Experimental News Clipping Site

Tag: privilege escalation

  • Hacker News: Researchers have identified a total of 6 vulnerabilities in rsync

    by

    Kurt Seifried
    in

    Source URL: https://www.openwall.com/lists/oss-security/2025/01/14/3 Source: Hacker News Title: Researchers have identified a total of 6 vulnerabilities in rsync Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses multiple vulnerabilities identified in the rsync software, including a critical heap buffer overflow that allows arbitrary code execution with minimal access rights. This communication is especially…

  • The Register: Microsoft fixes under-attack privilege-escalation holes in Hyper-V

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/01/15/patch_tuesday_january_2025/ Source: The Register Title: Microsoft fixes under-attack privilege-escalation holes in Hyper-V Feedly Summary: Plus: Excel hell, angst for Adobe fans, and life’s too Snort for Cisco Patch Tuesday The first Patch Tuesday of 2025 has seen Microsoft address three under-attack privilege-escalation flaws in its Hyper-V hypervisor, plus plenty more problems that deserve…

  • Krebs on Security: Microsoft: Happy 2025. Here’s 161 Security Updates

    by

    Kurt Seifried
    in

    Source URL: https://krebsonsecurity.com/2025/01/microsoft-happy-2025-heres-161-security-updates/ Source: Krebs on Security Title: Microsoft: Happy 2025. Here’s 161 Security Updates Feedly Summary: Microsoft today unleashed updates to plug a whopping 161 security vulnerabilities in Windows and related software, including three “zero-day" weaknesses that are already under active attack. Redmond’s inaugural Patch Tuesday of 2025 bundles more fixes than the company…

  • Cisco Talos Blog: Microsoft Patch Tuesday for January 2025 — Snort rules and prominent vulnerabilities

    by

    Kurt Seifried
    in

    Source URL: https://blog.talosintelligence.com/january-patch-tuesday-release/ Source: Cisco Talos Blog Title: Microsoft Patch Tuesday for January 2025 — Snort rules and prominent vulnerabilities Feedly Summary: Microsoft has released its monthly security update for January of 2025 which includes 159 vulnerabilities, including 10 that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.”  AI Summary and…

  • The Register: Cryptojacking, backdoors abound as attackers abuse Aviatrix Controller bug

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/01/13/severe_aviatrix_controller_vulnerability/ Source: The Register Title: Cryptojacking, backdoors abound as attackers abuse Aviatrix Controller bug Feedly Summary: This is what happens when you publish PoCs immediately “Several cloud deployments" are already compromised following the disclosure of the maximum-severity vulnerability in Aviatrix Controller, researchers say.… AI Summary and Description: Yes Summary: The text discusses a…

  • The Register: Zero-day exploits plague Ivanti Connect Secure appliances for second year running

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/01/09/zeroday_exploits_ivanti/ Source: The Register Title: Zero-day exploits plague Ivanti Connect Secure appliances for second year running Feedly Summary: Factory resets and apply patches is the advice amid fortnight delay for other appliances The cybersecurity industry is urging those in charge of defending their orgs to take mitigation efforts “seriously" as Ivanti battles two…

  • Cisco Talos Blog: Exploring vulnerable Windows drivers

    by

    system automation
    in

    Source URL: https://blog.talosintelligence.com/exploring-vulnerable-windows-drivers/ Source: Cisco Talos Blog Title: Exploring vulnerable Windows drivers Feedly Summary: This post is the result of research into the real-world application of the Bring Your Own Vulnerable Driver (BYOVD) technique along with Cisco Talos’ series of posts about  malicious Windows drivers. AI Summary and Description: Yes Summary: The text provides an…

  • Hacker News: The Qualcomm DSP Driver – Unexpectedly Excavating an Exploit

    by

    system automation
    in

    Source URL: https://googleprojectzero.blogspot.com/2024/12/qualcomm-dsp-driver-unexpectedly-excavating-exploit.html Source: Hacker News Title: The Qualcomm DSP Driver – Unexpectedly Excavating an Exploit Feedly Summary: Comments AI Summary and Description: Yes Summary: The text provides a detailed technical analysis of multiple security vulnerabilities discovered in the adsprpc driver utilized in Qualcomm chips. Highlighting vulnerabilities that have direct implications for the security of…

  • Cloud Blog: XRefer: The Gemini-Assisted Binary Navigator

    by

    system automation
    in

    Source URL: https://cloud.google.com/blog/topics/threat-intelligence/xrefer-gemini-assisted-binary-navigator/ Source: Cloud Blog Title: XRefer: The Gemini-Assisted Binary Navigator Feedly Summary: Written by: Muhammad Umair Here at Mandiant FLARE, malware reverse engineering is a regular part of our day jobs. At times we are required to perform basic triages on binaries, where every hour saved is critical to incident response timelines. At…

  • Hacker News: The report for the 2024 security audit of the Mullvad app is now available

    by

    system automation
    in

    Source URL: https://mullvad.net/en/blog/the-report-for-the-2024-security-audit-of-the-app-is-now-available Source: Hacker News Title: The report for the 2024 security audit of the Mullvad app is now available Feedly Summary: Comments AI Summary and Description: Yes Summary: The text details a comprehensive security audit conducted on the Mullvad VPN app, highlighting findings related to vulnerabilities, overall security posture, and remediation actions taken.…