Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

Elijah Wood and Mike Tyson Cameo Videos Were Used in a Russian Disinformation Campaign

Videos featuring Elijah Wood, Mike Tyson, and Priscilla Presley have been edited to push anti-Ukraine disinformation, according to Microsoft researchers.

Wired
Open in Source
#web#microsoft#intel
Microsoft Warns of COLDRIVER's Evolving Evading and Credential-Stealing Tactics

The threat actor known as COLDRIVER has continued to engage in credential theft activities against entities that are of strategic interests to Russia while simultaneously improving its detection evasion capabilities. The Microsoft Threat Intelligence team is tracking under the cluster as Star Blizzard (formerly SEABORGIUM). It's also called Blue Callisto, BlueCharlie (or TAG-53),

Ubuntu Security Notice USN-6536-1

Ubuntu Security Notice 6536-1 - Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker could use this to cause a denial of service or possibly expose sensitive information. Kyle Zeng discovered that the IPv4 implementation in the Linux kernel did not properly handle socket buffers when performing IP routing in certain circumstances, leading to a null pointer dereference vulnerability. A privileged attacker could use this to cause a denial of service.

Flashpoint Uncovers 100,000+ Hidden Vulnerabilities, Including Zero-Days

By Deeba Ahmed 100,000+ Reasons to Rethink Vulnerability Management. This is a post from HackRead.com Read the original post: Flashpoint Uncovers 100,000+ Hidden Vulnerabilities, Including Zero-Days

Governments May Spy on You by Requesting Push Notifications from Apple and Google

Unspecified governments have demanded mobile push notification records from Apple and Google users to pursue people of interest, according to U.S. Senator Ron Wyden. "Push notifications are alerts sent by phone apps to users' smartphones," Wyden said. "These alerts pass through a digital post office run by the phone operating system provider -- overwhelmingly Apple or Google. Because of

CVE-2023-36880: Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

**According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability?** Exploitation of this vulnerability only discloses limited information, no sensitive information can be obtained.

CVE-2023-38174: Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** The user would have to click on a specially crafted URL to be compromised by the attacker.

CVE-2023-35618: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

**According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?** This vulnerability could lead to a browser sandbox escape.

Kali Linux 2023.4 is Out: Cloud ARM64, Hyper-V, Pi 5, & More!

By Waqas Kali Linux Unveils Feature Rich 2023.4 Release with Cloud ARM64, Vagrant Hyper-V, Raspberry Pi 5, and More! This is a post from HackRead.com Read the original post: Kali Linux 2023.4 is Out: Cloud ARM64, Hyper-V, Pi 5, & More!

Remote code execution vulnerabilities found in Buildroot, Foxit PDF Reader

Cisco Talos has disclosed 10 vulnerabilities over the past two weeks, including nine that exist in a popular online PDF reader that offers a browser plugin.