Patch Tuesday: Microsoft patches 90 security flaws across the Windows ecosystem warns of zero-day exploitation and code execution risks.
The post Microsoft Confirms Zero-Day Exploitation of Task Scheduler Flaw appeared first on SecurityWeek.
Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws
Today is Microsoft’s November 2024 Patch Tuesday, which includes security updates for 91 flaws, including four zero-days, two of which are actively exploited. […]
Windows 11 KB5046617 and KB5046633 cumulative updates released
Microsoft has released the Windows 11 KB5046617 and KB5046633 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues. […]
Patch Tuesday: Critical Flaws in Adobe Commerce, Photoshop, InDesign, Illustrator
Adobe patches critical-severity bugs in multiple products, including the Adobe Commerce and Magento Open Source platforms.
The post Patch Tuesday: Critical Flaws in Adobe Commerce, Photoshop, InDesign, Illustrator appeared first on SecurityWeek.
Signal introduces convenient “call links” for private group chats
The Signal messenger application has announced a set of new features aimed at making private group chats more convenient and easier for people to join. […]
FBI, CISA, and NSA reveal most exploited vulnerabilities of 2023
The FBI, the NSA, and cybersecurity authorities of the Five Eyes intelligence alliance have released today a list of the top 15 routinely exploited vulnerabilities throughout last year. […]
Volt Typhoon rebuilds malware botnet following FBI disruption
The Chinese state-sponsored hacking group Volt Typhoon has begun to rebuild its “KV-Botnet” malware botnet after it was disrupted by law enforcement in January, according to researchers from SecurityScorecard. […]
GitLoker Strikes Again: New “Goissue” Tool Targets GitHub Developers and Corporate Supply Chains
GoIssue is a new tool for cybercriminals that allows attackers to extract email addresses from GitHub profiles and send bulk emails to users.
The post GitLoker Strikes Again: New “Goissue” Tool Targets GitHub Developers and Corporate Supply Chains appeared first on SecurityWeek.
New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration
Cybersecurity researchers have disclosed new security flaws impacting Citrix Virtual Apps and Desktop that could be exploited to achieve unauthenticated remote code execution (RCE)
The issue, per findings from watchTowr, is rooted in the Session Recording component that allows system administrators to capture user activity, and record keyboard and mouse input, along with a video stream of the
The issue, per findings from watchTowr, is rooted in the Session Recording component that allows system administrators to capture user activity, and record keyboard and mouse input, along with a video stream of the
New Phishing Tool GoIssue Targets GitHub Developers in Bulk Email Campaigns
Cybersecurity researchers are calling attention to a new sophisticated tool called GoIssue that can be used to send phishing messages at scale targeting GitHub users.
The program, first marketed by a threat actor named cyberdluffy (aka Cyber D’ Luffy) on the Runion forum earlier this August, is advertised as a tool that allows criminal actors to extract email addresses from public GitHub
The program, first marketed by a threat actor named cyberdluffy (aka Cyber D’ Luffy) on the Runion forum earlier this August, is advertised as a tool that allows criminal actors to extract email addresses from public GitHub