnerability. An attacker can exploit the vulnerability to load a malicious dll and execute malicious cod...

Microsoft OneDrive for Mac suffers from dll hijacking vulnerability (CNVD-2021-05387)

Microsoft OneDrive is a cloud backup application. The program features automatic backup of photo albums, online work and file sharing. Microsoft OneDrive for Mac suffers from a dll hijacking vulnerability. An attacker can exploit the vulnerability to load a malicious dll and execute malicious cod...

Microsoft OneDrive for Mac suffers from dll hijacking vulnerability (CNVD-2021-05386)

Microsoft OneDrive is a cloud backup application. The program features automatic backup of photo albums, online work and file sharing. Microsoft OneDrive for Mac suffers from a dll hijacking vulnerability. An attacker can exploit the vulnerability to load a malicious dll and execute malicious cod...

Microsoft OneDrive suffers from dll hijacking vulnerability

OneDrive is Microsoft's new generation of network storage tools, renamed from SkyDrive.OeDrive's versions span multiple endpoints, including web, mobile, and PC. Microsoft OneDrive has a dll hijacking vulnerability that can be exploited by attackers to remotely control a user's computer or implan...

Microsoft OneDrive suffers from a DLL hijacking vulnerability (CNVD-2021-03304)

OneDrive is Microsoft's next-generation network storage tool, renamed from SkyDrive.OeDrive's versions span multiple endpoints, web, mobile, and PC. Microsoft OneDrive has a DLL hijacking vulnerability, which can be exploited by attackers to remotely control a user's computer or implant a Trojan...

Security update for rclone (moderate)

openSUSE Security Update: Security update for rclone Announcement ID: openSUSE-SU-2020:2168-1 Rating: moderate References: 1179005 Cross-References: CVE-2020-28924 Affected Products: openSUSE Backports SLE-15-SP1 An update that fixes one vulnerability is now available. Description: This update fo...

Digitally Signed Bandook Trojan Reemerges in Global Spy Campaign

A wave of targeted cyberattack campaigns bent on espionage is cresting around the globe, using a strain of a 13-year old backdoor trojan named Bandook. According to Check Point Research, Bandook was last spotted being used in 2015 and 2017/2018, in the “Operation Manul” and “Dark Caracal”...

openSUSE Security Update : rclone (openSUSE-2020-2008)

This update for rclone fixes the following issues : rclone was updated to version 1.53.3 : - Bug Fixes - Fix incorrect use of math/rand instead of crypto/rand CVE-2020-28924 boo1179005 Nick Craig-Wood - Check https://github.com/rclone/passwordcheck for a tool check for weak passwords generated by...

openSUSE Security Update : rclone (openSUSE-2020-2035)

This update for rclone fixes the following issues : rclone was updated to version 1.53.3 : - Bug Fixes - Fix incorrect use of math/rand instead of crypto/rand CVE-2020-28924 boo1179005 Nick Craig-Wood - Check https://github.com/rclone/passwordcheck for a tool check for weak passwords generated by...

Security update for rclone (moderate)

openSUSE Security Update: Security update for rclone Announcement ID: openSUSE-SU-2020:2035-1 Rating: moderate References: 1179005 Cross-References: CVE-2020-28924 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for rclone...

Microsoft Kills 18 Azure Accounts Tied to Nation-State Attacks

Microsoft has suspended 18 Azure Active Directory applications that were being leveraged for command-and-control C2 infrastructure by what it says is a Chinese nation-state actor. While Microsoft services like Azure Active Directory AD – its cloud-based identity and access management service – ar...