brangberg – Page 1204

Microsoft Reveals Four OpenVPN Flaws Leading to Potential RCE and LPE

Microsoft on Thursday disclosed four medium-severity security flaws in the open-source OpenVPN software that could be chained to achieve remote code execution (RCE) and local privilege escalation (LPE).
“This attack chain could enable attackers to gain full control over targeted endpoints, potentially resulting in data breaches, system compromise, and unauthorized access to sensitive information

CSC ServiceWorks discloses data breach after 2023 cyberattack

CSC ServiceWorks, a leading provider of commercial laundry services, has disclosed a data breach after the personal information of an undisclosed number of individuals was exposed in a 2023 cyberattack. […]

New AMD SinkClose flaw helps install nearly undetectable malware

AMD is warning about a high-severity CPU vulnerability named SinkClose that impacts multiple generations of its EPYC, Ryzen, and Threadripper processors. The vulnerability allows attackers with Kernel-level (Ring 0) privileges to gain Ring -2 privileges and install malware that becomes nearly undetectable. […]

Microsoft discloses Office zero-day, still working on a patch

Microsoft has disclosed a high-severity zero-day vulnerability affecting Office 2016 and later, which is still waiting for a patch. […]

Malware force-installs Chrome extensions on 300,000 browsers, patches DLLs

An ongoing and widespread malware campaign force-installed malicious Google Chrome and Microsoft Edge browser extensions in over 300,000 browsers, modifying the browser’s executables to hijack homepages and steal browsing history. […]

New Flaws in Sonos Smart Speakers Allow Hackers to Eavesdrop on Users

Cybersecurity researchers have uncovered weaknesses in Sonos smart speakers that could be exploited by malicious actors to clandestinely eavesdrop on users.
The vulnerabilities “led to an entire break in the security of Sonos’s secure boot process across a wide range of devices and remotely being able to compromise several devices over the air,” NCC Group security researchers Alex Plaskett and

In Other News: KnowBe4 Product Flaws, SEC Ends MOVEit Probe, SOCRadar Responds to Hacking Claims

Noteworthy stories that might have slipped under the radar: KnowBe4 product vulnerabilities, SOCRadar responds to hacker’s claims, and SEC ends the MOVEit hack probe.

The post In Other News: KnowBe4 Product Flaws, SEC Ends MOVEit Probe, SOCRadar Responds to Hacking Claims appeared first on SecurityWeek.

Iran Is Accelerating Cyber Activity That Appears Meant to Influence the US Election, Microsoft Says

Iranian actors have spent recent months creating fake news sites and impersonating activists, laying the groundwork to stoke division and potentially sway American voters this fall.

The post Iran Is Accelerating Cyber Activity That Appears Meant to Influence the US Election, Microsoft Says appeared first on SecurityWeek.

Warnings Issued Over Cisco Device Hacking, Unpatched Vulnerabilities

CISA is warning organizations about abuse of Cisco Smart Install feature, as Cisco is notifying customers about critical phone vulnerabilities it’s not patching.

The post Warnings Issued Over Cisco Device Hacking, Unpatched Vulnerabilities appeared first on SecurityWeek.

Vulnerability Allowed Eavesdropping via Sonos Smart Speakers

Sonos has patched vulnerabilities in its smart speakers, including a serious flaw that could have been exploited to eavesdrop on users.

The post Vulnerability Allowed Eavesdropping via Sonos Smart Speakers appeared first on SecurityWeek.

Author: brangberg