exploit

  1. November 2024 Patch Tuesday: Microsoft Fixes 89 Vulnerabilities

    As the leaves turn and November ushers in the chill of winter, Microsoft is heating things up with a substantial software patch that you don’t want to overlook. On November 12, 2024, Redmond unleashed its monthly Patch Tuesday update, delivering fixes for a whopping 89 vulnerabilities, among...
  2. CVE-2024-7971: Urgent Security Flaw in Microsoft Edge and Google Chrome

    The recent identification of CVE-2024-7971, a security vulnerability classified as "Type Confusion in V8," has raised significant concerns within the tech community, especially for users of Microsoft Edge, which is based on Chromium. In this article, we will delve into the nature of this...
  3. NEWS Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability

    On Monday May 30, 2022, Microsoft issued CVE-2022-30190 regarding the Microsoft Support Diagnostic Tool (MSDT) in Windows vulnerability. A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully...
  4. VIDEO ⚠️SEVERE NEW WINDOWS EXPLOIT⚠️ Do This Now!

    🤔
  5. VIDEO AA21-265A: Conti Ransomware

    Original release date: September 22, 2021 Summary Immediate Actions You Can Take Now to Protect Against Conti Ransomware • Use Link Removed. • Segment and segregate networks and functions. • Update your operating system and software. Note: This Alert uses the MITRE Adversarial Tactics...
  6. AA21-259A: APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus

    Original release date: September 16, 2021 Summary This Joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 8. See the ATT&CK for Enterprise for referenced threat actor tactics and for techniques. This joint advisory is...
  7. NEWS Razer Synapse bug grants Windows admin privileges by plugging in a mouse or keyboard

    In brief: It seems that gaining administrator-level Windows privileges on a PC doesn't require much work; all you need is physical access and a Razer mouse or keyboard. It's the result of a zero-day vulnerability in the company's popular Synapse software that exploits the plug-and-play...
  8. VIDEO Bluetooth: Hacked... Unfixable Apple M1 Exploit

    :eek:
  9. VIDEO How A 17 Year Old Hacker Pwned Twitter

    :eek:
  10. VIDEO Pentest Goes Wrong, Tor Taken Over, 128 Million iPhones Pwned: Apple Silent

    :rolleyes:
  11. AA21-110A: Exploitation of Pulse Connect Secure Vulnerabilities

    Original release date: April 20, 2021 Summary The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises affecting U.S. government agencies, critical infrastructure entities, and other private sector organizations by a cyber threat actor—or actors—beginning in June 2020...
  12. Wormable Vulnerability (RDP service) in Out of Support Operating Systems

    Pretty significant vulnerability that Microsoft is patching even for out of support versions of Windows. For the out of support the update is available only through the Windows Update Catalog. Microsoft Update Catalog TechNet Blog about the vulnerability and direct links to the patch download...
  13. Prevent a worm by updating Remote Desktop Services (CVE-2019-0708)

    Today Microsoft released fixes for a critical Remote Code Execution vulnerability, CVE-2019-0708, in Remote Desktop Services – formerly known as Terminal Services – that affects some older versions of Windows. The Remote Desktop Protocol (RDP) itself is not vulnerable. This vulnerability is...
  14. TA18-145A: Cyber Actors Target Home and Office Routers and Networked Devices Worldwide

    Original release date: May 25, 2018 Systems Affected Small office/home office (SOHO) routers Networked devices Network-attached storage (NAS) devices Overview Cybersecurity researchers have identified that foreign cyber actors have compromised hundreds of thousands of home and office...
  15. Windows EMET making a come back.

    Looks like EMET is coming back as a built-in feature in the fall creators update. I've personally always used it as a free added security measure. Like other security software it's not bullet proof and there have been bypasses, but it does a good job of protecting against common avenues used...
  16. Strengthening the Microsoft Edge Sandbox

    In a recent post, we outlined the layered strategy that the Microsoft Edge security team employs to protect you from vulnerabilities that could be used to compromise your device or personal data. In particular, we showed how Microsoft Edge is leveraging technologies like Code Integrity Guard...
  17. MS17-016 - Important: Security Update for Windows IIS (4013074) - Version: 1.0

    Severity Rating: Important Revision Note: V1.0 (March 14, 2017): Click here to enter text. Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker with access to the local system executes a malicious...
  18. MS17-010 - Critical: Security Update for Microsoft Windows SMB Server (4013389) - Version: 1.0

    Severity Rating: Critical Revision Note: V1.0 (March 14, 2017): Bulletin published. Summary: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker sends specially crafted messages to a Windows...
  19. MS17-007 - Critical: Cumulative Security Update for Microsoft Edge (4013071) - Version: 1.0

    Severity Rating: Critical Revision Note: V1.0 (March 14, 2017): Bulletin published. Summary: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge...
  20. MS16-144 - Critical: Cumulative Security Update for Internet Explorer (3204059) - Version: 1.0

    Severity Rating: Critical Revision Note: V1.0 (December 13, 2016): Bulletin published. Summary: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet...