Warning — Two Unpatched Critical 0-Day RCE Flaws Affect All Windows Versions

Microsoft today issued a new security advisory warning billions of Windows users of two new critical, unpatched zero-day vulnerabilities that could let hackers remotely take complete control over targeted computers.

According to Microsoft, both unpatc… Continue reading Warning — Two Unpatched Critical 0-Day RCE Flaws Affect All Windows Versions

Microsoft Patch Tuesday busts ‘NSACrypt’ vulnerability in Windows OS

The Cybersecurity Advisory of the National Security Agency (NSA) has recently uncovered a critical Windows CryptoAPI Spoofing Vulnerability in Windows 10 operating systems. Dubbed NSACrypt, the security flaw found in the Crypt32.dll module enables remo… Continue reading Microsoft Patch Tuesday busts ‘NSACrypt’ vulnerability in Windows OS

Microsoft Patch Tuesday busts ‘NSACrypt’ vulnerability in Windows OS

The Cybersecurity Advisory of the National Security Agency (NSA) has recently uncovered a critical Windows CryptoAPI Spoofing Vulnerability in Windows 10 operating systems. Dubbed NSACrypt, the security flaw found in the Crypt32.dll module enables remo… Continue reading Microsoft Patch Tuesday busts ‘NSACrypt’ vulnerability in Windows OS

Why Most Organizations Still Can’t Defend against DCShadow – Part 2

In part 1 of this blog post, I talked about the threat that DCShadow poses to organizations that use Microsoft Active Directory (AD). Here in part 2, I’ll talk about steps you can take to protect your organization. (Quick recap: DCShadow is a fea… Continue reading Why Most Organizations Still Can’t Defend against DCShadow – Part 2

Google Discloses 20-Year-Old Unpatched Flaw Affecting All Versions of Windows

Update — With this month’s patch Tuesday updates, Microsoft has finally addressed this vulnerability, tracked as CVE-2019-1162, by correcting how the Windows operating system handles calls to Advanced Local Procedure Call (ALPC).

A Google security res… Continue reading Google Discloses 20-Year-Old Unpatched Flaw Affecting All Versions of Windows

Linux Botnet Adding BlueKeep-Flawed Windows RDP Servers to Its Target List

Cybersecurity researchers have discovered a new variant of WatchBog, a Linux-based cryptocurrency mining malware botnet, which now also includes a module to scan the Internet for Windows RDP servers vulnerable to the Bluekeep flaw.

BlueKeep is a highl… Continue reading Linux Botnet Adding BlueKeep-Flawed Windows RDP Servers to Its Target List

Why Most Organizations Still Can’t Defend against DCShadow

DCShadow is a readily available technique that allows an attacker to establish persistent privileged access in Active Directory (AD). Specifically, DCShadow allows an attacker with privileged access to create and edit arbitrary objects in AD without an… Continue reading Why Most Organizations Still Can’t Defend against DCShadow

Microsoft Releases July 2019 Security Updates, 2 Flaws Under Active Attack

Microsoft today released its monthly batch of software security updates for the July month to patch a total of 77 vulnerabilities, 14 are rated Critical, 62 are Important, and 1 is rated Moderate in severity.

The July 2019 security updates include pat… Continue reading Microsoft Releases July 2019 Security Updates, 2 Flaws Under Active Attack

NSA sounds the alarm on BlueKeep: Windows vulnerability opens the door for the next WannaCry

It’s been just over two years since WannaCry, the ransomware that exploited the EternalBlue vulnerability to infect hundreds of thousands of computers around the world and inflict an estimated $8B in damages. If history repeats itself, we’r… Continue reading NSA sounds the alarm on BlueKeep: Windows vulnerability opens the door for the next WannaCry