Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

Watch How a Hacker’s Infrared Laser Can Spy on Your Laptop’s Keystrokes

Hacker Samy Kamkar is debuting his own open source version of a laser microphone—a spy tool that can invisibly pick up the sounds inside your home through a window, and even the text you’re typing.

Wired
#web#mac#windows#apple#git#intel
Windows Downgrade Attack Risks Exposing Patched Systems to Old Vulnerabilities

Microsoft said it is developing security updates to address two loopholes that it said could be abused to stage downgrade attacks against the Windows update architecture and replace current versions of the operating system files with older versions. The vulnerabilities are listed below - CVE-2024-38202 (CVSS score: 7.3) - Windows Update Stack Elevation of Privilege Vulnerability CVE-2024-21302

CrowdStrike Will Give Customers Control Over Falcon Sensor Updates

The security vendor has also implemented several changes to protect against the kind of snafu that crashed 8.5 million Windows computers worldwide last month.

A Flaw in Windows Update Opens the Door to Zombie Exploits

A researcher found a vulnerability that would let hackers strategically downgrade a target’s Windows version to reexpose patched vulnerabilities. Microsoft is working on fixes for the issue.

WordPress PayPlus Payment Gateway SQL Injection

WordPress PayPlus Payment Gateway plugin versions prior to 6.6.9 suffer from a remote SQL injection vulnerability.

Red Hat Security Advisory 2024-5025-03

Red Hat Security Advisory 2024-5025-03 - Red Hat JBoss Web Server 5.8.1 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server.

E-Commerce Site Using PHP PDO 1.0 Directory Traversal

E-Commerce Site using PHP PDO version 1.0 suffers from a directory traversal vulnerability.

CrowdStrike Reveals Root Cause of Global System Outages

Cybersecurity company CrowdStrike has published its root cause analysis detailing the Falcon Sensor software update crash that crippled millions of Windows devices globally. The "Channel File 291" incident, as originally highlighted in its Preliminary Post Incident Review (PIR), has been traced back to a content validation issue that arose after it introduced a new Template Type to enable

CVE-2024-38202: Windows Update Stack Elevation of Privilege Vulnerability

**According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?** The attacker must have permissions to access the target's System directory to plant the malicious folder that would be used as part of the exploitation.