Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

CyberRatings.org Announces Test Results for Cloud Service Provider Native Firewalls

Protection ranged from 0.38% to 50.57% for security effectiveness.

DARKReading
Open in Source
#vulnerability#web#google#microsoft#amazon#aws
Starbucks Shifts to Manual Processes After Contractor Ransomware Attack

Ransomware attack cripples Starbucks operations, forcing the coffee giant to rely on manual processes for employee scheduling and…

RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks

The Russia-aligned threat actor known as RomCom has been linked to the zero-day exploitation of two security flaws, one in Mozilla Firefox and the other in Microsoft Windows, as part of attacks designed to deliver the eponymous backdoor on victim systems. "In a successful attack, if a victim browses a web page containing the exploit, an adversary can run arbitrary code – without any user

CVE-2024-49052: Microsoft Azure PolicyWatch Elevation of Privilege Vulnerability

**Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?** This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. This purpose of this CVE is to provide further transparency. Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.

CVE-2024-49038: Microsoft Copilot Studio Elevation Of Privilege Vulnerability

**Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?** This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. This purpose of this CVE is to provide further transparency. Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.

CVE-2024-49035: Partner.Microsoft.Com Elevation of Privilege Vulnerability

**Why is no action required to install this update?** This CVE addresses a vulnerability in the Microsoft Power Apps online version only. As such, customers do not need to take any action because releases are rolled out automatically over several days. For more information about the releases for Microsoft Power Apps see What's new in Power Apps?.

CVE-2024-49053: Microsoft Dynamics 365 Sales Spoofing Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** The user would have to click on a specially crafted URL to be compromised by the attacker.

Cyber Resiliency in the AI Era: Building the Unbreakable Shield 

Digital networks are the backbone of global business and communication, making cyber resiliency essential for organizations to thrive.…

Fancy Bear 'Nearest Neighbor' Attack Uses Nearby Wi-Fi Network

In a "new class of attack," the Russian APT breached a target in Washington, DC, by credential-stuffing wireless networks in close proximity to it and daisy-chaining a vector together in a resourceful and creative way, according to researchers.

Finding vulnerabilities in ClipSp, the driver at the core of Windows’ Client License Platform

By Philippe Laulheret ClipSP (clipsp.sys) is a Windows driver used to implement client licensing and system policies on Windows 10 and 11 systems. Cisco Talos researchers have discovered eight vulnerabilities related to clipsp.sys ranging from signature bypass to elevation of privileges and sandbox escape: TALOS-2024-1964 (CVE-2024-38184) TALOS-2024-1965 (CVE-2024-38185)