December 6, 2024 at 06:47PM Acros Security has identified an unpatched NTLM vulnerability in Windows 7 and later versions, allowing potential theft of user credentials through malicious files. Acros plans to release a free micropatch while awaiting Microsoft’s response. The vulnerability affects a wide range of Windows systems, prompting concerns about security amid upcoming OS … Read more
December 6, 2024 at 11:37AM A new zero-day vulnerability allows attackers to capture NTLM credentials via malicious files in Windows Explorer, affecting all Windows versions from 7 to 11. Discovered by 0patch, the flaw lacks an official fix from Microsoft. 0patch will provide a free micropatch while users can also disable NTLM authentication. ### Meeting … Read more
November 14, 2024 at 06:47AM A new zero-day vulnerability in Windows has been exploited by Russia, allowing execution through file deletion, drag-and-drop actions, or right-click commands. **Meeting Takeaways:** 1. **Zero-Day Vulnerability**: A new zero-day vulnerability in Windows has been identified. 2. **Exploit Execution**: – The exploit can be executed through specific user actions, including: – … Read more
October 29, 2024 at 06:05PM A recently reported 0-day vulnerability affects all Windows versions from 7 to 11, allowing attackers to capture NTLM authentication hashes via authentication coercion attacks. Discovered by ACROS Security while addressing another vulnerability, the flaw requires user interaction and could be exploited through manipulated Windows themes. Microsoft is aware and may … Read more
October 22, 2024 at 01:33PM Public exploit code has been released for CVE-2024-43532, a vulnerability in Microsoft’s Remote Registry client that may allow attackers to downgrade authentication security. It affects Windows server versions from 2008 to 2022 and Windows 10/11, enabling potential domain takeover through NTLM authentication relay attacks. A fix has been issued. ### … Read more
October 14, 2024 at 09:15AM Iran-linked APT OilRig has escalated its cyber activities targeting the United Arab Emirates and the Gulf region, exploiting recent vulnerabilities in the Windows kernel, according to a report by SecurityWeek. **Meeting Takeaways:** 1. **APT OilRig Activity**: The threat actor group OilRig, linked to Iran, has increased its cyber operations targeting … Read more
September 27, 2024 at 03:44PM Researchers have identified a medium-severity vulnerability in Windows, labeled as CVE-2024-6769, which could enable an authenticated attacker to gain full system privileges. Fortra’s proof-of-concept exploit showcases the capability to shut down the system and manipulate critical files, despite Microsoft’s stance that it falls under acceptable security boundaries. The vulnerability allows … Read more
September 16, 2024 at 06:11PM Microsoft disclosed a zero-day vulnerability, CVE-2024-43461, in its legacy MSHTML browser engine affecting all supported Windows versions. Remote attackers can exploit it to execute arbitrary code, requiring a victim to visit a malicious site. This flaw, part of an attack chain with CVE-2024-38112, was exploited by the “Void Banshee” group. … Read more
September 16, 2024 at 07:39AM Microsoft identified and addressed a high-severity CVE-2024-43461 security flaw through September 2024 updates, following its exploitation as a zero-day in Internet Explorer. This spoofing bug in MSHTML can execute arbitrary code when a user interacts with a malicious page or file. It was part of an attack chain exploited by … Read more
September 10, 2024 at 02:15PM Microsoft has resolved a zero-day exploit in Windows Smart App Control and SmartScreen, labeled as CVE-2024-38217, that threat actors have been exploiting since at least 2018. The vulnerability allowed them to bypass security features and launch untrusted files. Elastic Security Labs has detected and reported the flaw, and Microsoft is … Read more