Tag
#microsoft
The Microsoft Windows Kernel may reference rolled-back transacted keys through differencing hives.
The Microsoft Windows Kernel may reference unbacked layered keys through registry virtualization.
There is a Microsoft Windows Kernel arbitrary read that can be performed by accessing predefined keys through differencing hives.
A new information malware strain called Statc Stealer has been found infecting devices running Microsoft Windows to siphon sensitive personal and payment information. "Statc Stealer exhibits a broad range of stealing capabilities, making it a significant threat," Zscaler ThreatLabz researchers Shivam Sharma and Amandeep Kumar said in a technical report published this week. "It can steal
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: RUGGEDCOM CROSSBOW Vulnerabilities: Out-of-bounds Read, Improper Privilege Management, SQL Injection, Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary database queries via SQL injection attacks, create a denial-of-service condition, or write arbitrary files to the application's file system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following server application is affected: RUGGEDCOM CROSSBOW: Versions prior to V5.4 3.2 VULNERABILITY OVERVIEW 3.2.1 OUT-OF-BOUNDS READ CWE-125 An issue found in SQLite3 v.3.35.4 that could allow a remote attacker to cause a denial of service via the appendvfs.c function. CVE-2021-31239 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is...
Attackers continue to target Microsoft identities to gain access to connected Microsoft applications and federated SaaS applications. Additionally, attackers continue to progress their attacks in these environments, not by exploiting vulnerabilities, but by abusing native Microsoft functionality to achieve their objective. The attacker group Nobelium, linked with the SolarWinds attacks, has been
Threat actors are increasingly using a phishing-as-a-service (PhaaS) toolkit dubbed EvilProxy to pull off account takeover attacks aimed at high-ranking executives at prominent companies. According to Proofpoint, an ongoing hybrid campaign has leveraged the service to target thousands of Microsoft 365 user accounts, sending approximately 120,000 phishing emails to hundreds of organizations
Ever had a virtual machine crash? Azure Serial console is a great way to directly connect to your Virtual machine and debug what went wrong. Azure Serial Console is a feature that’s available for free for everyone. While the primary intent of this feature is to assist users debug their machine, there are several interesting ways to abuse the features and compromise sensitive information.
Categories: Exploits and vulnerabilities Categories: News Microsoft has announced patches for 87 vulnerabilities this month, including two that are being actively exploited. (Read more...) The post August Patch Tuesday stops actively exploited attack chain and more appeared first on Malwarebytes Labs.
An issue was discovered in Avira Phantom VPN through 2.23.1 for macOS. The VPN client insecurely configures the operating system such that all IP traffic to the VPN server's IP address is sent in plaintext outside the VPN tunnel, even if this traffic is not generated by the VPN client, while simultaneously using plaintext DNS to look up the VPN server's IP address. This allows an adversary to trick the victim into sending traffic to arbitrary IP addresses in plaintext outside the VPN tunnel. NOTE: the tunnelcrack.mathyvanhoef.com website uses this CVE ID to refer more generally to "ServerIP attack, combined with DNS spoofing, that can leak traffic to an arbitrary IP address" rather than to only Avira Phantom VPN.