Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

Microsoft Rolls Out Tamper Protection for Macs

The new feature detects attempts to modify files and processes for Microsoft Defender for Endpoints on macOS.

DARKReading
Open in Source
#vulnerability#mac#apple#microsoft#auth
How to secure a Windows PC for your kids

Categories: Personal What to think about when preparing your child's Windows device for the new school year. (Read more...) The post How to secure a Windows PC for your kids appeared first on Malwarebytes Labs.

Whack-a-Mole: More Malicious PyPI Packages Spring Up Targeting Discord, Roblox

Just as one crop of malware-laced software packages is taken down from the popular Python code repository, a new host arrives, looking to steal a raft of data.

ÆPIC and SQUIP Vulnerabilities Found in Intel and AMD Processors

A group of researchers has revealed details of a new vulnerability affecting Intel CPUs that enables attackers to obtain encryption keys and other secret information from the processors. Dubbed ÆPIC Leak, the weakness is the first-of-its-kind to architecturally disclose sensitive data in a manner that's akin to an "uninitialized memory read in the CPU itself." "In contrast to transient execution

Windows Vulnerability Could Crack DC Server Credentials Open

The security flaw tracked as CVE-2022-30216 could allow attackers to perform server spoofing or trigger authentication coercion on the victim.

Emerson Proficy Machine Edition

This advisory contains mitigations for Missing Support for Integrity Check, Improper Access Control, Unrestricted Upload of File with Dangerous Type, Improper Verification of Cryptographic Signature, Insufficient Verification of Data Authenticity, and Path Traversal: ‘\..\filename’ vulnerabilities in Emerson Proficy Machine Edition, an engineering workstation.

CVE-2021-30490: Software download for Uninterruptible Power Supply

upsMonitor in ViewPower (aka ViewPowerHTML) 1.04-21012 through 1.04-21353 has insecure permissions for the service binary that enable an Authenticated User to modify files, allowing for privilege escalation.

CVE-2022-36273: CVEIDs/TendaAC9 at main · F0und-icu/CVEIDs

Tenda AC9 V15.03.2.21_cn is vulnerable to command injection via goform/SetSysTimeCfg.

New Evil PLC Attack Weaponizes PLCs to Breach OT and Enterprise Networks

Cybersecurity researchers have elaborated a novel attack technique that weaponizes programmable logic controllers (PLCs) to gain an initial foothold in engineering workstations and subsequently invade the operational technology (OT) networks. Dubbed "Evil PLC" attack by industrial security firm Claroty, the issue impacts engineering workstation software from Rockwell Automation, Schneider

Russian State Hackers Continue to Attack Ukrainian Entities with Infostealer Malware

Russian state-sponsored actors are continuing to strike Ukrainian entities with information-stealing malware as part of what's suspected to be an espionage operation. Symantec, a division of Broadcom Software, attributed the malicious campaign to a threat actor tracked Shuckworm, also known as Actinium, Armageddon, Gamaredon, Primitive Bear, and Trident Ursa. The findings have been corroborated