Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

CVE-2022-3421: Google Drive for desktop release notes

An attacker can pre-create the `/Applications/Google\ Drive.app/Contents/MacOS` directory which is expected to be owned by root to be owned by a non-root user. When the Drive for Desktop installer is run for the first time, it will place a binary in that directory with execute permissions and set its setuid bit. Since the attacker owns the directory, the attacker can replace the binary with a symlink, causing the installer to set the setuid bit on the symlink. When the symlink is executed, it will run with root permissions. We recommend upgrading past version 64.0

CVE
Open in Source
#vulnerability#web#mac#windows#apple#google#microsoft#perl#pdf#auth#chrome#sap
Researchers: Office 365 Encryption Flaw Compromise Message Confidentiality

By Deeba Ahmed According to researchers, the security flaw can be exploited for inferring message contents due to the flawed Office 365 Message Encryption (OME) security method. This is a post from HackRead.com Read the original post: Researchers: Office 365 Encryption Flaw Compromise Message Confidentiality

CVE-2022-41751: jhead/jhead.c at 63ce118c6a59ea64ac357236a11a47aaf569d622 · Matthias-Wandel/jhead

Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 option.

Black Basta Ransomware Hackers Infiltrates Networks via Qakbot to Deploy Brute Ratel C4

The threat actors behind the Black Basta ransomware family have been observed using the Qakbot trojan to deploy the Brute Ratel C4 framework as a second-stage payload in recent attacks. The development marks the first time the nascent adversary simulation software is being delivered via a Qakbot infection, cybersecurity firm Trend Micro said in a technical analysis released last week. The

Researchers Say Microsoft Office 365 Uses Broken Email Encryption to Secure Messages

New research has disclosed what's being called a security vulnerability in Microsoft 365 that could be exploited to infer message contents due to the use of a broken cryptographic algorithm. "The [Office 365 Message Encryption] messages are encrypted in insecure Electronic Codebook (ECB) mode of operation," Finnish cybersecurity company WithSecure said in a report published last week. Office 365

New Prestige Ransomware Targeting Polish and Ukrainian Organizations

A new ransomware campaign targeted the transportation and logistics sectors in Ukraine and Poland on October 11 with a previously unknown payload dubbed Prestige. "The activity shares victimology with recent Russian state-aligned activity, specifically on affected geographies and countries, and overlaps with previous victims of the FoxBlade malware (also known as HermeticWiper)," the Microsoft

6 Best Ways to Make a Collaborative PowerPoint Presentation

By Owais Sultan Among the several online presentation-making platforms, Microsoft PowerPoint is the first choice of professionals. The platform allows you… This is a post from HackRead.com Read the original post: 6 Best Ways to Make a Collaborative PowerPoint Presentation

How to Use Passkeys in Google Chrome and Android

Google wants to make your digital life—in its ecosystem, anyway—passwordless and more secure.

Elon Musk’s SpaceX Bails on Starlink Funding for Ukraine

Plus: Hackers hit the Mormon Church, Signal plans to ditch SMS for Android, and a Fat Bear election erupts in scandal.