Microsoft said it is developing security updates to address two loopholes that it said could be abused to stage downgrade attacks against the Windows update architecture and replace current versions of the Windows files with older versions.
The vulnerabilities are listed below –
CVE-2024-38202 (CVSS score: 7.3) – Windows Update Stack Elevation of Privilege Vulnerability
CVE-2024-21302 (CVSS
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-08 11:06:342024-08-08 11:06:34Windows Downgrade Attack Risks Exposing Patched Systems to Old Vulnerabilities
Cybersecurity researchers have discovered a novel phishing campaign that leverages Google Drawings and shortened links generated via WhatsApp to evade detection and trick users into clicking on bogus links designed to steal sensitive information.
“The attackers chose a group of the best-known websites in computing to craft the threat, including Google and WhatsApp to host the attack elements,
A security researcher at SafeBreach demonstrated at the Black Hat 2024 conference that two zero-day vulnerabilities can be exploited in downgrade attacks to revert fully updated Windows systems back to older versions, reintroducing vulnerabilities.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-08 11:06:332024-08-08 11:06:33Researcher Discovers Downgrade Attack Abusing Windows Update Process
Hacker Samy Kamkar is debuting his own open source version of a laser microphone—a spy tool that can invisibly pick up the sounds inside your home through a window, and even the text you’re typing.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-08 11:06:332024-08-08 11:06:33Watch How a Hacker’s Infrared Laser Can Spy on Your Laptop’s Keystrokes
Roundcube’s vulnerabilities (CVE-2024-42009, CVE-2024-42008) allow attackers to compromise email accounts easily. The two cross-site scripting flaws could lead to the theft of emails, contacts, and passwords, and the sending of unauthorized emails.
A flaw in Microsoft 365’s anti-phishing feature allows attackers to hide the ‘First Contact Safety Tip’ warning in Outlook emails using CSS, increasing the risk of users falling for malicious emails.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-08 10:06:332024-08-08 10:06:33Microsoft 365 Anti-Phishing Feature can be Bypassed with CSS
The Immersive Experience Happening This September in Las Vegas!In an era of relentless cybersecurity threats and rapid technological advancement, staying ahead of the curve is not just a necessity, but critical. SANS Institute, the premier global authority in cybersecurity training, is thrilled to announce Network Security 2024, a landmark event designed to empower cybersecurity professionals
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-08 09:08:062024-08-08 09:08:06Unlock the Future of Cybersecurity: Exclusive, Next Era AI Insights and Cutting-Edge Training at SANS Network Security 2024
The ransomware strain known as BlackSuit has demanded as much as $500 million in ransoms to date, with one individual ransom demand hitting $60 million.
That’s according to an updated advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI).
“BlackSuit actors have exhibited a willingness to negotiate payment amounts,” the
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-08 07:07:052024-08-08 07:07:05FBI and CISA Warn of BlackSuit Ransomware That Demands Up to $500 Million
A critical security flaw impacting Progress Software WhatsUp Gold is seeing active exploitation attempts, making it essential that users move quickly to apply the latest.
The vulnerability in question is CVE-2024-4885 (CVSS score: 9.8), an unauthenticated remote code execution bug impacting versions of the network monitoring application released before 2023.1.3.
“The
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-08 07:07:052024-08-08 07:07:05Critical Security Flaw in WhatsUp Gold Under Active Attack – Patch Now
BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
Windows Downgrade Attack Risks Exposing Patched Systems to Old Vulnerabilities
/in General NewsMicrosoft said it is developing security updates to address two loopholes that it said could be abused to stage downgrade attacks against the Windows update architecture and replace current versions of the Windows files with older versions.
The vulnerabilities are listed below –
CVE-2024-38202 (CVSS score: 7.3) – Windows Update Stack Elevation of Privilege Vulnerability
CVE-2024-21302 (CVSS
The Hacker News – Read More
New Phishing Scam Uses Google Drawings and WhatsApp Shortened Links
/in General NewsCybersecurity researchers have discovered a novel phishing campaign that leverages Google Drawings and shortened links generated via WhatsApp to evade detection and trick users into clicking on bogus links designed to steal sensitive information.
“The attackers chose a group of the best-known websites in computing to craft the threat, including Google and WhatsApp to host the attack elements,
The Hacker News – Read More
Researcher Discovers Downgrade Attack Abusing Windows Update Process
/in General NewsA security researcher at SafeBreach demonstrated at the Black Hat 2024 conference that two zero-day vulnerabilities can be exploited in downgrade attacks to revert fully updated Windows systems back to older versions, reintroducing vulnerabilities.
Cyware News – Latest Cyber News – Read More
Watch How a Hacker’s Infrared Laser Can Spy on Your Laptop’s Keystrokes
/in General NewsHacker Samy Kamkar is debuting his own open source version of a laser microphone—a spy tool that can invisibly pick up the sounds inside your home through a window, and even the text you’re typing.
Security Latest – Read More
Roundcube Flaws Allow Easy Email Account Compromise (CVE-2024-42009, CVE-2024-42008)
/in General NewsRoundcube’s vulnerabilities (CVE-2024-42009, CVE-2024-42008) allow attackers to compromise email accounts easily. The two cross-site scripting flaws could lead to the theft of emails, contacts, and passwords, and the sending of unauthorized emails.
Cyware News – Latest Cyber News – Read More
Microsoft 365 Anti-Phishing Feature can be Bypassed with CSS
/in General NewsA flaw in Microsoft 365’s anti-phishing feature allows attackers to hide the ‘First Contact Safety Tip’ warning in Outlook emails using CSS, increasing the risk of users falling for malicious emails.
Cyware News – Latest Cyber News – Read More
AWS Patches Vulnerabilities Potentially Allowing Account Takeovers
/in General NewsAWS has patched vulnerabilities in several products, including flaws that could have been exploited to take over accounts.
The post AWS Patches Vulnerabilities Potentially Allowing Account Takeovers appeared first on SecurityWeek.
SecurityWeek – Read More
Unlock the Future of Cybersecurity: Exclusive, Next Era AI Insights and Cutting-Edge Training at SANS Network Security 2024
/in General NewsThe Immersive Experience Happening This September in Las Vegas!In an era of relentless cybersecurity threats and rapid technological advancement, staying ahead of the curve is not just a necessity, but critical. SANS Institute, the premier global authority in cybersecurity training, is thrilled to announce Network Security 2024, a landmark event designed to empower cybersecurity professionals
The Hacker News – Read More
FBI and CISA Warn of BlackSuit Ransomware That Demands Up to $500 Million
/in General NewsThe ransomware strain known as BlackSuit has demanded as much as $500 million in ransoms to date, with one individual ransom demand hitting $60 million.
That’s according to an updated advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI).
“BlackSuit actors have exhibited a willingness to negotiate payment amounts,” the
The Hacker News – Read More
Critical Security Flaw in WhatsUp Gold Under Active Attack – Patch Now
/in General NewsA critical security flaw impacting Progress Software WhatsUp Gold is seeing active exploitation attempts, making it essential that users move quickly to apply the latest.
The vulnerability in question is CVE-2024-4885 (CVSS score: 9.8), an unauthenticated remote code execution bug impacting versions of the network monitoring application released before 2023.1.3.
“The
The Hacker News – Read More