exploits – Page 5 – Experimental News Clipping Site

The Register: Micropatchers share 1-instruction fix for NTLM hash leak flaw in Windows 7+

Dec 6, 2024

—

by

Source URL: https://www.theregister.com/2024/12/06/opatch_zeroday_microsoft/ Source: The Register Title: Micropatchers share 1-instruction fix for NTLM hash leak flaw in Windows 7+ Feedly Summary: Microsoft’s OS sure loves throwing your creds at remote systems Acros Security claims to have found an unpatched bug in Microsoft Windows 7 and onward that can be exploited to steal users’ OS account…

CSA: AI-Enhanced Penetration Testing: Redefining Red Teams

Dec 6, 2024

—

by

system automation

in Uncategorized

Source URL: https://cloudsecurityalliance.org/blog/2024/12/06/ai-enhanced-penetration-testing-redefining-red-team-operations Source: CSA Title: AI-Enhanced Penetration Testing: Redefining Red Teams Feedly Summary: AI Summary and Description: Yes Summary: The text discusses the transformative role of Artificial Intelligence (AI) in enhancing penetration testing practices within cybersecurity. It highlights how AI addresses the limitations of traditional methods, offering speed, scalability, and advanced detection of vulnerabilities.…

The Register: PoC exploit chains Mitel MiCollab 0-day, auth-bypass bug to access sensitive files

Dec 6, 2024

—

by

system automation

in Uncategorized

Source URL: https://www.theregister.com/2024/12/06/mitel_micollab_0day/ Source: The Register Title: PoC exploit chains Mitel MiCollab 0-day, auth-bypass bug to access sensitive files Feedly Summary: Still unpatched 100+ days later, watchTowr says A zero-day arbitrary file read vulnerability in Mitel MiCollab can be chained with a now-patched critical bug in the same platform to give attackers access to sensitive…

Cloud Blog: Bridging the Gap: Elevating Red Team Assessments with Application Security Testing

Dec 5, 2024

—

by

system automation

in Uncategorized

Source URL: https://cloud.google.com/blog/topics/threat-intelligence/red-team-application-security-testing/ Source: Cloud Blog Title: Bridging the Gap: Elevating Red Team Assessments with Application Security Testing Feedly Summary: Written by: Ilyass El Hadi, Louis Dion-Marcil, Charles Prevost Executive Summary Whether through a comprehensive Red Team engagement or a targeted external assessment, incorporating application security (AppSec) expertise enables organizations to better simulate the tactics and…

The Register: T-Mobile US CSO: Spies jumped from one telco to another in a way ‘I’ve not seen in my career’

Dec 5, 2024

—

by

system automation

in Uncategorized

Source URL: https://www.theregister.com/2024/12/05/tmobile_cso_telecom_attack/ Source: The Register Title: T-Mobile US CSO: Spies jumped from one telco to another in a way ‘I’ve not seen in my career’ Feedly Summary: Security chief talks to El Reg as Feds urge everyone to use encrypted chat interview While Chinese-government-backed spies maintained access to US telecommunications providers’ networks for months…

Embrace The Red: DeepSeek AI: From Prompt Injection To Account Takeover

Nov 29, 2024

—

by

system automation

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2024/deepseek-ai-prompt-injection-to-xss-and-account-takeover/ Source: Embrace The Red Title: DeepSeek AI: From Prompt Injection To Account Takeover Feedly Summary: About two weeks ago, DeepSeek released a new AI reasoning model, DeepSeek-R1-Lite. The news quickly gained attention and interest across the AI community due to the reasoning capabilities the Chinese lab announced. However, whenever there is a…

The Register: Zabbix urges upgrades after critical SQL injection bug disclosure

Nov 29, 2024

—

by

system automation

in Uncategorized

Source URL: https://www.theregister.com/2024/11/29/zabbix_urges_upgrades_after_critical/ Source: The Register Title: Zabbix urges upgrades after critical SQL injection bug disclosure Feedly Summary: US agencies blasted ‘unforgivable’ SQLi flaws earlier this year Open-source enterprise network and application monitoring provider Zabbix is warning customers of a new critical vulnerability that could lead to full system compromise.… AI Summary and Description: Yes…

Microsoft Security Blog: Microsoft shares latest intelligence on North Korean and Chinese threat actors at CYBERWARCON

Nov 28, 2024

—

by

system automation

in Uncategorized

Source URL: https://www.microsoft.com/en-us/security/blog/2024/11/22/microsoft-shares-latest-intelligence-on-north-korean-and-chinese-threat-actors-at-cyberwarcon/ Source: Microsoft Security Blog Title: Microsoft shares latest intelligence on North Korean and Chinese threat actors at CYBERWARCON Feedly Summary: At CYBERWARCON 2024, Microsoft Threat Intelligence analysts will share research and insights on North Korean and Chinese threat actors representing years of threat actor tracking, infrastructure monitoring and disruption, and their attack…

The Register: The only thing worse than being fired is scammers fooling you into thinking you’re fired

Nov 28, 2024

—

by

system automation

in Uncategorized

Source URL: https://www.theregister.com/2024/11/28/fired_phishing_campaign_cloudflare/ Source: The Register Title: The only thing worse than being fired is scammers fooling you into thinking you’re fired Feedly Summary: Scumbags play on victims’ worst fears in phishing campaign referencing UK Employment Tribunal A current phishing campaign scares recipients into believing they’ve been sacked, when in reality they’ve been hacked –…

Hacker News: RomCom exploits Firefox and Windows zero days in the wild

Nov 28, 2024

—

by

system automation

in Uncategorized

Source URL: https://www.welivesecurity.com/en/eset-research/romcom-exploits-firefox-and-windows-zero-days-in-the-wild/ Source: Hacker News Title: RomCom exploits Firefox and Windows zero days in the wild Feedly Summary: Comments AI Summary and Description: Yes Summary: The text provides a detailed analysis of critical zero-day vulnerabilities discovered in Mozilla products, specifically Firefox, Thunderbird, and the Tor Browser, which are being exploited by a Russia-aligned cyber…

Tag: exploits