Multiple cross-site scripting (XSS) bugs and an XML external entity (XXE) problem opens the door to takeover of admin desktops.
A Windows interface that allows system administrators to configure and monitor systems from an admin level has several vulnerabilities that would allow an attacker to install malicious payloads and even take over a target, privileged machine.
The bugs are grouped under one umbrella (CVE-2019-0948) and are found in the Microsoft Management Console (MMC), according to Check Point researchers Eran Vaknin and Alon Boxiner,
An anonymous security researcher going by the name of SandboxEscaper today publicly shared a second zero-day exploit that can be used to bypass a recently patched elevation of privilege vulnerability in the Microsoft Windows operating system.
SandboxEscaper is known for publicly dropping zero-day exploits for unpatched Windows vulnerabilities. In the past year, the hacker has disclosed over half a dozen zero-day vulnerabilities in Windows OS without actually bothering to make Microsoft aware of the issues first.
A security researcher today revealed details of a newly unpatched vulnerability in Microsoft Windows Remote Desktop Protocol (RDP).
Tracked as CVE-2019-9510, the reported vulnerability could allow client-side attackers to bypass the lock screen on remote desktop (RD) sessions.
Discovered by Joe Tammariello of Carnegie Mellon University Software Engineering Institute (SEI), the flaw exists when Microsoft Windows Remote Desktop feature requires clients to authenticate with Network Level Authentication (NLA), a feature that Microsoft recently recommended as a workaround against the critical BlueKeep RDP vulnerability
Google Project Zero researcher unearths a bug in Microsoft’s Notepad Windows application.
A memory corruption bug in the Microsoft’s Windows Notepad application can be used to open remote shell access – typically a first step for attackers infiltrating a system.
The bug was found by Tavis Ormandy, a bug hunter with Google’s Project Zero team. In a tweet he indicated that the bug was tied to a memory corruption flaw in Notepad, a basic text editor that has shipped on all versions of Windows since 1985.
With advanced tech, smartphones in the hands of every individual, and the occasional self-driving car on the street, one might think that we are living in some futuristic society. Unfortunately, many industries are still stuck with old systems. The recent ransomware attack on Baltimore’s city government highlights the fact that many institutions are facing increasingly higher risks for being reluctant to change.
The ransomware attack on Baltimore, Maryland’s city government computers specifically affected systems that were needed to complete property deals in the region. As a result, during one of the real estate industry’s busiest times of the year, all relevant transactions were put on hold. When it comes to system evolution, the situation is a cold reminder that Baltimore and many other counties in the U.S. somehow got left by the wayside.
The US city of Baltimore has been partially paralyzed since 7 May, when a ransomware attack seized parts of the government’s computer systems.
As soon as the city discovered that it had been attacked, it informed the FBI and took its systems offline in an effort to keep the infection from spreading.
But not before the attack took down voicemail, email, a parking fines database, and a system used to pay water bills, property taxes and vehicle citations. Real estate transactions were also shut down.
It was lousy timing, given that this is one of the real estate industry’s busiest times of the year. The Baltimore Sun reported that hundreds of property sales could have been affected: A real estate agent with access to industry data told the newspaper that at least 1,500 sales were pending in Baltimore.
But a sliver of good news came on Monday, when Mayor Bernard Young’s office announced that the city had developed a manual workaround that would allow real estate transactions to resume during the outage.
After a yearlong investigation, the Dutch Fiscal Information and Investigation Service (FIOD) shut down Bestmixer.io today, one of the largest cryptocurrency laundering platform in the world, with the help of Europol and Luxembourg law enforcement authorities.
The investigation started back in June 2018 with the support of the security firm McAfee and it led to the seizure of the platform’s web domain and six of its servers in Luxembourg and Netherlands.
According to Europol’s press release, “Bestmixer.io was one of the three largest mixing services for cryptocurrencies and offered services for mixing the cryptocurrencies bitcoins, bitcoin cash and litecoins.”
In a short announcement today, Stack Overflow informs that it was the target of an attack that resulted in hackers accessing its production systems.
The website is currently online and the few public details offered in a brief message say that an investigation revealed that “some level of production access was gained on May 11.”
Security researchers have discovered serious vulnerabilities affecting dozens of Cisco devices.
The flaws allow hackers to deceive the part of the product hardware that checks whether software updates come from legitimate sources.
Experts believe this could put emails sent within an organisation at risk as they may use compromised routers.
Messages sent externally constitute less of a risk, however, as they tend to be encrypted.
The California-based firm said it is working on “software fixes” for all affected hardware.
A massive cyber-attack using tools believed to have been stolen from the US National Security Agency (NSA) has struck organisations around the world.
Cyber-security firm Avast said it had seen 75,000 cases of the ransomware – known as WannaCry and variants of that name – around the world.
There are reports of infections in 99 countries, including Russia and China.
Among the worst hit was the National Health Service (NHS) in England and Scotland.
The BBC understands about 40 NHS organisations and some medical practices were hit, with operations and appointments cancelled.
A hosting company took down a database operated by a spying app this week after it was found displaying thousands of intimate images and recordings online.
MobiiSpy, an Android app that can be used to track what people do on their phones, left over 95,000 images and 25,000 audio recordings on a publicly accessible database according to a report by Motherboard on 22 March.
Although the database didn’t include names or contact information, it did contain call records and photos that could be used to identify the phones’ owners.
According to researchers, the app’s developer had hardcoded the database URL directly into the app, which lets the operator read the target’s phone contacts and texts and even trigger remote recordings without the target’s knowledge.
Phishing attacks have seen an impressive 250% increase between January and December 2018, with attackers moving to multiple points of attacks during the same campaign, switching between URLs, domains, and servers when sending e-mails and hosting phishing forms.
Threat actors have also begun to diversify the infrastructure they use to run phishing campaigns, with Microsoft observing as part of its Security Intelligence Report (SIR) Volume 24 that hosted servers and public cloud tools were adopted to make it easier to camouflage as legitimate services or products.
Read more here: bleepingcomputer.com