North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware

October 16, 2024 at 07:45AM North Korean group ScarCruft exploited a zero-day vulnerability (CVE-2024-38178) in Windows to deploy RokRAT malware via a compromised advertising server. Users are tricked into clicking malicious links. This incident showcases ScarCruft’s evolving techniques, emphasizing the need for software updates to enhance security against such threats. ### Meeting Takeaways – October … Read more

About the security content of iTunes 12.13.3 for Windows – Apple Support

October 13, 2024 at 02:30PM Apple released updates for iTunes 12.13.3 for Windows on September 12, 2024, addressing two vulnerabilities: CVE-2024-44193, which involves logic issues allowing privilege escalation, and CVE-2024-44157, a stack buffer overflow affecting system stability when handling malicious video files. Updates are available for Windows 10 and later. ### Meeting Notes Summary **Apple … Read more

Microsoft Previews New Windows Feature to Limit Admin Privileges

October 10, 2024 at 03:24PM Microsoft’s new Administrator Protection feature in Windows aims to strengthen security by limiting local administrator privileges. It transforms privilege elevation into a “just-in-time” event, utilizing a temporary shadow account that disappears post-task, making it harder for attackers to exploit administrative access. This enhances overall system security and monitoring capabilities. ### … Read more

Microsoft issues 117 patches – some for flaws already under attack

October 8, 2024 at 07:40PM Patch Tuesday released 117 Microsoft patches, addressing serious vulnerabilities including CVE-2024-43572, a high-risk flaw allowing unauthorized code execution, and CVE-2024-43573, a moderate spoofing issue. Adobe and SAP also issued numerous updates, with notable concerns in BusinessObjects and Apache Log4j related to their respective vulnerabilities. ### Meeting Takeaways **Patch Tuesday Overview … Read more

Microsoft confirms IE bug squashed in Patch Tuesday was exploited zero-day

September 16, 2024 at 09:36PM Microsoft has confirmed that a recently patched Internet Explorer vulnerability, CVE-2024-43461, was exploited as a zero-day before it was fixed. The flaw allowed malicious actors to hide the true file-type extension of a downloaded file, enabling the execution of malicious code. This exploit was used by the Void Banshee gang … Read more

CISA warns of Windows flaw used in infostealer malware attacks

September 16, 2024 at 03:56PM CISA orders U.S. federal agencies to secure systems against a Windows MSHTML spoofing bug exploited by the Void Banshee APT group. The vulnerability (CVE-2024-43461) was exploited before being fixed, allowing attackers to execute code on unpatched Windows systems. The vulnerability has been added to CISA’s Known Exploited Vulnerabilities catalog, and … Read more

Microsoft Issues Patches for 79 Flaws, Including 3 Actively Exploited Windows Flaws

September 11, 2024 at 03:45AM Microsoft disclosed three new security flaws impacting the Windows platform, with 79 vulnerabilities addressed in the September 2024 Patch Tuesday update. Seven are rated Critical, 71 Important, and one Moderate. Exploited vulnerabilities include CVE-2024-38014, CVE-2024-38217, and CVE-2024-38226. Additional security updates were released by various vendors to address vulnerabilities. Based on … Read more

Windows 10 KB5043064 update released with 6 fixes, security updates

September 10, 2024 at 02:23PM Microsoft has released the KB5043064 cumulative update for Windows 10 22H2 and 21H2, including 6 fixes and security updates fixing 142 vulnerabilities. Users can install it manually or schedule an update time. It addresses various issues, including Bluetooth and BitLocker bugs. However, there are issues with account profile pictures and … Read more

Malicious npm Packages Mimicking ‘noblox.js’ Compromise Roblox Developers’ Systems

September 2, 2024 at 12:24AM Developers of Roblox are being targeted by a persistent campaign that uses fake npm packages to compromise systems, mimicking the popular ‘noblox.js’ library. Attackers employ brandjacking and starjacking to give a facade of legitimacy. Malicious packages steal data and deploy malware, with the end goal being to deploy Quasar RAT … Read more

PoC Exploit for Zero-Click Vulnerability Made Available to the Masses

August 27, 2024 at 05:06PM Security researcher “Ynwarcs” has disclosed a zero-click vulnerability in Windows TCP/IP, known as CVE-2024-38063, allowing remote code execution on systems with IPv6 enabled. The exploit affects Windows 10, 11, and Server, with an available proof-of-concept on GitHub. Users are urged to apply Microsoft’s latest security updates promptly. Meeting Notes Summary: … Read more