CVE-2022-26522

The socket connection handler in aswArPot.sys in the Avast and AVG Windows Anti Rootkit driver before 22.1 allows local attackers to execute arbitrary code in kernel mode or cause a denial of service memory corruption and OS crash due to a double fetch vulnerability at aswArPot+0xc4a3...

Windows Zero Day Selling for $90,000

Hackers claim to have unearthed a zero-day vulnerability giving attackers admin rights to any Windows machine from Windows 2000 to a fully patched version of Windows 10. The zero day is for sale on the black market for $90,000. Security experts say the zero-day exploit looks legitimate and in the...

System Hardening Guide

The purpose of system hardening is to eliminate as many security risks as possible. Hardening is the process of securing a system by reducing its attack surface. A system has a larger vulnerability surface the more functions it fulfills; in principle a single-function system is more secure than a...

U.S. Defense Information Systems Agency (DISA) Unix Security Readiness Review (SRR) root compromise / VU#433821

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Executive Summary - ----------------- Unprivileged local users can obtain root access on Unix systems where the DISA SRR scripts are run. If a remote user can introduce a file into the filesystem e.g. anonymous ftp, http upload, cdrom, samba share,...