Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

‘You get respect for owning what happened’ – SolarWinds’ CISO on the legacy and lessons of Sunburst

Security chief counts new build system and greater intel sharing among positive legacies of watershed cyber-attack

PortSwigger
Open in Source
#vulnerability#microsoft#intel#backdoor#log4j#ibm#dell
Backdoor.Win32.Destrukor.20 MVID-2022-0627 Remote Command Execution

Backdoor.Win32.Destrukor.20 malware suffers from an unauthenticated remote command execution vulnerability.

Easy Chat Server 3.1 Buffer Overflow

Easy Chat Server version 3.1 remote stack buffer overflow exploit.

Securing Your Move to the Hybrid Cloud

Infosec expert Rani Osnat lays out security challenges and offers hope for organizations migrating their IT stack to the private and public cloud environments.

CVE-2022-2170

The Microsoft Advertising Universal Event Tracking (UET) WordPress plugin before 1.0.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. Due to the nature of this plugin, well crafted XSS can also leak into the frontpage.

Researcher Spotlight: You should have been listening to Lurene Grenier years ago

The exploit researcher recently rejoined Talos after starting her career with the company’s predecessor  By Jonathan Munshaw.  Lurene Grenier says state-sponsored threat actors keep her up at night, even after years of studying and following them.   She’s spent her security career warning people why this was going to be a problem.  Today if someone is compromised by a well-funded, state-sponsored actor, she is concerned but doesn’t necessarily feel sorry. After all, she’s been warning the security community about this for years.  “You think about the phrase ‘fool me once, shame on you...’ Five years ago if we had this discussion and you were hit with an attack, you’d think ‘shame on China,’” she said. “Today, if we have that discussion about why you were hit, it’s shame on us.”  Grenier has spent her career looking at state-sponsored actor trends and writing detection content to block those actors. She was one of the first of the smaller research staff at the Sourcefire Vulnerability...

A week in security (July 25 – July 31)

The most important and interesting computer security stories from the last week. The post A week in security (July 25 – July 31) appeared first on Malwarebytes Labs.

A week in security (July 25 - July 31)

Categories: A week in security Tags: backdoor Tags: blog recap Tags: bytedance Tags: cookies Tags: data breach Tags: Google Tags: linux Tags: microsoft Tags: ransomware Tags: SQL injection Tags: T-Mobile Tags: tiktok Tags: Uber Tags: week in security The most important and interesting computer security stories from the last week. (Read more...) The post A week in security (July 25 - July 31) appeared first on Malwarebytes Labs.

Apple Just Patched 37 iPhone Security Bugs

Plus: A Google Chrome patch licks the DevilsTongue spyware, Android’s kernel gets a tune-up, and Microsoft fixes 84 flaws.

911 (911.re) Proxy Service Shuts Down After Confirming Security Breach

By Waqas At the time of writing, the home page of 911 (911.re) Proxy Service was displaying a detailed message… This is a post from HackRead.com Read the original post: 911 (911.re) Proxy Service Shuts Down After Confirming Security Breach