Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

Unveiling SpiceRAT: SneakyChef's latest tool targeting EMEA and Asia

The new remote access trojan (RAT) dubbed SpiceRAT was used by the threat actor SneakyChef in a recent campaign targeting government agencies in EMEA and Asia.

TALOS
Open in Source
#web#mac#windows#google#microsoft#cisco#git#pdf#samsung#auth#chrome
Oyster Backdoor Spreading via Trojanized Popular Software Downloads

A malvertising campaign is leveraging trojanized installers for popular software such as Google Chrome and Microsoft Teams to drop a backdoor called Oyster (aka Broomstick and CleanUpLoader). That's according to findings from Rapid7, which identified lookalike websites hosting the malicious payloads that users are redirected to after searching for them on search engines like Google and Bing. The

CVE-2024-6103: Chromium: CVE-2024-6103: Use after free in Dawn

Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version Stable 126.0.2592.68 6/20/2024 126.0.6478.114/115

CVE-2024-6102: Chromium: CVE-2024-6102: Out of bounds memory access in Dawn

Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version Stable 126.0.2592.68 6/20/2024 126.0.6478.114/115

CVE-2024-6101: Chromium: CVE-2024-6101: Inappropriate implementation in WebAssembly

Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version Stable 126.0.2592.68 6/20/2024 126.0.6478.114/115

CVE-2024-6100: Chromium: CVE-2024-6100 Type Confusion in V8

Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version Stable 126.0.2592.68 6/20/2024 126.0.6478.114/115

GHSA-rvj4-q8q5-8grf: ACME DNS: Azure Identity Libraries Elevation of Privilege Vulnerability

### Impact There is a vulnerability in [Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability](https://nvd.nist.gov/vuln/detail/CVE-2024-35255). ### References - [CVE-2024-35255](https://nvd.nist.gov/vuln/detail/CVE-2024-35255) ### Patches - https://github.com/traefik/traefik/releases/tag/v2.11.5 - https://github.com/traefik/traefik/releases/tag/v3.0.3 ### Workarounds No workaround. ### For more information If you have any questions or comments about this advisory, please [open an issue](https://github.com/traefik/traefik/issues).

French Diplomatic Entities Targeted in Russian-Linked Cyber Attacks

State-sponsored actors with ties to Russia have been linked to targeted cyber attacks aimed at French diplomatic entities, the country's information security agency ANSSI said in an advisory. The attacks have been attributed to a cluster tracked by Microsoft under the name Midnight Blizzard (formerly Nobelium), which overlaps with activity tracked as APT29, BlueBravo, Cloaked Ursa, Cozy Bear,

Chinese Cyber Espionage Targets Telecom Operators in Asia Since 2021

Cyber espionage groups associated with China have been linked to a long-running campaign that has infiltrated several telecom operators located in a single Asian country at least since 2021. "The attackers placed backdoors on the networks of targeted companies and also attempted to steal credentials," the Symantec Threat Hunter Team, part of Broadcom, said in a report shared with The Hacker News