vulnerabilities – Page 11 – WindowsTechs.com

Approach to mainframe penetration testing on z/OS

Posted on August 20, 2024 by Denis Stepanov, Alexander Korotin

We explain how mainframes work, potential attack vectors, and what to focus on when pentesting such systems. Continue reading Approach to mainframe penetration testing on z/OS→

Cisco, Microsoft Disagree on Severity of macOS App Vulnerabilities

Posted on August 20, 2024 by Ionut Arghire

Multiple vulnerabilities in Microsoft applications for macOS could be exploited to send emails, leak sensitive information, and escalate privileges.
The post Cisco, Microsoft Disagree on Severity of macOS App Vulnerabilities appeared first on Security… Continue reading Cisco, Microsoft Disagree on Severity of macOS App Vulnerabilities →

How Exceptional CISOs Are Igniting the Security Fire in Their Development Team

Posted on August 20, 2024 by Matias Madou

For years, many CISOs have struggled to influence their development cohort on the importance of putting security first.
The post How Exceptional CISOs Are Igniting the Security Fire in Their Development Team appeared first on SecurityWeek.
Continue reading How Exceptional CISOs Are Igniting the Security Fire in Their Development Team→

F5 Patches High-Severity Vulnerabilities in BIG-IP, NGINX Plus

Posted on August 20, 2024 by Ionut Arghire

F5’s latest quarterly security notification includes nine advisories, including four for high-severity vulnerabilities in BIG-IP and NGINX Plus.
The post F5 Patches High-Severity Vulnerabilities in BIG-IP, NGINX Plus appeared first on SecurityWeek.
Continue reading F5 Patches High-Severity Vulnerabilities in BIG-IP, NGINX Plus→

New Windows IPv6 Zero-Click Vulnerability

Posted on August 16, 2024 by Bruce Schneier

The press is reporting a critical Windows vulnerability affecting IPv6.

As Microsoft explained in its Tuesday advisory, unauthenticated attackers can exploit the flaw remotely in low-complexity attacks by repeatedly sending IPv6 packets that include specially crafted packets.

Microsoft also shared its exploitability assessment for this critical vulnerability, tagging it with an “exploitation more likely” label, which means that threat actors could create exploit code to “consistently exploit the flaw in attacks.”

Details are being withheld at the moment. Microsoft strongly recommends …

Continue reading New Windows IPv6 Zero-Click Vulnerability→

SolarWinds Web Help Desk Vulnerability Possibly Exploited as Zero-Day

Posted on August 16, 2024 by Ionut Arghire

The US cybersecurity agency CISA warns that a recent SolarWinds Web Help Desk vulnerability has been exploited in the wild.
The post SolarWinds Web Help Desk Vulnerability Possibly Exploited as Zero-Day appeared first on SecurityWeek.
Continue reading SolarWinds Web Help Desk Vulnerability Possibly Exploited as Zero-Day→

Copy2Pwn Zero-Day Exploited to Bypass Windows Protections

Posted on August 16, 2024 by Eduard Kovacs

ZDI details a zero-day named Copy2Pwn and tracked as CVE-2024-38213, which cybercriminals exploited to bypass MotW protections in Windows.
The post Copy2Pwn Zero-Day Exploited to Bypass Windows Protections appeared first on SecurityWeek.
Continue reading Copy2Pwn Zero-Day Exploited to Bypass Windows Protections→

Zero-Click Exploit Concerns Drive Urgent Patching of Windows TCP/IP Flaw

Posted on August 15, 2024 by Ryan Naraine

Security experts are ratcheting up the urgency for Windows admins to patch a wormable, pre-auth remote code execution vulnerability in the Windows TCP/IP stack.
The post Zero-Click Exploit Concerns Drive Urgent Patching of Windows TCP/IP Flaw appeared … Continue reading Zero-Click Exploit Concerns Drive Urgent Patching of Windows TCP/IP Flaw→

GitHub Actions Artifacts Leak Tokens and Expose Cloud Services and Repositories

Posted on August 15, 2024 by Ionut Arghire

Misconfigurations and security bugs lead to GitHub Actions artifacts exposing tokens for third party cloud services and GitHub repositories.
The post GitHub Actions Artifacts Leak Tokens and Expose Cloud Services and Repositories appeared first on Secu… Continue reading GitHub Actions Artifacts Leak Tokens and Expose Cloud Services and Repositories→

Zero trust: How the ‘Jia Tan’ hack complicated open-source software

Posted on August 15, 2024 by Christian Vasquez

The volunteers that maintain open-source software have always been knocked around by the tech community. The Jia Tan hack made it all so much worse.

The post Zero trust: How the ‘Jia Tan’ hack complicated open-source software appeared first on CyberScoop.

Continue reading Zero trust: How the ‘Jia Tan’ hack complicated open-source software→