Collaborate Disseminate
Microsoft Corp. warned Tuesday that attackers are exploiting a previously unknown vulnerability in Windows 10 and many Windows Server versions to seize control over PCs when users open a malicious document or visit a booby-trapped website. There is currently no official patch for the flaw, but Microsoft has released recommendations for mitigating the threat. Continue reading Microsoft: Attackers Exploiting Windows Zero-Day Flaw
The LPE bug could allow an attacker to install programs; view, change, or delete data; or create new accounts with full user rights. Continue reading Windows Zero-Day Still Circulating After Faulty Fix
SandboxEscaper has released her latest local privilege-escalation exploit for Windows. Continue reading Windows Zero-Day Drops on Twitter, Developer Promises 4 More
These stealthy downloaders initially infect systems and then only install additional malware on systems of interest. Continue reading Bad Actors Sizing Up Systems Via Lightweight Recon Malware
Microsoft has said it will not patch a two-decade-old Windows SMB vulnerability, called SMBloris because it behaves comparably to the Slowloris attacks. The flaw will be disclosed and demonstrated during DEF CON. Continue reading Windows SMB Zero Day to Be Disclosed During DEF CON
The latest ShadowBrokers dump includes exploits that allowed the NSA to target SWIFT data managed by outsourced service bureaus in the Middle East. Continue reading ShadowBrokers Expose NSA Access to SWIFT Service Bureaus