Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

January Linux Patch Wednesday

January Linux Patch Wednesday. Out of 424 total vulnerabilities, 271 are in the Linux Kernel. None show signs of exploitation in the wild, but 9 have public exploits. 🔸 RCE – Apache Tomcat (CVE-2024-56337). Based on the description, the vulnerability affects “case-insensitive file systems” like Windows or MacOS. However, Debian lists it as affecting tomcat9 […]

Alexander V. Leonov
Open in Source
#vulnerability#mac#windows#ubuntu#linux#debian#apache#rce#chrome#blog
Researchers Warn of NTLMv1 Bypass in Active Directory Policy

Silverfort has discovered that a misconfiguration can bypass an Active Directory Group Policy designed to disable NTLMv1, allowing…

The Elevation of Privilege – Windows Common Log File System Driver (CVE-2024-49138) has become more critical

The Elevation of Privilege – Windows Common Log File System Driver (CVE-2024-49138) has become more critical. Just as I wrote that nothing had been heard about this vulnerability for a month since it was first published in Microsoft’s December Patch Tuesday, a public exploit for it appeared on January 15th. 🙂 It was developed by […]

Trusted Apps Sneak a Bug Into the UEFI Boot Process

Seven system recovery programs contained what amounted to a backdoor for injecting any untrusted file into the system startup process.

PlugX malware deleted from thousands of systems by FBI

The FBI has announced it's deleted PlugX malware from approximately 4,258 US-based computers and networks.

North Korea's Lazarus APT Evolves Developer-Recruitment Attacks

"Operation 99" uses job postings to lure freelance software developers into downloading malicious Git repositories. From there, malware infiltrates developer projects to steal source code, secrets, and cryptocurrency.

OWASP's New LLM Top 10 Shows Emerging AI Threats

Ultimately, there is no replacement for an intuitive, security-focused developer working with the critical thinking required to drive down the risk of both AI and human error.

What has become known about the Elevation of Privilege – Windows Common Log File System Driver (CVE-2024-49138) vulnerability from the December Microsoft Patch Tuesday a month later?

What has become known about the Elevation of Privilege – Windows Common Log File System Driver (CVE-2024-49138) vulnerability from the December Microsoft Patch Tuesday a month later? Almost nothing. 🙄 This is a vulnerability in a standard Windows component, available in all versions starting with Windows Server 2003 R2. Its description is typical for EoP […]

Congratulations to the Top MSRC 2024 Q4 Security Researchers!

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2024 Q4 Security Researcher Leaderboard are Suresh, VictorV, wkai! Check out the full list of researchers recognized this quarter here.