389 matches found
XSS in mdBook
This is a cross-post of the official security advisoryml. The official post contains a signed version with our PGP key, as well. ml: https://groups.google.com/g/rustlang-security-announcements/c/3-sO6of29O0 The Rust Security Response Working Group was recently notified of a security issue affecti...
XStream is vulnerable to a Remote Command Execution attack
Impact The vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required...
Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware
The Microsoft Threat Intelligence Center MSTIC alongside the Microsoft Security Response Center MSRC has uncovered a private-sector offensive actor, or PSOA, that we are calling SOURGUM in possession of now-patched, Windows 0-day exploits CVE-2021-31979 and CVE-2021-33771. Private-sector offensiv...
Critical Palo Alto Cyber-Defense Bug Allows Remote ‘War Room’ Access
A critical security bug in Palo Alto Networks’ Cortex XSOAR could allow remote attackers to run commands and automations in the Cortex XSOAR War Room and to take other actions on the platform, without having to log in. Found internally by Palo Alto, the bug CVE-2021-3044 is an...
Microsoft Azure Virtual Machine信息泄露漏洞(CVE-2021-27075)
CVE-2021-27075: Microsoft Azure Vulnerability Allows Privilege Escalation and Leak of Private Data Written by Paul Litvak - 11 May 2021 In this post I will explain how the Microsoft Azure Virtual Machine VM extension works and how we found a fatal vulnerability in the extension mechanism affectin...
CVE-2021-26419
Scripting Engine Memory Corruption Vulnerability Recent assessments: architect00 at May 14, 2021 10:33am UTC reported: Details The vulnerability affects Internet Explorer 11 on all Windows Versions. It is located in the jscript9.dll library, which is used to execute javascript. Possible attack...
RUSTSEC-2021-0001 XSS in mdBook's search page
This is a cross-post of the official security advisoryml. The official post contains a signed version with our PGP key, as well. ml: https://groups.google.com/g/rustlang-security-announcements/c/3-sO6of29O0 The Rust Security Response Working Group was recently notified of a security issue affecti...
HPSBHF03690 rev. 3 - NVIDIA GPU Display Driver September 2020 Security Updates
Potential Security Impact Escalation of Privilege, Code Execution, Denial of Service, Information Disclosure. Source: HP, HP Product Security Response Team PSRT Reported By: NVIDIA VULNERABILITY SUMMARY NVIDIA has informed HP of potential security vulnerabilities in the NVIDIA GPU Display Driver...
Unsecured Microsoft Bing Server Exposed Users' Search Queries and Location
A back-end server associated with Microsoft Bing exposed sensitive data of the search engine's mobile application users, including search queries, device details, and GPS coordinates, among others. The logging database, however, doesn't include any personal details such as names or addresses. The...
What to Expect When Reporting Vulnerabilities to Microsoft
At the Microsoft Security Response Center’s MSRC, our primary mission is to help protect our customers. One of the ways we do this is by working with security researchers to discover security vulnerabilities in our services and products, and then making sure those that pose a threat to customers...
What to Expect When Reporting Vulnerabilities to Microsoft
At the Microsoft Security Response Center’s MSRC, our primary mission is to help protect our customers. One of the ways we do this is by working with security researchers to discover security vulnerabilities in our services and products, and then making sure those that pose a threat to customers...
What to Expect When Reporting Vulnerabilities to Microsoft
At the Microsoft Security Response Center’s MSRC, our primary mission is to help protect our customers. One of the ways we do this is by working with security researchers to discover security vulnerabilities in our services and products, and then making sure those that pose a threat to customers...
New Twitter phishing scam inspired from Twitter’s latest security response
By Sudais Asif Crooks are using the July 15th's cyberattack on Twitter to carry out phishing scam designed to steal the login credentials of unsuspected users. This is a post from HackRead.com Read the original post: New Twitter phishing scam inspired from Twitters latest security response...
HPSBHF03681 rev. 2 - Intel® Graphics Drivers August 2020 Security Updates
Potential Security Impact Escalation of Privilege, Denial of Service Source: HP, HP Product Security Response Team PSRT Reported By: Intel VULNERABILITY SUMMARY Intel has informed HP of potential security vulnerabilities in some Intel® Graphics Drivers which may allow escalation of privilege and/...
Top MSRC 2020 Q2 Security Researchers Announced – Congratulations!
We are excited to announce the top contributing researchers for the 2020 Second Quarter Q2! Congratulations to all the researchers who continue to rock the leaderboard, and a big thank you to everyone for your contribution to securing our customers and the ecosystem. The top three researchers of...
The Safety Boat: Kubernetes and Rust
Our team, DeisLabs, recently released a new piece of software called Krustlet, which is a tool for running WebAssembly modules on the popular, open-source container management tool called Kubernetes. Kubernetes is used quite extensively to run cloud software across many vendors and companies and ...
PowerPoint ‘Weakness’ Opens Door to Malicious Mouse-Over Attack
A researcher is sounding the alarm over what he believes could be a novel attack vector which allows a hacker to manipulate a PowerPoint file to download and begin the installation of malware, simply by hovering over a hypertext link. The technique does require a victim to accept one pop-up...
[サイバーセキュリティ月間2020] マイクロソフトのセキュリティに関する情報発信サイトのまとめ
わたしたちセキュリティレスポンスチームは、日本政府が定める「サイバーセキュリティ月間」に賛同し、本ブ...
March 2020 security updates are available
We have released the March security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. The post March 2020...
HPSBHF03657 rev. 3 - NVIDIA GPU Display Driver February 2020 Security Updates
Potential Security Impact Denial of Service, Escalation of Privileges, Code Execution, Information Disclosure. Source: HP, HP Product Security Response Team PSRT Reported By: NVIDIA VULNERABILITY SUMMARY NVIDIA has informed HP of potential security vulnerabilities in the NVIDIA GPU Display Driver...