HiveNightmare aka SeriousSAM vulnerability : what to do

Credit to Author: Greg Iddon| Date: Thu, 22 Jul 2021 12:05:12 +0000

Last updated 2021-07-22 HiveNightmare (CVE-2021-36934), also known as SeriousSAM, is a high severity zero-day elevation of privilege vulnerability in Windows currently under investigation by Microsoft. Since Windows 10 build 1809, the Access Control Lists (ACLs) for %windir%System32config have been granting read access to non-admin users. This is the primary directory that contains the files for [&#8230;]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/YBtfaot3ORM” height=”1″ width=”1″ alt=””/>

Read more

PrintNightmare vulnerability: what to do

Credit to Author: Anthony Merry| Date: Thu, 01 Jul 2021 11:22:21 +0000

PrintNightmare is a zero-day critical Windows bug that allows Remote Code Execution. It affects all supported Windows machines, including both endpoints and servers. For more information on the bug, please read the article on Naked Security.  As of 1 July 2021, there is no official patch yet to address this bug. Given the severity, we [&#8230;]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/KdxMKomfAe0″ height=”1″ width=”1″ alt=””/>

Read more

Microsoft: Chinese Cyberspies Used 4 Exchange Server Flaws to Plunder Emails

Credit to Author: BrianKrebs| Date: Tue, 02 Mar 2021 21:19:17 +0000

Microsoft Corp. today released software updates to plug four critical security holes that attackers have been using to plunder email communications at companies that use its Exchange Server products. The company says all four flaws are being actively exploited as part of a complex attack chain deployed by a previously unidentified Chinese cyber espionage group.

Read more

Lock and Code S1Ep19: Forecasting IoT cybersecurity with John Donovan and Adam Kujawa

Credit to Author: Malwarebytes Labs| Date: Mon, 09 Nov 2020 18:36:20 +0000

This week on Lock and Code, get a backstage pass to a Malkwarebytes employee cybersecurity training about the future of protecting the Internet of Things.

Categories:

Tags:

(Read more…)

The post Lock and Code S1Ep19: Forecasting IoT cybersecurity with John Donovan and Adam Kujawa appeared first on Malwarebytes Labs.

Read more

A week in security (October 26 – November 1)

Credit to Author: Malwarebytes Labs| Date: Mon, 02 Nov 2020 17:46:12 +0000

In this week in security (October 26 – November 1), we look at Google’s Chrome zero-day patch, Cybersecurity Awareness Month, ransomware cash and far more.

Categories:

Tags:

(Read more…)

The post A week in security (October 26 – November 1) appeared first on Malwarebytes Labs.

Read more

A zero-day guide for 2020: Recent attacks and advanced preventive techniques

Credit to Author: Ilai Bavati| Date: Tue, 23 Jun 2020 15:00:00 +0000

Zero-day vulnerabilities—and their potential, related attacks—can drive any security team mad. Here’s how you can bulk up your defenses.

Categories:

Tags:

(Read more…)

The post A zero-day guide for 2020: Recent attacks and advanced preventive techniques appeared first on Malwarebytes Labs.

Read more