elevation of privilege – Computer Security Articles

Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials

April 23, 2024 admin 0 Comments blizzard, elevation of privilege, forest blizzard (strontium), Government, non-governmental organizations (ngos), windows

Credit to Author: Microsoft Threat Intelligence| Date: Mon, 22 Apr 2024 16:00:00 +0000

Since 2019, Forest Blizzard has used a custom post-compromise tool to exploit a vulnerability in the Windows Print Spooler service that allows elevated permissions. Microsoft has issued a security update addressing this vulnerability as CVE-2022-38028.

The post Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials appeared first on Microsoft Security Blog.

Microsoft Security

Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction

October 30, 2023 admin adversary-in-the-middle (aitm), credential theft, elevation of privilege, extortion, human-operated ransomware, Ransomware as a Service, tempest

Credit to Author: Microsoft Incident Response and Microsoft Threat Intelligence| Date: Wed, 25 Oct 2023 16:30:00 +0000

Microsoft has been tracking activity related to the financially motivated threat actor Octo Tempest, whose evolving campaigns represent a growing concern for many organizations across multiple industries.

The post Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction appeared first on Microsoft Security Blog.

Security Sophos

January 2020 Patch Tuesday delivers fixes for 50 bugs

January 14, 2020 admin chromium, Edge, elevation of privilege, Exploits, microsoft, Patch Tuesday, RDP, SophosLabs Uncut, Updates, Vulnerability, windows

Credit to Author: SophosLabs Offensive Security| Date: Tue, 14 Jan 2020 18:15:18 +0000

This month’s big security news from Microsoft is the end of support for Windows 7, and a patch of a cryptographic library<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/wiyw9sHJyLE” height=”1″ width=”1″ alt=””/>

Security Sophos

Microsoft fixes drop in number for October, 2019 updates

October 9, 2019 admin adobe, Chakra, ChakraCore, Edge, elevation of privilege, Exploits, microsoft, Patch Tuesday, SophosLabs Uncut, Updates, VBScript, Vulnerability, windows

Credit to Author: SophosLabs Offensive Security| Date: Wed, 09 Oct 2019 20:00:31 +0000

A relatively low number of vulnerabilities were addressed in this month’s Windows update rollups<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/kC7qjGbuUh8″ height=”1″ width=”1″ alt=””/>