Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

CVE-2023-36014: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

**According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?** The word **Remote** in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the **Attack Vector** is **Local** and **User Interaction** is **Required**, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.

Microsoft Security Response Center
#vulnerability#web#microsoft#rce#chrome#Microsoft Edge (Chromium-based)#Security Vulnerability
CVE-2023-4706: Lenovo Preload Directory Vulnerability - Lenovo Support US

A privilege escalation vulnerability was reported in Lenovo preloaded devices deployed using Microsoft AutoPilot under a standard user account due to incorrect default privileges.

Microsoft Azure Exploited to Create Undetectable Cryptominer

By Deeba Ahmed esearchers have labeled this as the "ultimate cryptominer." This is a post from HackRead.com Read the original post: Microsoft Azure Exploited to Create Undetectable Cryptominer

Researchers Uncover Undetectable Crypto Mining Technique on Azure Automation

Cybersecurity researchers have developed what's the first fully undetectable cloud-based cryptocurrency miner leveraging the Microsoft Azure Automation service without racking up any charges. Cybersecurity company SafeBreach said it discovered three different methods to run the miner, including one that can be executed on a victim's environment without attracting any attention. "While this

Beware, Developers: BlazeStealer Malware Discovered in Python Packages on PyPI

A new set of malicious Python packages has slithered their way to the Python Package Index (PyPI) repository with the ultimate aim of stealing sensitive information from compromised developer systems. The packages masquerade as seemingly innocuous obfuscation tools, but harbor a piece of malware called BlazeStealer, Checkmarx said in a report shared with The Hacker News. "[BlazeStealer]

CVE-2023-41270: SMOLD TV: Old & Smart

Improper Restriction of Excessive Authentication Attempts vulnerability in Samsung Smart TV UE40D7000 version T-GAPDEUC-1033.2 and before allows attackers to cause a denial of service via WPS attack tools.

CVE-2023-47360: VLC 3.0.13 - MMS Stream bugs

Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length.

SideCopy Exploiting WinRAR Flaw in Attacks Targeting Indian Government Entities

The Pakistan-linked threat actor known as SideCopy has been observed leveraging the recent WinRAR security vulnerability in its attacks targeting Indian government entities to deliver various remote access trojans such as AllaKore RAT, Ares RAT, and DRat. Enterprise security firm SEQRITE described the campaign as multi-platform, with the attacks also designed to infiltrate Linux systems with a

CVE-2023-36409

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

CVE-2023-36769

Microsoft OneNote Spoofing Vulnerability