Collaborate Disseminate
RARLAB has fixed a high-severity RCE vulnerability (CVE-2023-40477) in the popular file archiver tool WinRAR. About CVE-2023-40477 A widely used Windows-only utility, WinRAR can create and extract file archives in various compression formats (RAR, ZIP,… Continue reading WinRAR vulnerable to remote code execution, patch now! (CVE-2023-40477)
August 2023 Patch Tuesday is here; among the 76 CVE-numbered issues fixed by Microsoft this time around is a DoS vulnerability in .NET and Visual Studio (CVE-2023-38180) for which proof-of-exploit code exists. Other than the fact that a patch is availa… Continue reading August 2023 Patch Tuesday: Microsoft fixes critical bugs in Teams, MSMQ
Horizon3.ai researchers have published some details (but no PoC for now, thankfully!) about CVE-2023-39143, two vulnerabilities in PaperCut application servers that could be exploited by unauthenticated attackers to execute code remotely. But, they not… Continue reading PaperCut fixes bug that can lead to RCE, patch quickly! (CVE-2023-39143)
Trend Micro announced Trend Vision One – Endpoint Security, the latest offering in its next-generation cybersecurity platform, which unifies prevention, detection, and response for user endpoints, servers, cloud workloads, and data centers. This soluti… Continue reading Trend Vision One empowers organizations to safeguard their cloud workloads
Microsoft Corp. today released software updates to quash 130 security bugs in its Windows operating systems and related software, including at least five flaws that are already seeing active exploitation. Meanwhile, Apple customers have their own zero-day woes again this month: On Monday, Apple issued (and then quickly pulled) an emergency update to fix a zero-day vulnerability that is being exploited on MacOS and iOS devices. Continue reading Apple & Microsoft Patch Tuesday, July 2023 Edition
For July 2023 Patch Tuesday, Microsoft has delivered 130 patches; among them are four for vulnerabilites actively exploited by attackers, but no patch for CVE-2023-36884, an Office and Windows HTML RCE vulnerability exploited in targeted attacks aimed … Continue reading Microsoft patches four exploited zero-days, but lags with fixes for a fifth (CVE-2023-36884)
In April 2023, Australian law firm HWL Ebsworth was hit by a cyberattack that possibly resulted in data of hundreds of its clients and dozens of government agencies being compromised. The attack was claimed by the Russian-linked ALPHV/Blackcat ransomwa… Continue reading Law firms under cyberattack
For June 2023 Patch Tuesday, Microsoft has delivered 70 new patches but, for once, none of the fixed vulnerabilities are currently exploited by attackers nor were publicly known before today! Microsoft has previously fixed CVE-2023-3079, a type confusi… Continue reading June 2023 Patch Tuesday: Critical patches for Microsoft Windows, SharePoint, Exchange
Security leaders are recognizing that cloud and the way cloud security teams work today are becoming increasingly critical to business and IT operations, according to Trend Micro. As a result, cloud security and the foundational practices of their team… Continue reading Incorporating cloud security teams into the SOC enhances operational efficiencies
One of the most expensive aspects of any cybercriminal operation is the time and effort it takes to create large numbers of new throwaway email accounts. Now a new service offers to help dramatically cut costs associated with large-scale spam and account creation campaigns, by paying people to sell their email account credentials and letting customers temporarily rent access to a vast pool of established accounts at major providers. Continue reading Service Rents Email Addresses for Account Signups