Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

Appointment Scheduler 4.0 Insecure Direct Object Reference

Appointment Scheduler version 4.0 suffers from an insecure direct object reference vulnerability.

Packet Storm
Open in Source
#vulnerability#windows#google#php#auth#firefox
Researchers Uncover Flaws in Windows Smart App Control and SmartScreen

Cybersecurity researchers have uncovered design weaknesses in Microsoft's Windows Smart App Control and SmartScreen that could enable threat actors to gain initial access to target environments without raising any warnings. Smart App Control (SAC) is a cloud-powered security feature introduced by Microsoft in Windows 11 to block malicious, untrusted, and potentially unwanted apps from being run

Kazakh Organizations Targeted by 'Bloody Wolf' Cyber Attacks

Organizations in Kazakhstan are the target of a threat activity cluster dubbed Bloody Wolf that delivers a commodity malware called STRRAT (aka Strigoi Master). "The program selling for as little as $80 on underground resources allows the adversaries to take control of corporate computers and hijack restricted data," cybersecurity vendor BI.ZONE said in a new analysis. The cyber attacks employ

Russia's 'Fighting Ursa' APT Uses Car Ads to Install HeadLace Malware

The scheme, from the group also known as APT28, involves targeting Eastern European diplomats in need of personal transportation and tempting them with a purported good deal on a Audi Q7 Quattro SUV.

Enhancing Incident Response Readiness with Wazuh

Incident response is a structured approach to managing and addressing security breaches or cyber-attacks. Security teams must overcome challenges such as timely detection, comprehensive data collection, and coordinated actions to enhance readiness. Improving these areas ensures a swift and effective response, minimizing damage and restoring normal operations quickly. Challenges in incident

Microsoft Bounty Program Year in Review: $16.6M in Rewards 

We are excited to announce that this year the Microsoft Bounty Program has awarded $16.6M in bounty awards to 343 security researchers from 55 countries, securing Microsoft customers in partnership with the Microsoft Security Response Center (MSRC). Each year we identify over a thousand potential security issues together, safeguarding our customers from possible threats through the Microsoft Bounty Program.

China-Linked Hackers Compromise ISP to Deploy Malicious Software Updates

The China-linked threat actor known as Evasive Panda compromised an unnamed internet service provider (ISP) to push malicious software updates to target companies in mid-2023, highlighting a new level of sophistication associated with the group. Evasive Panda, also known by the names Bronze Highland, Daggerfly, and StormBamboo, is a cyber espionage group that's been active since at least 2012,

China's APT41 Targets Taiwan Research Institute for Cyber Espionage

The state-sponsored Chinese threat actor gained access to three systems and stole at least some research data around computing and related technologies.

Twilio Users Kicked Out of Desktop App, Forced to Switch to Mobile

Now that the Authy Desktop app has reached EOL and is no longer accessible, users are hoping their 2FA tokens synced correctly with their mobile devices.

Is the US Federal Government Increasing Cyber-Risk Through Monoculture?

In a monoculture, cybercriminals need to look for a weakness in only one product, or discover an exploitable vulnerability, to affect a significant portion of services.