Microsoft has released a detailed set of FAQs and recommendations for users who are affected by the XZ Utils vulnerability which allows a threat actor to exploit SSH operations and get remote access.
Vulnerability RSS
Microsoft Edge 123 (and 122 in the Extended Stable Channel), which was recently re-released in the Stable Channel, received fixes for four zero-day vulnerabilities exploited in the wild.
Common electronic locks used in hotels still suffer from vulnerabilities reported to the manufacturer in 2022. It allows the hackers to forge universal keycards that can open any door.
The discussion about law enforcers' access to end-to-end encrypted communication reached a key milestone in Europe. A court says, essentially, that implementing such a measure would be illegal.
Here is a heads-up for WinRAR users: It is time to update the application to fix a vulnerability that numerous government-backed hacker groups have exploited since the beginning of the year.
GitHub users will now be able to privately report vulnerabilities to code maintainers. The feature was in public beta since last year but has been graduated to general availability.
Google's Project Zero security team has publicly disclosed multiple flaws in certain Linux kernels and distros following Red Hat's inability to fix them within the 90-day deadline assigned by Google.
MSI motherboards, from both Intel and AMD, have been vulnerable due to a broken Secure Boot firmware setting issue. The bug would allow potentially malicious files to boot into an affected system.
Microsoft has rolled out January 2023's Security Updates (SUs) for support versions of Exchange Server. They include better security for PowerShell payloads, along with a known bug for OWA.
A security researcher recently discovered serious vulnerabilities in Google Home smart speakers that could allow an attacker to install a "backdoor" account on the device and gain remote access.
A new study has found that Google Chrome is the browser with the greatest number of security vulnerabilities in 2022. It is also the only browser with newly discovered vulnerabilities in October.
Modders have managed to jailbreak the PlayStation 5 using a WebKit exploit in an old PS5 firmware. The exploit is quite limited at this point, but work will likely continue to make it more useful.
Microsoft has issued an advisory about two 0-day vulnerabilities affecting on-premises installations of Exchange Server. Unfortunately, no fix is available yet but there are a couple of mitigations.
The Microsoft 365 Defender Research Team has today disclosed a high-severity vulnerability in the Android version of TikTok, allowing attackers to access user accounts with a single click.
The MITRE Corporation has officially declared that Janet Jackson's music video of Rhythm Nation is an exploit. It has assigned it a CVE ID nearly two decades after its initial discovery.
Signal has reported a recent phishing attack on its verification service provider, Twilio, which has exposed approximately 1,900 users registered to a Signal account. Twilio has shut down the attack.
_medium.jpg)
Google has rolled out security updates for Chrome across various channels to fix a handful of issues, including one 0-day exploit. Details of the problem are private for now but it has high severity.
Open-Source code is quite popular as it reduces the software development cycle. However, rampant use of the same is increasing security concerns. Companies must have some policy to deal with risks.
_medium.jpg)
Microsoft's latest Patch Tuesday updates - released yesterday - fix a lot of recently publicized security issues like Follina, however, DogWalk remains unpatched as Microsoft continues to downplay it.
Some IT admins may be in for a scare this weekend as Atlassian has warned of a critical RCE flaw affecting all Confluence Server and Data Center versions. Internet access should be restricted ASAP.
A newly discovered zero-day vulnerability in modern Windows versions allows bad actors to launch a Windows Search window and connect to infected directories using a single Word file.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is no longer recommending the installation of May Patch Tuesday updates on Domain Controllers because of authentication issues.
Chromium has received an update to patch a rather mysterious but severe vulnerability in its V8 engine. Both Google and Microsoft have updated their respective browsers but are being very secretive.
_medium.jpg)
Google has issued a warning about a sophisticated exploit kit being used to target news media, IT, crypto, and fintech personnel. The attackers were reportedly state-sponsored North Korean groups.
Microsoft has published details about a security vulnerability dubbed "AutoWarp" in Azure Automation service. It could enable attackers to get access to resources of other Azure customers.
Google's Project Zero team has shared some interesting stats regarding its findings for the past couple of years today. Interestingly, it found the most security issues in Microsoft products.
While this week was relatively slow due to the holiday season, we do have some notable items to recap including Active Directory woes, a couple of acquisitions, and what almost became Cortana's name.
Microsoft has issued an advisory about an Active Directory privilege escalation attack. The vulnerabilities have already been patched but unpatched domain controllers are more at risk now than ever.
Microsoft has revealed more details about a macOS vulnerability that it discovered and reported to Apple. A patch is now out for OS-level flaw "Shrootless" on macOS Monterey, Catalina, and Big Sur.
Microsoft has acknowledged that it is investigating a Windows zero-day vulnerability that is currently being exploited in the wild. The firm has provided a workaround that involves AcitveX controls.
A major flaw in Azure Cosmos DB has exposed customer data and given admin access to it for the past couple of years. Microsoft has now patched the issue and asked customers to rotate their keys.
Google Project Zero has disclosed yet another Windows vulnerability that can lead to elevation of privilege. Microsoft had initially stated that it would not resolve it, but is now working on a fix.
Microsoft highlighted a collection of BadAlloc vulnerabilities earlier this year. Federal U.S. cybersecurity agency CISA has now issued an advisory as the problem affects tons of BlackBerry products.
Microsoft has released another patch for the critical PrintNightmare vulnerability. It makes major changes to the Point and Print functionality on Windows, and immediate installation is recommended.
Google has decided to launch a new dedicated website that unifies the different VRPs and makes publishing bug reports and submissions easier. This is to celebrate 10 years of its VRP.
Microsoft has confirmed that its update KB5004945 breaks Zebra printers preventing them from working properly. The company will release a new patch within the next few days that will fix the problem.
Security researchers are reporting that Microsoft's fix for the PrintNightmare vulnerability that rolled out to most Windows versions is ineffective, and can let attackers completely bypass it.
Microsoft has begun rolling out a mandatory update for the most recent Windows 10 versions - 2004, 20H2, and 21H1 - to patch the recently acknowledged PrintNightmare critical vulnerability.
In this week's recap, we'll cover more info that has surfaced about Windows 11, the severe PrintNightmare vulnerability, and even a dash of gaming news. Be sure to catch up via our overview.
Microsoft has offered some further mitigations against the highly dangerous PrintNightmare exploit. The company has also given it a CVSS rating of 8.8/10, which almost awards it "critical" severity.
Windows 11 build 27754 is out with modernized Windows Hello, new taskbar features, more
Windows 11 audio bug blasts users with 100% volume, Microsoft confirms
Microsoft's free Bing Wallpaper app for Windows is borderline malware
You can now make a tiny and bloat-free Windows 11 24H2 ISO with updated tiny11 core maker
Recommended by 
We're on Mastodon!
We're on Mastodon!