Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

Experts Detail New Zero-Click Windows Vulnerability for NTLM Credential Theft

Cybersecurity researchers have shared details about a now-patched security flaw in Windows MSHTML platform that could be abused to bypass integrity protections on targeted machines. The vulnerability, tracked as CVE-2023-29324 (CVSS score: 6.5), has been described as a security feature bypass. It was addressed by Microsoft as part of its Patch Tuesday updates for May 2023. Akamai security

The Hacker News
Open in Source
#vulnerability#web#mac#windows#microsoft#auth#The Hacker News
CVE-2022-33963: INTEL-SA-00782

Incorrect default permissions in the software installer for Intel(R) Unite(R) Client software for Windows before version 4.2.34870 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE-2023-27382: INTEL-SA-00802

Incorrect default permissions in the Audio Service for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.0.0.156 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE-2022-21239: INTEL-SA-00809

Out-of-bounds read in software for the Intel QAT Driver for Windows before version 1.9.0-0008 may allow an authenticated user to potentially enable information disclosure via local access.

CVE-2022-38101: INTEL-SA-00780

Uncontrolled search path in some Intel(R) NUC Chaco Canyon BIOS update software before version iFlashV Windows 5.13.00.2105 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE-2022-41771: INTEL-SA-00778

Incorrect permission assignment for critical resource in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable information disclosure via local access.

A Mysterious New Hacker Group, Red Stinger, Is Lurking in Ukraine’s Cyberspace

The unidentified attackers have targeted people on both sides of Russia’s war against Ukraine, carrying out espionage operations that suggest state funding.

U.S. Government Neutralizes Russia's Most Sophisticated Snake Cyber Espionage Tool

The U.S. government on Tuesday announced the court-authorized disruption of a global network compromised by an advanced malware strain known as Snake wielded by Russia's Federal Security Service (FSB). Snake, dubbed the "most sophisticated cyber espionage tool," is the handiwork of a Russian state-sponsored group called Turla (aka Iron Hunter, Secret Blizzard, SUMMIT, Uroburos, Venomous Bear,

CVE-2022-4008: Security Advisory 2023-08

In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service

Microsoft's May Patch Tuesday Fixes 38 Flaws, Including Active Zero-Day Bug

Microsoft has rolled out Patch Tuesday updates for May 2023 to address 38 security flaws, including one zero-day bug that it said is being actively exploited in the wild. Trend Micro's Zero Day Initiative (ZDI) said the volume is the lowest since August 2021, although it pointed out that "this number is expected to rise in the coming months." Of the 38 vulnerabilities, six are rated Critical and