154 matches found
Microsoft Issues Patches for 90 Flaws, Including 10 Critical Zero-Days
Microsoft on Tuesday shipped fixes to address a total of 90 security flaws, including 10 zero-days, of which six have come under active exploitation in the wild. Of the 90 bugs, nine are rated Critical, 80 are rated Important, and one is rated Moderate in severity. This is also in addition to 36...
Talos discovers Microsoft kernel mode driver vulnerabilities that could lead to SYSTEM privileges; Seven other critical issues disclosed
Microsoft disclosed six security vulnerabilities that are actively being exploited across its products as part of the companys regular Patch Tuesday security update. In all, Augusts monthly round of patches from Microsoft included 87 vulnerabilities, seven of which are considered critical. In...
Windows Downgrade Attack Risks Exposing Patched Systems to Old Vulnerabilities
Microsoft said it is developing security updates to address two loopholes that it said could be abused to stage downgrade attacks against the Windows update architecture and replace current versions of the operating system files with older versions. The vulnerabilities are listed below -...
Where to find Talos at BlackHat 2024
With Black Hat just a week away, Cisco Talos is gearing up for another year of heading to Las Vegas to share in some of the latest major cybersecurity announcements, research and news. This year marks the 10th anniversary of Cisco Talos, as the Talos brand was officially launched in August 2014 a...
Microsoft Patch Tuesday: Microsoft Patches 142 Critical Vulnerabilities
Microsoft plugs critical security holes in July Patch Tuesday! 142 vulnerabilities patched, including actively exploited zero-days and remote…...
The Dreaded Network Pivot: An Attack Intelligence Story
Rapid7 recently released our 2024 Attack Intelligence Report, a 14-month deep dive into the vulnerability and attacker landscape. The spiritual successor to our annual Vulnerability Intelligence Report, the AIR includes data from the Rapid7 research team combined with our detection and response a...
Microsoft Patches 61 Flaws, Including Two Actively Exploited Zero-Days
Microsoft has addressed a total of 61 new security flaws in its software as part of its Patch Tuesday updates for May 2024, including two zero-days which have been actively exploited in the wild. Of the 61 flaws, one is rated Critical, 59 are rated Important, and one is rated Moderate in severity...
ArcaneDoor a Novel Espionage Campaign Exploits Cisco Zero-Days
...
Update now! Microsoft fixes two zero-days on February Patch Tuesday
Microsoft has issued patches for 73 security vulnerabilities in its February 2024 Patch Tuesday. Among these vulnerabilities are two zero-days that are reportedly being used in the wild. The two zero-day vulnerabilities have already been added to the Cybersecurity & Infrastructure Security Agency...
Microsoft Rolls Out Patches for 73 Flaws, Including 2 Windows Zero-Days
Microsoft has released patches to address 73 security flaws spanning its software lineup as part of its Patch Tuesday updates for February 2024, including two zero-days that have come under active exploitation. Of the 73 vulnerabilities, 5 are rated Critical, 65 are rated Important, and three and...
Ivanti VPN Flaws Exploited by DSLog Backdoor and Crypto Miners
By Deeba Ahmed Ivanti has released patches for vulnerabilities found in its enterprise VPN appliances, including two flagged as exploited zero-days… This is a post from HackRead.com Read the original post: Ivanti VPN Flaws Exploited by DSLog Backdoor and Crypto Miners...
Hackers Exploiting Ivanti VPN Flaws to Deploy KrustyLoader Malware
A pair of recently disclosed zero-day flaws in Ivanti Connect Secure ICS virtual private network VPN devices have been exploited to deliver a Rust-based payload called KrustyLoader that's used to drop the open-source Sliver adversary simulation tool. The security vulnerabilities, tracked as...
Apple’s Timely Response to Actively Exploited Zero-Days
Summary: Apple has released crucial software updates to address two actively exploited security vulnerabilities identified as CVE-2023-42916 and CVE-2023-42917. These vulnerabilities affect the WebKit browser engine on Apple devices such as iPhone, iPad, and Mac, potentially exposing sensitive...
Microsoft releases lightest Patch Tuesday in three years, no zero-days disclosed
Microsofts monthly security update released Tuesday is the companys lightest in four years, including only 33 vulnerabilities. Perhaps more notable is that there are no zero-day vulnerabilities included in Decembers Patch Tuesday, a rarity for Microsoft this year. The companys regular set of...
Flashpoint Uncovers 100,000+ Hidden Vulnerabilities, Including Zero-Days
By Deeba Ahmed 100,000+ Reasons to Rethink Vulnerability Management. This is a post from HackRead.com Read the original post: Flashpoint Uncovers 100,000+ Hidden Vulnerabilities, Including Zero-Days...
InfectedSlurs Botnet Spreads Mirai via Zero-Days
...
A week in security (November 13 – November 19)
Last week on Malwarebytes Labs: Signal is testing usernames so you don’t have to share your phone number State of Maine data breach impacts 1.3 million people Credit card skimming on the rise for the holiday shopping season Update now! Microsoft patches 3 actively exploited zero-days Ransomware...
The hot topics from Europe’s largest trade fair for IT security
IT-SA Expo & Congress claims to be Europes largest trade fair for IT security. And it really covers a wide range of security and security-related products and services. The event takes place in Nuremberg, Germany and provides an opportunity for vendors to show themselves to the public, create new...
A week in security (September 18 - September 24)
Last week on Malwarebytes Labs: Emergency update! Apple patches three zero-days T-Mobile spills billing information to other customers Involved in a data breach? Heres what you need to know Steer clear of cryptocurrency recovery phrase scams DoppelPaymer ransomware group suspects identified The...
Patch now! September Microsoft Patch Tuesday includes two actively exploited zero-days
Microsoft's September 2023 Patch Tuesday is another important one. Not because it's a busy one, but because we have some special cases. Patch Tuesday includes security updates for 59 bugs, two of which are known to be actively exploited. The Cybersecurity & Infrastructure Security Agency CISA has...