Bleeping Computer
Microsoft: Windows Server 2019 updates fail with 0x800f0982 errors
Microsoft has acknowledged a new known issue causing this month's KB5037765 security update for Windows Server 2019 to fail to install with 0x800f0982 errors.
Bleeping Computer
Microsoft fixes VPN failures caused by April Windows updates
Today, Microsoft fixed a known issue breaking VPN connections across client and server platforms after installing the April 2024 Windows security updates.
Bleeping Computer
Microsoft fixes Windows Server bug causing crashes, NTLM auth failures
Microsoft has fixed a known issue causing NTLM authentication failures and domain controller reboots after installing last month's Windows Server security updates.
Bleeping Computer
Microsoft: April Windows Server updates also cause crashes, reboots
Microsoft has confirmed that last month's Windows Server security updates may also cause domain controller reboots after the Local Security Authority Subsystem Service (LSASS) process crashes.
CSO
Germany blames Russian hackers for months-long cyber espionage
The attacks by Russia-backed Fancy Bear used an Outlook exploit to compromise several German officials’ accounts.
Bleeping Computer
Microsoft: April Windows Server updates cause NTLM auth failures
Microsoft has confirmed customer reports of NTLM authentication failures and high load after installing last month's Windows Server security updates.
Bleeping Computer
Microsoft pulls fix for Outlook bug behind ICS security alerts
Microsoft reversed the fix for an Outlook bug causing erroneous security warnings after installing December 2023 security updates
The Cyber Express
Microsoft Uncovers GooseEgg Malware: A New Weapon in Russian State Hackers’ Arsenal
Microsoft researchers uncovered a new tool in the Russian state hackers’ arsenal that helped them gain elevated access, pilfer credentials
Bleeping Computer
HelloKitty ransomware rebrands, releases CD Projekt and Cisco data
An operator of the HelloKitty ransomware operation announced they changed the name to 'HelloGookie,' releasing passwords for previously leaked CD Projekt source code, Cisco network information, and decryption keys from old attacks..
The Hacker News
Identity in the Shadows: Shedding Light on Cybersecurity's Unseen Threats
Ever heard of shadow admins? A single slip in settings can create 109 of them, risking your entire network's security! Learn how to prevent this.
Cyber Security News
PoC Released For Critical Zero-Click Windows Vulnerability
Microsoft's wide reach as a target prompted attackers to carry out intensive studies on the vulnerabilities and mitigation tools of their
Security Affairs
Palo Alto Networks fixed multiple DoS bugs in its firewalls
Palo Alto Networks fixed several flaws in its PAN-OS operating system, including 3 issues that can trigger a DoS condition on its firewalls
Cyber Security News
Multiple Palo Alto Networks Firewall Flaws Let Attackers Cause Disruption
These flaws could allow attackers to disrupt services by causing a denial of service (DoS) or manipulating user access controls. The vulnerabilities are tracked as CVE-2024-3382, CVE-2024-3383, and CVE-2024-3384.
SecurityWeek
Palo Alto Networks Patches Vulnerabilities Allowing Firewall Disruption
Palo Alto Networks patches several high-severity vulnerabilities, including ones that allow DoS attacks against its firewalls.
The Cyber Express
Microsoft Patch Tuesday 2024 Update Fixes 147 New Vulnerabilities
Microsoft has released the latest Patch Tuesday update, addressing a large number of vulnerabilities across various products and services. The
Trend Micro
How Red Team Exercises Increases Your Cyber Health
Delve into the world of red team exercises, their vital role in enhancing organizational security through simulated cyberattacks, including tactics like phishing and lateral movement within networks, and understand the need for regular testing and improvement to counter evolving threats effectively.
Infosecurity News
New Malware “Latrodectus” Linked to IcedID
The malware, discovered by Proofpoint and Team Cymru, was mainly utilized by initial access brokers
Bleeping Computer
Microsoft fixes Outlook security alerts bug caused by December updates
Microsoft has fixed an issue that triggers erroneous Outlook security alerts when opening .ICS calendar files after installing the December 2023 Outlook Desktop security updates
The Hacker News
Detecting Windows-based Malware Through Better Visibility
Traditional defense tactics don't always apply to cyber warfare. With EventSentry, bolster your network's defense with prevention, detection, and ongo
Security Affairs
German BSI warns of 17K unpatched Microsoft Exchange servers
German Federal Office for Information Security (BSI) warned of thousands of Microsoft Exchange servers vulnerable to critical flaws
.webp)
Cyber Security News
Metasploit Framework 6.4 Released: What’s New
Metasploit Framework 6.4 is a testament to this ongoing battle, bringing a host of new features and improvements of cybersecurity.
The Hacker News
APT28 Hacker Group Targeting Europe, Americas, Asia in Widespread Phishing Scheme
IBM X-Force uncovers extensive phishing campaigns by APT28, targeting Europe, the South Caucasus, Central Asia, and the Americas.
Cyber Security News
How to Set Up a Network Research Laboratory for Malware Analysis (SOC & DFIR Teams)
Researchers can learn more about the exploit by making a proof-of-concept (PoC) and testing its functionality in a separate environment.
Bleeping Computer
Hackers steal Windows NTLM authentication hashes in phishing attacks
The hacking group known as TA577 has recently shifted tactics by using phishing emails to steal NT LAN Manager (NTLM) authentication hashes to perform account hijacks.
Infosecurity News
TA577 Exploits NTLM Authentication Vulnerability
Proofpoint warned the method could be used for data gathering and further malicious activities
Cyber Security News
Weekly Cyber Security News Letter & Threats Roundup - Top 25 Cyber Incidents
Welcome to the Cyber Security News Recap, a weekly newsletter. We strive to provide you with the most current information regarding advancements in cybersecurity.
Cyber Security News
Hackers Using Weaponized ZIP File To Steal NTLM Hashes
ZIP files are used by threat actors to weaponize them since they can easily convey malicious payloads within compressed archives, making it
Infosecurity News
FBI Issues Alert on Russian Threats Targeting Ubiquiti Routers
The routers were hijacked to steal credentials, proxy traffic, and host phishing pages and custom tools
Cyber Security News
Russian Hackers Hijack Ubiquiti Routers To Proxy Network
Threat actors hijack routers to gain unauthorized access to network traffic. This enables them to monitor, manipulate, or intercept sensitive
HACKRead
FBI Alert: Russian Hackers Target Ubiquiti Routers for Data, Botnet Creation
Russian hackers from APT28 are using hacked Ubiquiti EdgeRouters to build extensive botnets, steal credentials and other malicious activities.
Security Affairs
Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations
Russian cyberspies are compromising Ubiquiti EdgeRouters to evade detection, warns a joint advisory published by authorities.
The Hacker News
Cybersecurity Agencies Warn Ubiquiti EdgeRouter Users of APT28's MooBot Threat
Nations unite to warn against the MooBot botnet threat targeting Ubiquiti EdgeRouters.
The DFIR Report
SEO Poisoning to Domain Control: The Gootloader Saga Continues - The DFIR Report
Key Takeaways More information about Gootloader can be found in the following reports: The DFIR Report, GootloaderSites, Mandiant, Red Canary, & Kroll. An audio version of this report can be … Read More
Security Affairs
Microsoft Exchange flaw CVE-2024-21410 could impact up to 97,000 servers
Researchers from Shadowserver Foundation identified roughly 28,000 internet-facing Microsoft Exchange servers vulnerable to CVE-2024-21410.
.webp)
Cyber Security News
8,500+ Exchange Servers Vulnerable To Privilege escalation 0-Day Flaw
A critical vulnerability in Microsoft Exchange Server, identified as CVE-2024-21410, has been reported to be actively exploited by threat
SecurityWeek
Recent Zero-Day Could Impact Up to 97,000 Microsoft Exchange Servers
Shadowserver Foundation has identified roughly 28,000 Microsoft Exchange servers impacted by a recent zero-day.
Bleeping Computer
Over 28,500 Exchange servers vulnerable to actively exploited bug
Up to 97,000 Microsoft Exchange servers may be vulnerable to a critical severity privilege escalation flaw tracked as CVE-2024-21410 that hackers are actively exploiting.
HACKRead
New MonikerLink Flaw Exposes Outlook Users to Data Theft and Malware
A new security flaw in Microsoft Outlook known as #MonikerLink allows hackers to execute arbitrary code on the targeted device.
Security Affairs
CISA adds Microsoft Exchange and Cisco ASA and FTD bugs to its Known Exploited Vulnerabilities catalog - Security Affairs
U.S. CISA adds Microsoft Exchange and Cisco ASA and FTD bugs to its Known Exploited Vulnerabilities catalog.
The Hacker News
U.S. Government Disrupts Russian-Linked Botnet Engaged in Cyber Espionage
U.S. government disrupted a botnet comprised of SOHO routers used by the Russia-linked APT28 group for malicious activities.
DarkReading
Microsoft Exchange Server Flaw Exploited as a Zero-Day Bug
Microsoft says it has observed signs of active exploits targeting CVE-2024-2140.
SecurityWeek
Microsoft Warns of Exploited Exchange Server Zero-Day
Microsoft says a newly patched Exchange Server vulnerability (CVE-2024-21410) has been exploited in attacks.
The Hacker News
Critical Exchange Server Flaw (CVE-2024-21410) Under Active Exploitation
A newly discovered privilege escalation vulnerability (CVE-2024-21410) in Microsoft Exchange Server is being actively exploited.
Bleeping Computer
Microsoft: New critical Exchange bug exploited as zero-day
Microsoft warned today in an updated security advisory that a critical vulnerability in Exchange Server was exploited as a zero-day before being fixed during this month's Patch Tuesday.
Bleeping Computer
Microsoft: New critical Outlook RCE bug exploited as zero-day
Microsoft updated a security advisory today to warn that a critical Outlook bug was exploited in attacks as a zero-day before being fixed during this month's Patch Tuesday.
Bleeping Computer
New critical Microsoft Outlook RCE bug is trivial to exploit
Microsoft says remote unauthenticated attackers can trivially exploit a critical Outlook security vulnerability that also lets them bypass the Office Protected View.
Bleeping Computer
Microsoft Exchange update enables Extended Protection by default
Microsoft is automatically enabling Windows Extended Protection on Exchange servers after installing this month's 2024 H1 Cumulative Update (aka CU14).
Infosecurity News
Microsoft Fixes Two Zero-Days in February Patch Tuesday
Two zero-day bugs actively exploited in the wild now have official Microsoft patches
The Hacker News
Microsoft Rolls Out Patches for 73 Flaws, Including 2 Windows Zero-Days
Microsoft's latest Patch Tuesday tackles 73 vulnerabilities, including actively exploited zero-days.
SC Magazine
Microsoft patches 2 exploited zero-days, 5 critical vulnerabilities
The fixes were among 73 the software giant released in this February's Patch Tuesday.
DarkReading
Attackers Exploit Microsoft Security-Bypass Zero-Day Bugs
The Water Hydra cyberattacker group is one adversary using the zero-days to get past built-in Windows protections.
Krebs on Security
Fat Patch Tuesday, February 2024 Edition
Microsoft Corp. today pushed software updates to plug more than 70 security holes in its Windows operating systems and related products, including two zero-day vulnerabilities that are already being exploited in active attacks.
The Hacker News
Why Are Compromised Identities the Nightmare to IR Speed and Efficiency?
Discover how Silverfort's Unified Identity Protection Platform revolutionizes Incident Response by swiftly detecting compromised accounts and bolsteri
Security Affairs
26 Cyber Security Stats Every User Should Be Aware Of in 2024
26 key cyber security stats for 2024 that every user should know, from rising cyber crime rates to the impact of AI technology.
Bleeping Computer
Microsoft Outlook December updates trigger ICS security alerts
Microsoft is investigating an issue that triggers Outlook security alerts when trying to open .ICS calendar files after installing December 2023 Patch Tuesday Office security updates.
Security Affairs
Security Affairs newsletter Round 457 by Pierluigi Paganini
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
The Hacker News
Russian APT28 Hackers Targeting High-Value Orgs with NTLM Relay Attacks
Russian state-sponsored hackers (APT28) have been conducting sophisticated cyberattacks for over a year, targeting high-value organizations worldwide.
Trend Micro
Pawn Storm Uses Brute Force and Stealth Against High-Value Targets
Based on our estimates, from approximately April 2022 until November 2023, Pawn Storm attempted to launch NTLMv2 hash relay attacks through different methods, with huge peaks in the number of targets and variations in the government departments that it targeted.
Security Affairs
Experts detailed Microsoft Outlook flaw that can leak NTLM v2 hashed passwords
A flaw in Microsoft Outlook can be exploited to access NTLM v2 hashed passwords by tricking users into opening a specially crafted file.
The Hacker News
Researchers Uncover How Outlook Vulnerability Could Leak Your NTLM Passwords
Hackers can remotely steal your Windows login NTLM passwords through a vulnerability in Outlook's calendar feature.
SecurityWeek
New NTLM Hash Leak Attacks Target Outlook, Windows Programs
Varonis finds one vulnerability and three attack methods that can be used to obtain NTLM hashes via Outlook and two Windows programs.
SC Magazine
Accepting a calendar invite in Outlook could leak your password
Three Microsoft applications can leak hashed passwords in just one or two clicks, researchers say.
Computerworld
For Patch Tuesday, 48 updates, no zero-day flaws
Microsoft is easing its way into 2024 with a low-key update for Windows and its other apps and platforms.
The Hacker News
Alert: New Vulnerabilities Discovered in QNAP and Kyocera Device Manager
Kyocera and QNAP users, beware! High-severity vulnerabilities are lurking. Update now to prevent attacks.
CSO
Enterprises with Kyocera printers open to path traversal attacks
Path traversal attacks can be carried out using an input validation bug in the Kyocera device manager application.
Cyber Security News
Active Directory Kill Chain Attack & Defense - A Complete Guide & Tools
Here we are elaborating the tactics, techniques, and procedures (TTPs) attackers are leveraging to compromise active directory and guidance
Cyber Security News
New Windows Zero-click RCE Flaw Let Attackers Exploit Outlook Clients
It was recently reported by Microsoft that CVE-2023-23397, a critical Outlook vulnerability, is currently being exploited.
The Hacker News
Beware: Experts Reveal New Details on Zero-Click Outlook RCE Exploits
Attackers could achieve remote code execution on Outlook without any user interaction. Learn how these zero-click exploits were discovered and patched
Security Affairs
December 2023 Microsoft Patch Tuesday fixed 4 critical flaws
Microsoft Patch Tuesday security updates for December 2023 addressed 33 vulnerabilities in multiple products, including a zero-day.
DarkReading
Microsoft Gives Admins a Reprieve With Lighter-Than-Usual Patch Update
The company's final patch release for 2023 contained fixes for a total of just 36 vulnerabilities — none of which, for a change, were zero-days.
Krebs on Security
Microsoft Patch Tuesday, December 2023 Edition
The final Patch Tuesday of 2023 is upon us, with Microsoft Corp. today releasing fixes for a relatively small number of security holes in its Windows operating systems and other software. Even more unusual, there are no known "zero-day" threats…
Cyber Security News
Russian Hackers Exploiting Outlook Zero-day to Attack NATO Member Countries
Using a zero-day exploit in Microsoft Outlook (CVE-2023-23397), Fighting Ursa Aka APT28 targets at least 30 companies across 14 countries.
DarkReading
Russian Espionage Group Hammers Zero-Click Microsoft Outlook Bug
State-sponsored actors continue to exploit CVE-2023-23397, a dangerous no-interaction vulnerability in Microsoft's Outlook email client that was patched in March, in a widespread global campaign.
Cyber Security News
Russian Hackers Actively Exploiting Outlook Privilege Escalation Vulnerability
Hackers target and exploit Outlook vulnerabilities because it is a widely used email platform, providing a large potential victim pool.
CyberNews
Russian state-sponsored hackers exploiting Outlook vulnerability, Microsoft warns
Microsoft is urging Outlook users to patch and update their systems to mitigate a new threat from Russia.
Bleeping Computer
Russian hackers exploiting Outlook bug to hijack Exchange accounts
Microsoft's Threat Intelligence team issued a warning earlier today about the Russian state-sponsored actor APT28 (aka "Fancybear" or "Strontium") actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts and steal sensitive information.
The Hacker News
Hackers Can Exploit 'Forced Authentication' to Steal Windows NTLM Tokens
A vulnerability in Microsoft Access that could be exploited to leak a Windows user’s NTLM tokens.
Cyber Security News
Hackers using Weaponized Office Document to Exploit Windows Search RCE
A new attack chain campaign has been discovered which involves the exploitation of CVE-2023-36884 and CVE-2023-36584. CVE-2023-36884.
The Hacker News
Product Walkthrough: Silverfort's Unified Identity Protection Platform
Silverfort's Unified Identity Protection Platform: A game-changer in cybersecurity. Discover how it protects organizations from identity-based attacks
Cyber Security News
Hackers Exploit Microsoft Access Feature to Steal Windows User’s NTLM Tokens
Microsoft Access is a relational database management system which is developed by Microsoft that allows users to store and manage data.
Bleeping Computer
Microsoft drops SMB1 firewall rules in new Windows 11 build
Windows 11 will no longer add SMB1 Windows Defender Firewall rules when creating new SMB shares starting with today's Canary Channel Insider Preview Build 25992 build.
Infosecurity News
Veeam Patches Two Critical Bugs in Veeam ONE
Two flaws have near-maximum CVSS scores
The Hacker News
Critical Flaws Discovered in Veeam ONE IT Monitoring Software – Patch Now
Veeam ONE faces security crisis! Four vulnerabilities exposed. Learn how to protect your IT monitoring and analytics platform now.
Bleeping Computer
Veeam warns of critical bugs in Veeam ONE monitoring platform
Veeam released hotfixes today to address four vulnerabilities in the company's Veeam ONE IT infrastructure monitoring and analytics platform, two of them critical.
SecurityWeek
Microsoft Temporarily Disables SketchUp Support After Discovery of 117 Vulnerabilities
Zscaler identified 117 vulnerabilities in Microsoft 365’s support for SketchUp files and bypassed initial patches.
Bleeping Computer
Windows 11 to let admins mandate SMB encryption for outbound connections
Windows 11 will let admins mandate SMB client encryption for all outbound connections, starting with today's Windows 11 Insider Preview Build 25982 rolling out to Insiders in the Canary Channel.
Bleeping Computer
MATA malware framework exploits EDR in attacks on defense firms
An updated version of the MATA backdoor framework was spotted in attacks between August 2022 and May 2023, targeting oil and gas firms and the defense industry in Eastern Europe.
SecurityWeek
Microsoft Improving Windows Authentication, Disabling NTLM
Microsoft is adding new features to the Kerberos protocol, to eliminate the use of NTLM for Windows authentication.
The Hacker News
Microsoft to Phase Out NTLM in Favor of Kerberos for Stronger Authentication
Microsoft plans to phase out the '90s NT LAN Manager (NTLM) in favor of a stronger focus on Kerberos for authentication in Windows 11.
Bleeping Computer
Microsoft plans to kill off NTLM authentication in Windows 11
Microsoft announced earlier this week that the NTLM authentication protocol will be killed off in Windows 11 in the future.
Latest Hacking News
Microsoft October Patch Tuesday Fixes 100+ Flaws, Including Zero-Days
With October Patch Tuesday, Microsoft fixed 104 security vulnerabilities across different products, including three zero-day flaws. While Microsoft ensures automatic roll-out of the updates to all eligible devices, users must still check their systems for
The Record
CISA plans to share more information on ransomware actors in its exploited vulnerability alerts
The U.S.’s top cybersecurity agency said it plans to add a section dedicated to ransomware gangs to its list of vulnerabilities being exploited by hackers.
Infosecurity News
October Patch Tuesday Addresses Three Zero-Days
Microsoft issues updates for over 100 flaws
The Hacker News
Microsoft Releases October 2023 Patches for 103 Flaws, Including 2 Active Exploits
Microsoft's October 2023 Patch Tuesday: 103 new vulnerabilities addressed, including 2 zero-days and 13 critical ones.
DarkReading
Microsoft Patch Tuesday Haunted by Zero-Days, Wormable Bug
October's CVE update is here. Here's which security vulnerabilities to patch now to exorcise your Microsoft systems demons.
SecurityWeek
Microsoft Fixes Exploited Zero-Days in WordPad, Skype for Business
Microsoft patches more than 100 vulnerabilities across the Windows ecosystem and warned that three are already being exploited in the wild.
Bleeping Computer
Microsoft October 2023 Patch Tuesday fixes 3 zero-days, 104 flaws
Today is Microsoft's October 2023 Patch Tuesday, with security updates for 104 flaws, including three actively exploited zero-day vulnerabilities.
Cyber Security News
Exim SMTP Service Zero-day Flaw Let Attackers Execute Remote Code
Six new zero-day vulnerabilities in Exim Message Transfer Agent have been reported as part of the Zero-Day initiative.
Bleeping Computer
Exim patches three of six zero-day bugs disclosed last week
Exim developers have released patches for three of the zero-days disclosed last week through Trend Micro's Zero Day Initiative (ZDI), one of them allowing unauthenticated attackers to gain remote code execution.
SecurityWeek
Silverfort Open Sources Lateral Movement Detection Tool
Silverfort has released the source code for its lateral movement detection tool LATMA, to help identify and analyze intrusions.
Loading more articles....