Blog – Page 824 – Cyber Mike

Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks

Cybersecurity researchers have disclosed multiple security flaws in SimpleHelp remote access software that could lead to information disclosure, privilege escalation, and remote code execution.
Horizon3.ai researcher Naveen Sunkavally, in a technical report detailing the findings, said the “vulnerabilities are trivial to reverse and exploit.”
The list of identified flaws is as follows –

January Windows updates may fail if Citrix SRA is installed

Microsoft is warning that the January 2025 Windows 11 and Windows 10 cumulative updates may fail if Citrix Session Recording Agent (SRA) version 2411 is installed on the device. […]

Allstate car insurer sued for tracking drivers without permission

Texas Attorney General Ken Paxton has filed a lawsuit against Allstate and its data subsidiary Arity for unlawfully collecting, using, and selling driving data from over 45 million Americans. […]

WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites

A new malware campaign has compromised more than 5,000 WordPress sites to create admin accounts, install a malicious plugin, and steal data. […]

Adobe: Critical Code Execution Flaws in Photoshop

Patch Tuesday: Adobe ships patches for more than a dozen security defects in a wide range of software products.

The post Adobe: Critical Code Execution Flaws in Photoshop appeared first on SecurityWeek.

US govt says North Korea stole over $659 million in crypto last year

North Korean state-backed hacking groups have stolen over $659 million worth of cryptocurrency in multiple crypto-heists, according to a joint statement issued by the United States, South Korea, and Japan on Tuesday. […]

Windows 10 KB5049981 update released with new BYOVD blocklist

Microsoft has released the KB5049981 cumulative update for Windows 10 22H2 and Windows 10 21H2, which contains an updated Kernel driver blocklist to prevent Bring Your Own Vulnerable Driver (BYOVD) attacks. […]

Microsoft Patches Trio of Exploited Windows Hyper-V Zero-Days

Patch Tuesday: Microsoft has rushed out fixes for a trio of already-exploited zero-day vulnerabilities in the Windows Hyper-V platform.

The post Microsoft Patches Trio of Exploited Windows Hyper-V Zero-Days appeared first on SecurityWeek.

Biden Signs Executive Order Aimed at Growing AI Infrastructure in the US

The executive order comes on the heels of the Biden administration’s proposed restrictions on exports of AI chips, an attempt to balance national security concerns about the technology with economic interests of producers and other countries.

The post Biden Signs Executive Order Aimed at Growing AI Infrastructure in the US appeared first on SecurityWeek.

Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws

Today is Microsoft’s January 2025 Patch Tuesday, which includes security updates for 159 flaws, including eight zero-day vulnerabilities, with three actively exploited in attacks. […]

Cyber News