Patch Tuesday squashes 89 bugs-including a SophosLabs find

Credit to Author: SophosLabs Offensive Security| Date: Tue, 11 Jun 2019 21:20:51 +0000

No bugs known to be exploited in the wild, but plenty of serious flaws that need updates<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/l4pze2u2S-k” height=”1″ width=”1″ alt=””/>

Read more

A week in security (June 3 – 9)

Credit to Author: Malwarebytes Labs| Date: Mon, 10 Jun 2019 17:30:58 +0000

A weekly roundup of security news from June 3–9, including Magecart, breaches, hyperlink auditing, Bluekeep, FTC, and facial recognition.

Categories:

Tags:

(Read more…)

The post A week in security (June 3 – 9) appeared first on Malwarebytes Labs.

Read more

CVE-2019-11815: Experts discovered a privilege escalation vulnerability in the Linux Kernel

Credit to Author: Ganesh Lakariya| Date: Mon, 27 May 2019 07:02:35 +0000

Red Hat engineers and experts discovered a memory corruption vulnerability in Linux kernel, which is basically a flaw while implementation of RDS (Remote desktop Protocol) over TCP. This flaw has affected Red Hat, Ubuntu, Debian and SUSE and security advisories have been issued for all. This flaw could enable an…

Read more

Microsoft pushes patch to prevent ‘WannaCry level’ vulnerability

Credit to Author: Malwarebytes Labs| Date: Wed, 15 May 2019 16:57:16 +0000

This month marks two years since the infamous WannaCry attack. Now a Remote Desktop Protocol (RDP) vulnerability has been discovered that could be used in a similar large-scale attack—though Microsoft has released a patch. Have you updated yet?

Categories:

Tags:

(Read more…)

The post Microsoft pushes patch to prevent ‘WannaCry level’ vulnerability appeared first on Malwarebytes Labs.

Read more

4 Lessons to be learned from the DOE’s DDoS attack

Credit to Author: Kayla Matthews| Date: Fri, 17 May 2019 15:59:32 +0000

The Department of Energy was subject to a DDoS attack that caused major disruptions in their operations. Is the smart grid ready for such an attack? Here are the lessons we can take away from the event.

Categories:

Tags:

(Read more…)

The post 4 Lessons to be learned from the DOE’s DDoS attack appeared first on Malwarebytes Labs.

Read more

CVE-2019-0708 – A Critical “Wormable” Remote Code Execution Vulnerability in Windows RDP

Credit to Author: Sushmita Kalashikar| Date: Fri, 17 May 2019 06:06:20 +0000

This is an important security advisory related to a recently patched Critical remote code execution vulnerability in Microsoft Windows Remote Desktop Service (RDP). The vulnerability is identified as “CVE-2019-0708 – Remote Desktop Services Remote Code Execution Vulnerability”. MSRC blog mentions This vulnerability is pre-authentication and requires no user interaction. In other…

Read more

Microsoft pushes patch to prevent ‘WannaCry’ level vulnerability

Credit to Author: Malwarebytes Labs| Date: Wed, 15 May 2019 16:57:16 +0000

This month marks two years since the infamous WannaCry attack. Now a Remote Desktop Protocol (RDP) vulnerability has been discovered that could be used in a similar large-scale attack—though Microsoft has released a patch. Have you updated yet?

Categories:

Tags:

(Read more…)

The post Microsoft pushes patch to prevent ‘WannaCry’ level vulnerability appeared first on Malwarebytes Labs.

Read more

CVE-2018-18500: write-after-free vulnerability in Firefox, Analysis and Exploitation

Credit to Author: Yaniv| Date: Thu, 18 Apr 2019 15:35:40 +0000

Editor&#8217;s note: This article is a technical description of a bug discovered by a member of the Offensive Research team at SophosLabs, and how the researcher created a proof-of-concept &#8220;Arbitrary Read/Write Primitive&#8221; exploit for this bug. The vulnerability was deemed critical by Mozilla&#8217;s bug tracking team and was patched in Firefox 65.0. It&#8217;s written for [&#8230;]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/oTcYk6i594c” height=”1″ width=”1″ alt=””/>

Read more

From alert to driver vulnerability: Microsoft Defender ATP investigation unearths privilege escalation flaw

Credit to Author: Eric Avena| Date: Mon, 25 Mar 2019 15:00:07 +0000

Our discovery of two privilege escalation vulnerabilities in a driver highlights the strength of Microsoft Defender ATP’s sensors. These sensors expose anomalous behavior and give SecOps personnel the intelligence and tools to investigate threats, as we did.

The post From alert to driver vulnerability: Microsoft Defender ATP investigation unearths privilege escalation flaw appeared first on Microsoft Security.

Read more