Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

How to secure a Windows PC for your kids

Categories: Personal What to think about when preparing your child's Windows device for the new school year. (Read more...) The post How to secure a Windows PC for your kids appeared first on Malwarebytes Labs.

Malwarebytes
Open in Source
#web#mac#windows#google#microsoft#git#chrome#firefox#wifi
CVE-2022-25799: Unvalidated Redirects and Forwards - OWASP Cheat Sheet Series

An open redirect vulnerability exists in CERT/CC VINCE software prior to 1.5.0. An attacker could send a link that has a specially crafted URL and convince the user to click the link. When an authenticated user clicks the link, the authenticated user's browser could be redirected to a malicious site that is designed to impersonate a legitimate website. The attacker could trick the user and potentially acquire sensitive information such as the user's credentials.

Microsoft Disrupts Russian Group's Multiyear Cyber-Espionage Campaign

"Seaborgium" is a highly persistent threat actor that has been targeting organizations and individuals of likely interest to the Russian government since at least 2017, company says.

Multiple cloud vendors impacted by PostgreSQL vulnerability that exposed enterprise databases

Flaws discovered in various PostgreSQL-as-a-Service offerings, including those from Microsoft and Google

Unified Threat Management: The All-in-One Cybersecurity Solution

UTM (Unified threat management) is thought to be an all-in-one solution for cybersecurity. In general, it is a versatile software or hardware firewall solution integrated with IPS (Intrusion Prevention System) and other security services. A universal gateway allows the user to manage network security with one comprehensive solution, which makes the task much easier. In addition, compared to a

Microsoft Warns About Phishing Attacks by Russia-linked Hackers

Microsoft on Monday revealed it took steps to disrupt phishing operations undertaken by a "highly persistent threat actor" whose objectives align closely with Russian state interests. The company is tracking the espionage-oriented activity cluster under its chemical element-themed moniker SEABORGIUM, which it said overlaps with a hacking group also known as Callisto, COLDRIVER, and TA446. "

CVE-2020-21642: ManageEngine Analytics Plus | Release Notes

Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho ManageEngine Analytics Plus before 4350 allows remote attackers to run arbitrary code.

CVE-2020-23622: CVE-2020-12695: CallStranger Vulnerability in Universal Plug and Play (UPnP) Puts Billions of Devices At Risk

** UNSUPPORTED WHEN ASSIGNED ** An issue in the UPnP protocol in 4thline cling 2.0.0 through 2.1.2 allows remote attackers to cause a denial of service via an unchecked CALLBACK parameter in the request header.

Most Q2 Attacks Targeted Old Microsoft Vulnerabilities

The most heavily targeted flaw last quarter was a remote code execution vulnerability in Microsoft Office that was disclosed and patched four years ago.

Transitioning From VPNs to Zero-Trust Access Requires Shoring Up Third-Party Risk Management

ZTNA brings only marginal benefits unless you ensure that the third parties you authorize are not already compromised.