Recent Security News
-
New Reptar CPU flaw impacts Intel desktop and server systems
November 14, 2023 at 06:20PM Intel has fixed a high-severity CPU vulnerability that affects modern desktop, server, mobile, and embedded CPUs, including the latest microarchitectures. The flaw, known as CVE-2023-23583, allows attackers to escalate privileges, access sensitive information, or cause denial of service. Intel recommends updating affected processors with the latest microcode and provides mitigation…
-
Danish Energy Attacks Portend Targeting More Critical Infrastructure
November 14, 2023 at 05:49PM In May, Danish energy sector organizations were targeted in a series of attacks, possibly linked to the Russian Sandworm APT. Attackers exploited vulnerabilities in Zyxel firewall devices, including two zero-days, to gain access to industrial machinery and isolate some targets from the national grid. Cybercriminal groups are also increasingly targeting…
-
Microsoft Zero-Days Allow Defender Bypass, Privilege Escalation
November 14, 2023 at 05:49PM Microsoft released a November update with 63 bug fixes, including three actively exploited zero-day vulnerabilities. One of the bugs, CVE-2023-36036, allows attackers to acquire system-level privileges through Windows Cloud Files Mini Filter Driver. CVE-2023-36033 provides system-level access through the Windows DWM Core Library, and CVE-2023-36025 allows attackers to bypass Windows…
-
HARmor Cleans, Sanitizes, Encrypts HAR Files
November 14, 2023 at 04:51PM Frontegg has released an open source tool called HARmor to help secure HTTP Archive (HAR) files from unauthorized access. HAR files are commonly used by developers and support teams for debugging, performance analysis, and investigating security vulnerabilities of web applications. HAR files can contain sensitive data, making them potential targets…
-
VMWare discloses critical VCD Appliance auth bypass with no patch
November 14, 2023 at 04:47PM VMware has disclosed a critical authentication bypass vulnerability affecting Cloud Director appliance deployments. The vulnerability only affects certain versions of the appliance and can be exploited remotely without user interaction. While no patch is available, VMware has provided a temporary workaround that does not disrupt functionality or require downtime. After…