NopSec

MAY 31, 2023

ManagedEngine ADManager was found vulnerable to yet another command injection vulnerability and Barracuda released a patch to address a remote command execution vulnerability achieved via *.tar Finally, it wouldn’t be a worthy blog post if we didn’t include a nugget from patch Tuesday. tar file manipulation.

Risk 52

Risk Accountability Authentication Passwords 52

Krebs on Security

AUGUST 10, 2021

Microsoft today released software updates to plug at least 44 security vulnerabilities in its Windows operating systems and related products. Microsoft said attackers have seized upon CVE-2021-36948 , which is a weakness in the Windows Update Medic service. However, we strongly believe that the security risk justifies the change.

Software 302

Software Internet Internet Backups 302

Security Boulevard

OCTOBER 14, 2022

On September 2, 2022, Zscaler Threatlabz captured an in-the-wild 0-day exploit in the Windows Common Log File System Driver (CLFS.sys) and reported this discovery to Microsoft. The 0-day exploit can execute the privilege escalation successfully on Windows 10 and Windows 11 prior to the September patch. Debugging Environment.

56

56

Krebs on Security

JULY 9, 2019

Microsoft today released software updates to plug almost 80 security holes in its Windows operating systems and related software. Microsoft said an unauthenticated attacker could use the DHCP flaw to seize total, remote control over vulnerable systems simply by sending a specially crafted data packet to a Windows computer.

Internet 176

Internet Internet Software Advertising 176

McAfee

NOVEMBER 2, 2021

In lieu of that, we present our top CVEs from the last month. 2 CVES / 1 Vuln – It appears Apache struggled a bit with this latest critical vulnerability, where it took two tries to fix a basic path traversal bug, which was introduced while patching last month’s SSRF mod_proxy vulnerability. I know, use Microsoft IIS!

Marketing 63

Marketing Mobile Phishing Network Security 63

ForAllSecure

AUGUST 26, 2021

At Black Hat USA 2021, researchers presented how they used their own fuzzer designed for hypervisors to find a critical vulnerability in Microsoft Azure. Microsoft defined server virtualization as the process of dividing a physical server into multiple unique and isolated virtual servers, by means of a software application.

Software 52

Software Architecture Engineering Technology 52

NopSec

APRIL 26, 2017

This widespread exploitation prompted me to release this blog post that I have been mulling for a while. exploit ESSAYKEYNOTE EVADEFRED This list includes Windows SMB exploits including the previously undisclosed SMB 0-day labelled “ETERNALBLUE”, which was addressed by Microsoft with the March 2017 patch labelled “ MS17-010 ”.

Hacking 52

Hacking Banking Firewall Internet 52

ForAllSecure

JANUARY 22, 2023

VAMOSI: This latest book is structured along the lines of STRIDE , a threat framework which is derived from a 1999 paper from inside Microsoft called “threats to our products” If you haven’t heard of haven't heard of STRIDE before, Adam explains SHOSTACK: Sure. I made you know, it was blogging in 2005.

Engineering 40

Engineering Technology Authentication InfoSec 40

SecureList

JULY 29, 2021

Investigating the recent Microsoft Exchange vulnerabilities we and our colleagues from AMR found an attacker deploying a previously unknown backdoor, “FourteenHi”, in a campaign that we dubbed ExCone, active since mid-March. These attacks were attributed to Nobelium and APT29 by Microsoft and Volexity respectively.

Malware 141

Malware Phishing Password Management Social Engineering 141