Help Net Security newsletters: Daily and weekly news, cybersecurity jobs, open source – subscribe here!

Please turn on your JavaScript for this page to function normally.
Apple Windows
Vulnerabilities in Microsoft macOS apps may give attackers access to microphone, camera

Vulnerabilities in popular Microsoft apps for macOS can be abused by attackers to record video and audio clips, take pictures, access and exfiltrate data and send emails, …

black hat
Observations from Black Hat USA 2024, BSidesLV, and DEF CON 32

I recently spent six days in Las Vegas attending DEF CON, BsidesLV, and Black Hat USA 2024, where I had the opportunity to engage with and learn from some of the top security …

Patch Tuesday
Microsoft fixes 6 zero-days under active attack

August 2024 Patch Tuesday is here, and Microsoft has delivered fixes for 90 vulnerabilities, six of which have been exploited in the wild as zero-days, and four are publicly …

patch tuesday
August 2024 Patch Tuesday forecast: Looking for a calm August release

August 2024 Patch Tuesday is now live: Microsoft fixes 6 zero-days under active attack July ended up being more ‘exciting’ than many of us wanted; we’re supposed to be in the …

Crowdstrike
CrowdStrike engages external experts, details causes of massive outage

CrowdStrike has published a technical root cause analysis of what went wrong when a content update pushed to its Falcon sensors borked over 8.5 million Windows machines around …

Windows
Researchers unearth MotW bypass technique used by threat actors for years

Threat actors have been abusing a bug in how Windows handles LNK files with non-standard target paths and internal structures to prevent in-built protections from stopping …

Microsoft Azure
Microsoft: DDoS defense error amplified attack on Azure, leading to outage

A DDoS attack that started on Tuesday has made a number of Microsoft Azure and Microsoft 365 services temporarily inaccessible, the company has confirmed. Microsoft’s …

VMware
VMware ESXi auth bypass zero-day exploited by ransomware operators (CVE-2024-37085)

Ransomware operators have been leveraging CVE-2024-37085, an authentication bypass vulnerability affecting Active Directory domain-joined VMware ESXi hypervisors, to gain full …

Crowdstrike
Some good may come out of the CrowdStrike outage

Estimated financial losses due to the recent massive IT outage triggered by the faulty CrowdStrike update are counted in billions, but the unfortunate incident is having …

Crowdstrike
CrowdStrike blames buggy testing software for disastrous update

A bug in the Content Validator – a software element CrowdStrike relies on for testing and validating Rapid Response Content updates for its Falcon Sensors – is …

Microsoft Crowdstrike
Microsoft releases tool to speed up recovery of systems borked by CrowdStrike update

By now, most people are aware of – or have been personally affected by – the largest IT outage the world have ever witnessed, courtesy of a defective update for …

Patch Tuesday
Microsoft fixes two zero-days exploited by attackers (CVE-2024-38080, CVE-2024-38112)

For July 2024 Patch Tuesday, Microsoft has released security updates and patches that fix 142 CVEs, including two exploited zero-days (CVE-2024-38080, CVE-2024-38112) in …

Don't miss

Cybersecurity news