Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2024-50338: GitHub: CVE-2024-50338 Malformed URL allows information disclosure through git-credential-manager

**Why is this GitHub CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Git for Windows software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

Microsoft Security Response Center
Open in Source
#vulnerability#windows#microsoft#git#Visual Studio#Security Vulnerability
About Elevation of Privilege – Windows Kernel Streaming WOW Thunk Service Driver (CVE-2024-38144) vulnerability

About Elevation of Privilege – Windows Kernel Streaming WOW Thunk Service Driver (CVE-2024-38144) vulnerability. The vulnerability is from the August Microsoft Patch Tuesday. It wasn’t highlighted in reviews; all we knew was that a local attacker could gain SYSTEM privileges. Three and a half months later, on November 27, SSD Secure Disclosure released a write-up […]

Fake CrowdStrike Recruiters Distribute Malware Via Phishing Emails

SUMMARY Cybercriminals are deploying a tricky new phishing campaign impersonating the cybersecurity firm CrowdStrike‘s recruiters to distribute a…

Fake PoC Exploit Targets Cybersecurity Researchers with Malware

A fake proof-of-concept (PoC) exploit designed to lure cybersecurity researchers into downloading malicious software. This deceptive tactic leverages a recently patched critical vulnerability in Microsoft's Windows LDAP service (CVE-2024-49113), which can cause denial-of-service attacks.

Fake CrowdStrike 'Job Interviews' Become Latest Hacker Tactic

Cybercriminals are luring victims into downloading the XMRig cryptomining malware via convincing emails, inviting them to schedule fake interviews using a malicious link.

Banshee Stealer Hits macOS Users via Fake GitHub Repositories

SUMMARY Cybersecurity researchers at Check Point detected a new version of Banshee Stealer in late September 2024, distributed…

Banshee 2.0 Malware Steals Apple's Encryption to Hide on Macs

The most recent iteration of the open source infostealer skates by antivirus programs on Macs, using an encryption mechanism stolen from Apple's own antivirus product.

Do we still have to keep doing it like this?

Hazel gets inspired by watching Wendy Nather’s recent keynote, and explores ways to challenge security assumptions.

Harnessing AI for Proactive Threat Intelligence and Advanced Cyber Defense

Discover how AI revolutionizes cybersecurity with real-time threat detection, adaptive protection, and advanced data protection to combat evolving…

The School Shootings Were Fake. The Terror Was Real

The inside story of the teenager whose “swatting” calls sent armed police racing into hundreds of schools nationwide—and the private detective who tracked him down.