Please turn on your JavaScript for this page to function normally.
Microsoft Windows
“Perfect” Windows downgrade attack turns fixed vulnerabilities into zero-days

A researcher has developed a downgrade attack that can make Windows machines covertly, persistently and irreversibly vulnerable, even if they were fully patched before that. A …

Windows
Researchers unearth MotW bypass technique used by threat actors for years

Threat actors have been abusing a bug in how Windows handles LNK files with non-standard target paths and internal structures to prevent in-built protections from stopping …

Crowdstrike
Some good may come out of the CrowdStrike outage

Estimated financial losses due to the recent massive IT outage triggered by the faulty CrowdStrike update are counted in billions, but the unfortunate incident is having …

Microsoft Crowdstrike
Microsoft releases tool to speed up recovery of systems borked by CrowdStrike update

By now, most people are aware of – or have been personally affected by – the largest IT outage the world have ever witnessed, courtesy of a defective update for …

Crowdstrike
Update: Worldwide IT outage due to buggy Crowdstrike sensor configuration update

The world is 16+ hours into what looks like the biggest IT outage in history, triggered by a defective update for Crowdstrike endpoint security software for Windows machines. …

Crowdstrike
Faulty CrowdStrike update takes out Windows machines worldwide

A more recent update on the situation (July 19, 2024, 12:42 ET) Hundreds of thousands and possibly millions of Windows computers and servers worldwide have been made …

Microsoft
Void Banshee APT exploited “lingering Windows relic” in zero-day attacks

The zero-day exploit used to leverage CVE-2024-38112, a recently patched Windows MSHTML vulnerability, was wielded by an APT group dubbed Void Banshee to deliver malware to …

Patch Tuesday
Microsoft fixes two zero-days exploited by attackers (CVE-2024-38080, CVE-2024-38112)

For July 2024 Patch Tuesday, Microsoft has released security updates and patches that fix 142 CVEs, including two exploited zero-days (CVE-2024-38080, CVE-2024-38112) in …

malware
Clever macOS malware delivery campaign targets cryptocurrency users

Cryptocurrency users are being targeted with legitimate-looking but fake apps that deliver information-stealing malware instead, Recorded Future’s researchers are …

Microsoft Recall
Microsoft delays Windows Recall rollout, more security testing needed

Microsoft is delaying the release of Recall, a controversial Windows 11 feature that will allow users to search their computer for specific content that has previously been …

PHP
PHP command injection flaw exploited to deliver ransomware (CVE-2024-4577)

An OS command injection vulnerability in Windows-based PHP (CVE-2024-4577) in CGI mode is being exploited by the TellYouThePass ransomware gang. Imperva says the attacks …

Microsoft Recall
Windows Recall will be opt-in and the data more secure, Microsoft says

The insistent public complaints and proof-of-concept tools have have borne fruit: Microsoft has realized that the security of its recently previewed Windows Recall feature …

Don't miss

Cybersecurity news