April 24, 2024 at 04:12PM Proof-of-concept exploit code for a critical security vulnerability in Progress Flowmon, used by over 1,500 companies worldwide, including SEGA and Volkswagen, has been released. The flaw, with severity score of 10/10, allows remote unauthenticated access and arbitrary command execution. Progress Software urged all system admins to update to versions 12.3.4 … Read more
April 2, 2024 at 07:08PM UNAPIMON meticulously disables hooks in Windows APIs to prevent the detection of malicious processes. Based on the meeting notes provided, it seems that UNAPIMON operates by systematically disabling hooks in Windows APIs that are used for identifying potentially harmful processes. This implies that UNAPIMON is designed to disrupt traditional methods … Read more
March 15, 2024 at 05:14PM The new GhostRace exploit, similar to Spectre, allows attackers to access sensitive information from system memory and perform malicious actions. Based on the meeting notes, it seems that the discussion was about the new GhostRace exploit, which, similar to Spectre, poses a threat by allowing attackers to access sensitive information … Read more
February 1, 2024 at 10:42AM Free unofficial patches are available for the Windows zero-day flaw, EventLogCrasher, impacting all versions from Windows 7 to Windows 11 and server editions. The vulnerability allows attackers to remotely crash the Event Log service, impacting Security Information and Event Management systems. 0patch has launched micropatches for affected systems until an … Read more
December 18, 2023 at 03:52PM Four vulnerabilities, including a critical one, were found in the Perforce Helix Core Server, a widely used source code management platform. Discovered by Microsoft analysts, flaws included denial of service issues and remote code execution by unauthenticated attackers. Users are urged to upgrade to version 2023.1/2513900 to mitigate risk and … Read more