#microsoft

By Deeba Ahmed During their test, researchers from JUMPSEC managed to trick Microsoft Teams’ security mechanism into sending malware to the… This is a post from HackRead.com Read the original post: Microsoft Teams Flaw Sends Malware to Employees’ Inboxes

Categories: News Tags: IoT Tags: Linux Tags: OpenSSH Tags: trojan Tags: botnet Tags: IRC Tags: attack Tags: compromise Poorly configured Linux and Internet of Things (IoT) devices are at risk of compromise from a cryptojacking campaign. (Read more...) The post OpenSSH trojan campaign targets Linux systems and IoT devices appeared first on Malwarebytes Labs.

Hello everyone! This episode will be about Microsoft Patch Tuesday for June 2023, including vulnerabilities that were added between May and June Patch Tuesdays. As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. I took the comments about the vulnerabilities from the Qualys, Tenable, Rapid7, ZDI Patch Tuesday reviews. This time there […]

Categories: Exploits and vulnerabilities Categories: News Tags: OAuth Tags: nOAuth Tags: IdP Tags: Azure Tags: Microsoft Tags: login with Researchers have found a flaw in Microsoft Azure AD which they claim can be used to take over accounts that rely on pre-established trust. (Read more...) The post Microsoft Azure AD flaw can lead to account takeover appeared first on Malwarebytes Labs.

### Impact A denial of service vulnerability exists in YARP. ### Patches If you're using YARP 1.x, you should update to NuGet package version [1.1.2](https://www.nuget.org/packages/Yarp.ReverseProxy/1.1.2). If you're using YARP 2.0.0, you should update to NuGet package version [2.0.1](https://www.nuget.org/packages/Yarp.ReverseProxy/2.0.1). You can do so by updating the `PackageReference` in your `.csproj` file ```diff <ItemGroup> - <PackageReference Include="Yarp.ReverseProxy" Version="2.0.0" /> - <PackageReference Include="Yarp.Telemetry.Consumption" Version="2.0.0" /> + <PackageReference Include="Yarp.ReverseProxy" Version="2.0.1" /> + <PackageReference Include="Yarp.Telemetry.Consumption" Version="2.0.1" /> </ItemGroup> ``` or by selecting `2.0.1` in the NuGet UI inside Visual Studio (`Manage NuGet Packages` / `Updates`) ### References [CVE-2023-33141](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33141)

It's unclear why the NSA issued in-depth mitigation guidance for the software boot threat now, but orgs should take steps to harden their environments.

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 16 and June 23. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key

The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6. A sandboxed app may be able to observe system-wide network connections

A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to modify protected parts of the file system

A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Ventura 13.4. An app may be able to bypass Privacy preferences