RSS Reader for Computer Security Articles
Categories: News Tags: BYOVD Tags: bring your own vulnerable driver Tags: blocklist Tags: microsoft Tags: windows updates We take a look at reports that Microsoft’s driver blocklist hadn’t been updated for three years, leaving people at risk from BYOVD attacks. |
The post Microsoft fixes driver blocklist placing users at risk from BYOVD attacks appeared first on Malwarebytes Labs.
Read More
This month’s Patch Tuesday update from Microsoft deals with 84 flaws and a zero-day affecting Microsoft Exchange that at the moment remains unresolved. The Windows updates focus on Microsoft security and networking components with a difficult-to-test update to COM and OLE db. And Microsoft browsers get 18 updates—nothing critical or urgent.
This month’s Patch Tuesday update from Microsoft deals with 84 flaws and a zero-day affecting Microsoft Exchange that at the moment remains unresolved. The Windows updates focus on Microsoft security and networking components with a difficult-to-test update to COM and OLE db. And Microsoft browsers get 18 updates—nothing critical or urgent.
Categories: Exploits and vulnerabilities Categories: News Tags: Microsoft Tags: Apple Tags: Google Tags: Android Tags: Samsung Tags: Xiaomi Tags: Adobe Tags: SAP Tags: VMWare Tags: Fortinet Tags: CVE-2022-41033 Tags: CVE-2022-41040 Tags: zero-day No fix for ProxyNotShell |
The post Update now! October patch Tuesday fixes actively used zero-day…but not the one you expected appeared first on Malwarebytes Labs.
Read More
Credit to Author: Angela Gunn| Date: Tue, 11 Oct 2022 17:47:47 +0000
No joy for Exchange admins looking to seal off two widely reported Server vulns
Read MoreCategories: News Tags: malware Tags: ZINC Tags: microsoft Tags: infection Tags: C&C Tags: open source Tags: job offer Tags: fake Tags: LinkedIn A North Korean ZINC group is accused of creating compromised versions of KiTTY, PuTTY, TightVNC, and other popular open-source software apps |
The post Bogus job offers hide trojanised open-source software appeared first on Malwarebytes Labs.
Read MoreCredit to Author: Katie McCafferty| Date: Sat, 01 Oct 2022 04:21:00 +0000
MSTIC observed activity related to a single activity group in August 2022 that achieved initial access and compromised Exchange servers by chaining CVE-2022-41040 and CVE-2022-41082 in a small number of targeted attacks.
The post Analyzing attacks using the Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082 appeared first on Microsoft Security Blog.
Read MoreCredit to Author: Katie McCafferty| Date: Thu, 29 Sep 2022 16:00:00 +0000
In recent months, Microsoft detected weaponization of legitimate open-source software by an actor the Microsoft Threat Intelligence Center (MSTIC) tracks as ZINC, targeting employees at media, defense and aerospace, and IT service provider organizations in the US, UK, India, and Russia.
The post ZINC weaponizing open-source software appeared first on Microsoft Security Blog.
Read More