An emerging phishing-as-a-service (PhaaS) platform called Mamba 2FA has been observed targeting Microsoft 365 accounts in AiTM attacks using well-crafted login pages. […]
Microsoft fixes Remote Desktop issues caused by Windows Server update
Microsoft says this month’s Patch Tuesday cumulative updates fix a known issue that causes Windows servers to disrupt Remote Desktop connections in enterprise networks after installing the July Windows Server security updates. […]
Patch Tuesday: Microsoft Confirms Exploited Zero-Day in Windows Management Console
Redmond warns that attackers are rigging Microsoft Saved Console (MSC) files to execute remote code on targeted Windows systems.
The post Patch Tuesday: Microsoft Confirms Exploited Zero-Day in Windows Management Console appeared first on SecurityWeek.
Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws
Today is Microsoft’s October 2024 Patch Tuesday, which includes security updates for 118 flaws, including five publicly disclosed zero-days, two of which are actively exploited. […]
Windows 11 KB5044284 and KB5044285 cumulative updates released
Microsoft has released the KB5044284 and KB5044285 Windows 11 cumulative updates for versions 24H2 and 22H2/23H2 to fix security vulnerabilities and resolve 27 bugs and performance issues. […]
Adobe Patches Critical Bugs in Commerce and Magento Products
Adobe documents 25 vulnerabilities in Adobe Commerce and warns of code execution and privilege escalation exposure.
The post Adobe Patches Critical Bugs in Commerce and Magento Products appeared first on SecurityWeek.
Windows 10 KB5044273 update released with 9 fixes, security updates
Microsoft has released the KB5044273 cumulative update for Windows 10 22H2 and Windows 10 21H2, which includes nine changes and fixes, including a new Windows Update opt-in notification shown when you log in to the operating system. […]
Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited
Ivanti has warned that three new security vulnerabilities impacting its Cloud Service Appliance (CSA) have come under active exploitation in the wild.
The zero-day flaws are being weaponized in conjunction with another flaw in CSA that the company patched last month, the Utah-based software services provider said.
Successful exploitation of these vulnerabilities could allow an authenticated
The zero-day flaws are being weaponized in conjunction with another flaw in CSA that the company patched last month, the Utah-based software services provider said.
Successful exploitation of these vulnerabilities could allow an authenticated
Gamers Tricked Into Downloading Lua-Based Malware via Fake Cheating Script Engines
Users searching for game cheats are being tricked into downloading a Lua-based malware that is capable of establishing persistence on infected systems and delivering additional payloads.
“These attacks capitalize on the popularity of Lua gaming engine supplements within the student gamer community,” Morphisec researcher Shmuel Uzan said in a new report published today, adding “this malware
“These attacks capitalize on the popularity of Lua gaming engine supplements within the student gamer community,” Morphisec researcher Shmuel Uzan said in a new report published today, adding “this malware
SecurityWeek to Host Zero Trust Strategies Summit as Virtual Event on October 9th
Online summit is laser focused on helping organizations to level up their Identity and Zero Trust security strategies.
The post SecurityWeek to Host Zero Trust Strategies Summit as Virtual Event on October 9th appeared first on SecurityWeek.