1561 matches found
Think Your MFA and PAM Solutions Protect You? Think Again
When you roll out a security product, you assume it will fulfill its purpose. Unfortunately, however, this often turns out not to be the case. A new report, produced by Osterman Research and commissioned by Silverfort, reveals that MFA Multi-Factor Authentication and PAM Privileged Access...
China Unicom TEWA-800G Log Information Disclosure Vulnerability
The China Unicom TEWA-800G is a router from China Unicom China Unicom. A log information disclosure vulnerability exists in the China Unicom TEWA-800G version 4.16L.04CT2015Yueme, which stems from a debug log file that discloses sensitive information. An attacker could exploit this vulnerability ...
Security Updates for Windows Defender (September 2023)
The Malware Protection Engine version of Microsoft Windows Defender installed on the remote Windows host is prior to 1.1.23080.2005. It is, therefore, affected by an attack surface reduction vulnerability due to security features bypass. A remote attacker can trick a victim to open a specially...
CVE-2023-38163
Windows Defender Attack Surface Reduction Security Feature Bypass...
CVE-2023-38163
Windows Defender Attack Surface Reduction Security Feature Bypass...
Security feature bypass
Windows Defender Attack Surface Reduction Security Feature Bypass...
CVE-2023-38163 Windows Defender Attack Surface Reduction Security Feature Bypass
...
Windows Defender Attack Surface Reduction Security Feature Bypass
...
UBUNTU-CVE-2023-4576
On Windows, an integer overflow could occur in RecordedSourceSurfaceCreation which resulted in a heap buffer overflow potentially leaking sensitive data that could have led to a sandbox escape. This bug only affects Firefox on Windows. Other operating systems are unaffected. This vulnerability...
Cybercriminals Weaponizing Legitimate Advanced Installer Tool in Crypto-Mining Attacks
A legitimate Windows tool used for creating software packages called Advanced Installer is being abused by threat actors to drop cryptocurrency-mining malware on infected machines since at least November 2021. "The attacker uses Advanced Installer to package other legitimate software installers,...
Cloud storage security: What’s new in the threat matrix
Today, we announce the release of a second version of the threat matrix for storage services, a structured tool that assists in identifying and analyzing potential security threats on data stored in cloud storage services. The matrix, first released in April 2021 as detailed in the blog post Thre...
CVE-2023-23623
Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. A Content-Security-Policy that disables eval, specifically setting a script-src directive and not providing unsafe-eval in that directive, is not respected in renderers that have sandb...
SUSE CVE-2023-39352
FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to an invalid offset validation leading to Out Of Bound Write. This can be triggered when the values rect-left and rect-top are exactly equal to surface-width and...
SUSE CVE-2023-40186
FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to an IntegerOverflow leading to Out-Of-Bound Write Vulnerability in the gdiCreateSurface function. This issue affects FreeRDP based clients only. FreeRDP proxies...
UBUNTU-CVE-2023-40186
FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to an IntegerOverflow leading to Out-Of-Bound Write Vulnerability in the gdiCreateSurface function. This issue affects FreeRDP based clients only. FreeRDP proxies...
DEBIAN-CVE-2023-39352
FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to an invalid offset validation leading to Out Of Bound Write. This can be triggered when the values rect-left and rect-top are exactly equal to surface-width and...
CVE-2023-39352
FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to an invalid offset validation leading to Out Of Bound Write. This can be triggered when the values rect-left and rect-top are exactly equal to surface-width and...
CVE-2023-41742
Excessive attack surface due to binding to an unrestricted IP address. The following products are affected: Acronis Agent Linux, macOS, Windows before build 30430, Acronis Cyber Protect 15 Linux, macOS, Windows before build 35979...
CVE-2023-41742
Excessive attack surface due to binding to an unrestricted IP address. The following products are affected: Acronis Agent Linux, macOS, Windows before build 30430, Acronis Cyber Protect 15 Linux, macOS, Windows before build 35979...
Design/Logic Flaw
Excessive attack surface due to binding to an unrestricted IP address. The following products are affected: Acronis Agent Linux, macOS, Windows before build 30430, Acronis Cyber Protect 15 Linux, macOS, Windows before build 35979...