Login
Karakurt, a particularly nasty extortion gang that uses "extensive harassment" to pressure victims into handing over millions of dollars in ransom payments after compromising their IT infrastructure, pose a "significant challenge" for network defenders, we're told.β¦
Sponsored Post Whether you are considering a career in cyber security or you already work in the industry, the 2023 SANS Holiday Hack Challenge is a great way of combining festive fun and learning. Who knows, the skills you acquire this holiday season might even help you foil a nefarious hacker at Yuletide next year.β¦
Webinar In China, clouds are a symbol of luck. See multiple layering of clouds in a blue sky can mean you are in line to receive eternal happiness.β¦
Close to a million records containing personally identifiable information belonging to donors that sent money to non-profits were found exposed in an online database.β¦
Sponsored Feature Most experts agree cybersecurity is now so complex that managing it has become a security problem in itself.β¦
Cybercrime gangs like the notorious Lazarus group and spyware vendors like Israel's NSO should be considered cyber mercenaries β and become the subject of a concerted international response β according to a Monday report from Delhi-based think tank Observer Research Foundation (ORF).β¦
It's the last Patch Tuesday of 2023, which calls for celebration βΒ just as soon as you update Windows, Adobe, Google, Cisco, FortiGuard, SAP, VMware, Atlassian and Apple products, of course.β¦
The final Patch Tuesday of 2023 is upon us, with Microsoft Corp. today releasing fixes for a relatively small number of security holes in its Windows operating systems and other software. Even more unusual, there are no known βzero-dayβ threats targeting any of the vulnerabilities in Decemberβs patch batch. Still, four of the updates pushed out today address βcriticalβ vulnerabilities that Microsoft says can be exploited by malware or malcontents to seize complete control over a vulnerable Windows device with little or no help from users.
Among the critical bugs quashed this month is CVE-2023-35628, a weakness present in Windows 10 and later versions, as well as Microsoft Server 2008 and later. Kevin Breen, senior director of threat research at Immersive Labs, said the flaw affects MSHTML, a core component of Windows that is used to render browser-based content. Breen notes that MSHTML also can be found in a number of Microsoft applications, including Office, Outlook, Skype and Teams.
βIn the worst-case scenario, Microsoft suggests that simply receiving an email would be enough to trigger the vulnerability and give an attacker code execution on the target machine without any user interaction like opening or interacting with the contents,β Breen said.
Another critical flaw that probably deserves priority patching is CVE-2023-35641, a remote code execution weakness in a built-in Windows feature called the Internet Connection Sharing (ICS) service that lets multiple devices share an Internet connection. While CVE-2023-35641 earned a high vulnerability severity score (a CVSS rating of 8.8), the threat from this flaw may be limited somewhat because an attacker would need to be on the same network as the target. Also, while ICS is present in all versions of Windows since Windows 7, it is not on by default (although some applications may turn it on).
Satnam Narang, senior staff research engineer at Tenable, notes that a number of the non-critical patches released today were identified by Microsoft as βmore likely to be exploited.β For example, CVE-2023-35636, which Microsoft says is an information disclosure vulnerability in Outlook. An attacker could exploit this flaw by convincing a potential victim to open a specially crafted file delivered via email or hosted on a malicious website.
Narang said what makes this one stand out is that exploitation of this flaw would lead to the disclosure of NTLM hashes, which could be leveraged as part of an NTLM relay or βpass the hashβ attack, which lets an attacker masquerade as a legitimate user without ever having to log in.
βIt is reminiscent of CVE-2023-23397, an elevation of privilege vulnerability in Microsoft Outlook that was exploited in the wild as a zero day and patched in the March 2023 Patch Tuesday release,β Narang said. βHowever, unlike CVE-2023-23397, CVE-2023-35636 is not exploitable via Microsoftβs Preview Pane, which lowers the severity of this flaw.β
As usual, the SANS Internet Storm Center has a good roundup on all of the patches released today and indexed by severity. Windows users, please consider backing up your data and/or imaging your system before applying any updates. And feel free to sound off in the comments if you experience any difficulties as a result of these patches.
An ex-First Republic Bank cloud engineer was sentenced to two years in prison for causing more than $220,000 in damage to his former employer's computer network after allegedly using his company-issued laptop to watch pornography.β¦
There was only one US Air National Guardsman behind the leak of top-secret US military documents on Discord, but his chain of command bears some responsibility for letting it happen on their watch.β¦
An official review of the Police Service of Northern Ireland's (PSNI) August data breach has revealed the full extent of the impact on staff.β¦
BlackBerry has decided its plan to split into two separate companies is not a good idea and will instead reorganize itself into two independent divisions.β¦
Hundreds of suspected people smugglers have been arrested, and 163 potential victims rescued from servitude, as part of an Interpol-coordinated operation dubbed "Turquesa V" that targeted cyber criminals who lure workers into servitude to carry out their scams.β¦
FreshRSS 