exploit

Original release date: September 14, 2020 Summary The Cybersecurity and Infrastructure Security Agency (CISA) has consistently observed Chinese Ministry of State Security (MSS)-affiliated cyber threat actors using publicly available information sources and common, well-known tactics...

Original release date: December 5, 2019 Summary This Alert is the result of recent collaboration between the Department of the Treasury Financial Sector Cyber Information Group (CIG) and the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) to identify and share...

Pretty significant vulnerability that Microsoft is patching even for out of support versions of Windows. For the out of support the update is available only through the Windows Update Catalog. Microsoft Update Catalog TechNet Blog about the vulnerability and direct links to the patch download...

Today Microsoft released fixes for a critical Remote Code Execution vulnerability, CVE-2019-0708, in Remote Desktop Services – formerly known as Terminal Services – that affects some older versions of Windows. The Remote Desktop Protocol (RDP) itself is not vulnerable. This vulnerability is...

Original release date: May 02, 2019 Summary The Cybersecurity and Infrastructure Security Agency (CISA) is issuing this activity alert in response to recently disclosed exploits that target unsecure configurations of SAP components. [1] Technical Details A presentation at the April 2019...

The Microsoft Security Response Center (MSRC) recently announced our first BlueHat security conference in Shanghai which will take place on May 29-30, 2019. After 15 years of BlueHat events in Redmond, Washington and Israel, we are thrilled to expand to a new location. We work with many talented...

Intel has revealed another major security vulnerability in its CPUs, similar to the Meltdown/Spectre vulnerabilities revealed earlier this year. It is understood that at this time there are no current exploits and further information can be found on the released Link Removed . AMD chips are...

Original release date: May 25, 2018 Systems Affected Small office/home office (SOHO) routers Networked devices Network-attached storage (NAS) devices Overview Cybersecurity researchers have identified that foreign cyber actors have compromised hundreds of thousands of home and office...

Looks like EMET is coming back as a built-in feature in the fall creators update. I've personally always used it as a free added security measure. Like other security software it's not bullet proof and there have been bypasses, but it does a good job of protecting against common avenues used...

Today, Microsoft triaged a large release of exploits made publicly available by Shadow Brokers. Understandingly, customers have expressed concerns around the risk this disclosure potentially creates. Our engineers have investigated the disclosed exploits, and most of the exploits are already...

In a recent post, we outlined the layered strategy that the Microsoft Edge security team employs to protect you from vulnerabilities that could be used to compromise your device or personal data. In particular, we showed how Microsoft Edge is leveraging technologies like Code Integrity Guard...

Severity Rating: Important Revision Note: V1.0 (March 14, 2017): Click here to enter text. Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker with access to the local system executes a malicious...

Severity Rating: Critical Revision Note: V1.0 (March 14, 2017): Bulletin published. Summary: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker sends specially crafted messages to a Windows...

Severity Rating: Critical Revision Note: V1.0 (March 14, 2017): Bulletin published. Summary: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge...

Some of the most important security features in modern web browsers are those that you never actually see as you browse the web. These security features work behind the scenes to protect you from browser-based vulnerabilities that could be abused by hackers to compromise your device or personal...

Severity Rating: Critical Revision Note: V1.0 (December 13, 2016): Bulletin published. Summary: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet...

for everyone using firefox (or tor) … update your browser immediately … there are some critical updates you don't want to miss. the updates are engineered to circumvent a zero-day exploit. according to the article(s) posted below … evidently, pc 'n mac 'n linux...

Ransomware is one of the latest malware threats that is attracting an increasing number of cyber-criminals who are looking to profit from it. In fact, in the last 12 months, the number of ransomware variants have more than doubled. Its premise is deceptively simple: infect users’ devices, and...

Severity Rating: Important Revision Note: V1.0 (November 8, 2016): Bulletin published. Summary: The Windows Virtual Hard Disk Driver improperly handles user access to certain files. An attacker can manipulate files in locations not intended to be available to the user by exploiting this...

Severity Rating: Critical Revision Note: V1.0 (October 11, 2016): Bulletin published. Summary: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet...