Tag Microsoft

Urgent: New Chrome 0-Day Vulnerability Under Active Exploitation – Update Your Browser Immediately!

On March 3, 2021, just a month after addressing an actively exploited zero-day flaw, Google has released updates for another critical vulnerability in Chrome, which is reportedly being targeted by attackers. The latest version, Chrome 89.0.4389.72, available for Windows, Mac, and Linux, includes a total of 47 security enhancements. The most severe issue addresses an “object lifecycle problem in audio,” tracked as CVE-2021-21166. This vulnerability was among two reported by Alison Huffman of Microsoft Browser Vulnerability Research on February 11. A separate audio-related object lifecycle flaw was reported to Google on February 4, coinciding with the launch of Chrome 88. Though details are limited, it’s unclear whether the two issues are interconnected. Google has confirmed the existence of exploits in the wild but hasn’t provided further specifics. Users are urged to update their browsers without delay.

New Chrome Zero-Day Vulnerability Under Active Exploitation—Update Your Browser Immediately March 3, 2021 In a critical update, Google has announced the release of patches for a newly identified zero-day vulnerability within its Chrome web browser, which is reportedly being actively targeted by attackers. This follows just a month after the…

Read More

Urgent: New Chrome 0-Day Vulnerability Under Active Exploitation – Update Your Browser Immediately!

On March 3, 2021, just a month after addressing an actively exploited zero-day flaw, Google has released updates for another critical vulnerability in Chrome, which is reportedly being targeted by attackers. The latest version, Chrome 89.0.4389.72, available for Windows, Mac, and Linux, includes a total of 47 security enhancements. The most severe issue addresses an “object lifecycle problem in audio,” tracked as CVE-2021-21166. This vulnerability was among two reported by Alison Huffman of Microsoft Browser Vulnerability Research on February 11. A separate audio-related object lifecycle flaw was reported to Google on February 4, coinciding with the launch of Chrome 88. Though details are limited, it’s unclear whether the two issues are interconnected. Google has confirmed the existence of exploits in the wild but hasn’t provided further specifics. Users are urged to update their browsers without delay.

URGENT: Four Actively Exploited 0-Day Vulnerabilities Found in Microsoft Exchange Server

March 3, 2021

Microsoft has issued emergency patches for four previously undisclosed security vulnerabilities in Exchange Server that are currently being exploited by a new state-sponsored threat actor from China, aimed at data theft. The Microsoft Threat Intelligence Center (MSTIC) describes these attacks as “limited and targeted,” revealing that the adversary exploited these vulnerabilities to gain access to on-premises Exchange servers, allowing them to infiltrate email accounts and install malware for prolonged access to the victim’s environment. Microsoft confidently attributes this campaign to a group known as HAFNIUM, a sophisticated state-sponsored hacker collective based in China, while also suggesting the potential involvement of other groups. In discussing HAFNIUM’s tactics, techniques, and procedures (TTPs), Microsoft highlights the group’s high level of skill and sophistication.

URGENT: Four Actively Exploited 0-Day Vulnerabilities Discovered in Microsoft Exchange On March 3, 2021, Microsoft announced emergency patches to address four critical security vulnerabilities in its Exchange Server. These vulnerabilities, which were previously undisclosed, are reportedly being exploited by a state-sponsored threat actor from China, leading to significant concerns regarding…

Read More

URGENT: Four Actively Exploited 0-Day Vulnerabilities Found in Microsoft Exchange Server

March 3, 2021

Microsoft has issued emergency patches for four previously undisclosed security vulnerabilities in Exchange Server that are currently being exploited by a new state-sponsored threat actor from China, aimed at data theft. The Microsoft Threat Intelligence Center (MSTIC) describes these attacks as “limited and targeted,” revealing that the adversary exploited these vulnerabilities to gain access to on-premises Exchange servers, allowing them to infiltrate email accounts and install malware for prolonged access to the victim’s environment. Microsoft confidently attributes this campaign to a group known as HAFNIUM, a sophisticated state-sponsored hacker collective based in China, while also suggesting the potential involvement of other groups. In discussing HAFNIUM’s tactics, techniques, and procedures (TTPs), Microsoft highlights the group’s high level of skill and sophistication.

NSA Identifies New Vulnerabilities in Microsoft Exchange Servers

April 14, 2021

In its April update, Microsoft addressed a total of 114 security vulnerabilities, including one actively exploited zero-day flaw and four remote code execution issues within Exchange Server. Among these vulnerabilities, 19 are classified as Critical, 88 as Important, and one as Moderate. Notably, CVE-2021-28310 is a privilege escalation vulnerability within Win32k, currently under active exploitation, allowing attackers to execute malicious code and gain elevated privileges on affected systems. Cybersecurity firm Kaspersky, which reported the flaw to Microsoft in February, connected the zero-day exploit to the Bitter APT group, known for utilizing a similar vulnerability (CVE-2021-1732) in attacks last year. “This is an escalation of privilege (EoP) exploit likely used in conjunction with other browser exploits to bypass sandboxes or obtain system privileges for further access,” explained Kaspersky researcher Boris Larin.

NSA Uncovers New Vulnerabilities Impacting Microsoft Exchange Servers April 14, 2021 In a recent wave of updates, Microsoft addressed a total of 114 security vulnerabilities, prominent among them being a zero-day exploit and multiple remote code execution issues affecting Microsoft Exchange Servers. This April patch release is significant, as it…

Read More

NSA Identifies New Vulnerabilities in Microsoft Exchange Servers

April 14, 2021

In its April update, Microsoft addressed a total of 114 security vulnerabilities, including one actively exploited zero-day flaw and four remote code execution issues within Exchange Server. Among these vulnerabilities, 19 are classified as Critical, 88 as Important, and one as Moderate. Notably, CVE-2021-28310 is a privilege escalation vulnerability within Win32k, currently under active exploitation, allowing attackers to execute malicious code and gain elevated privileges on affected systems. Cybersecurity firm Kaspersky, which reported the flaw to Microsoft in February, connected the zero-day exploit to the Bitter APT group, known for utilizing a similar vulnerability (CVE-2021-1732) in attacks last year. “This is an escalation of privilege (EoP) exploit likely used in conjunction with other browser exploits to bypass sandboxes or obtain system privileges for further access,” explained Kaspersky researcher Boris Larin.

Microsoft Releases Urgent Update to Address ASP.NET Vulnerability on macOS and Linux

Microsoft has issued an emergency patch to address a critical vulnerability in its ASP.NET Core framework, which could allow unauthenticated attackers to gain SYSTEM-level privileges on devices running Linux or macOS applications. This vulnerability, identified as CVE-2026-40372, impacts versions 10.0.0 through 10.0.6 of the Microsoft.AspNetCore.DataProtection NuGet package, an essential component…

Read MoreMicrosoft Releases Urgent Update to Address ASP.NET Vulnerability on macOS and Linux

Harvester APT Expands Surveillance Efforts with New GoGra Linux Malware

A nation-state-sponsored Advanced Persistent Threat (APT) group known as Harvester has allegedly developed a new backdoor dubbed GoGra, designed to infiltrate and monitor Linux systems in India and Afghanistan. This group has been active since at least June 2021 and initially targeted Windows platforms primarily across South Asia, but recent…

Read MoreHarvester APT Expands Surveillance Efforts with New GoGra Linux Malware

Yesterday’s Vulnerabilities Are Tomorrow’s Challenges

June 03, 2021

Major software vulnerabilities are an ongoing reality, as evidenced by Microsoft’s patching of between 55 and 110 vulnerabilities each month this year, with 7% to 17% classified as critical. May recorded the lowest number of vulnerabilities, totaling 55, with only four deemed critical. Alarmingly, many of these critical vulnerabilities are familiar foes, such as remote code execution and privilege escalation. Microsoft isn’t alone in this; companies like Apple, Adobe, Google, and Cisco also issue regular security updates to address significant vulnerabilities.

With major flaws affecting so many applications, can we envision a secure future? The answer is yes, but the road ahead will undoubtedly present challenges. Although these vulnerabilities may not be new to seasoned defenders, adversaries continuously adapt and exploit these weaknesses.

Recurring Vulnerabilities: A Persistent Challenge in Cybersecurity June 3, 2021 Software vulnerabilities continue to plague organizations across the globe, as evidenced by the fact that Microsoft has addressed between 55 and 110 vulnerabilities every month this year. Alarmingly, 7% to 17% of these identified vulnerabilities have been classified as critical,…

Read More

Yesterday’s Vulnerabilities Are Tomorrow’s Challenges

June 03, 2021

Major software vulnerabilities are an ongoing reality, as evidenced by Microsoft’s patching of between 55 and 110 vulnerabilities each month this year, with 7% to 17% classified as critical. May recorded the lowest number of vulnerabilities, totaling 55, with only four deemed critical. Alarmingly, many of these critical vulnerabilities are familiar foes, such as remote code execution and privilege escalation. Microsoft isn’t alone in this; companies like Apple, Adobe, Google, and Cisco also issue regular security updates to address significant vulnerabilities.

With major flaws affecting so many applications, can we envision a secure future? The answer is yes, but the road ahead will undoubtedly present challenges. Although these vulnerabilities may not be new to seasoned defenders, adversaries continuously adapt and exploit these weaknesses.

Microsoft Falls Victim to Cyber Attack

Feb 23, 2013

Microsoft has confirmed that it is the latest target of a cyber attack, with a small number of its computers, including some within its Mac software division, infected by malware. The company noted that the malicious software shares similarities with those used in recent attacks on Facebook and Apple. Microsoft provided limited details about the breach, stating, “We have no evidence of customer data being affected and our investigation is ongoing.” During the investigation, it was determined that a small number of computers had been compromised employing tactics documented by other organizations. “This type of cyber attack is not unexpected for Microsoft and other companies facing persistent and determined adversaries,” the company remarked. Last week, Apple reported its…

Microsoft Falls Victim to Cyber Attack Date: February 23, 2013 In a significant cybersecurity breach, Microsoft has confirmed that it has become the latest target of a sophisticated cyber attack, affecting a limited number of its computers, including those within its Mac software division. The company reported that these systems…

Read More

Microsoft Falls Victim to Cyber Attack

Feb 23, 2013

Microsoft has confirmed that it is the latest target of a cyber attack, with a small number of its computers, including some within its Mac software division, infected by malware. The company noted that the malicious software shares similarities with those used in recent attacks on Facebook and Apple. Microsoft provided limited details about the breach, stating, “We have no evidence of customer data being affected and our investigation is ongoing.” During the investigation, it was determined that a small number of computers had been compromised employing tactics documented by other organizations. “This type of cyber attack is not unexpected for Microsoft and other companies facing persistent and determined adversaries,” the company remarked. Last week, Apple reported its…

Microsoft Edge Vulnerability Could Have Allowed Hackers to Access Your Data on Any Website

On June 28, 2021, Microsoft released updates for the Edge browser addressing two security flaws, one of which involves a critical security bypass vulnerability. This flaw could potentially allow hackers to inject and execute arbitrary code across all websites. Identified as CVE-2021-34506 (CVSS score: 5.4), the issue is rooted in a universal cross-site scripting (UXSS) vulnerability that occurs when the browser’s automatic translation feature, powered by Microsoft Translator, is used. The vulnerability was discovered and reported by Ignacio Laurence along with Vansh Devgan and Shivam Kumar Singh from CyberXplore Private Limited. CyberXplore researchers explained, “Unlike conventional XSS attacks, UXSS exploits client-side vulnerabilities in the browser or extensions to create an XSS condition and run malicious code.”

Security Flaw in Microsoft Edge Could Have Exposed User Data Across Websites June 28, 2021 Microsoft recently issued updates to its Edge browser addressing two critical security vulnerabilities. Among these is a significant security bypass flaw that has raised concerns regarding the potential for malicious actors to inject and execute…

Read More

Microsoft Edge Vulnerability Could Have Allowed Hackers to Access Your Data on Any Website

On June 28, 2021, Microsoft released updates for the Edge browser addressing two security flaws, one of which involves a critical security bypass vulnerability. This flaw could potentially allow hackers to inject and execute arbitrary code across all websites. Identified as CVE-2021-34506 (CVSS score: 5.4), the issue is rooted in a universal cross-site scripting (UXSS) vulnerability that occurs when the browser’s automatic translation feature, powered by Microsoft Translator, is used. The vulnerability was discovered and reported by Ignacio Laurence along with Vansh Devgan and Shivam Kumar Singh from CyberXplore Private Limited. CyberXplore researchers explained, “Unlike conventional XSS attacks, UXSS exploits client-side vulnerabilities in the browser or extensions to create an XSS condition and run malicious code.”

Researchers Release PoC Exploit for Critical Windows RCE Vulnerability

On June 30, 2021, a proof-of-concept (PoC) exploit for a remote code execution vulnerability in the Windows Print Spooler, identified as CVE-2021-1675, was temporarily posted online before being removed. This security flaw, which Microsoft addressed in a Patch Tuesday update on June 8, 2021, could allow remote attackers to gain complete control over affected systems. The Print Spooler component, responsible for managing printer operations and loading drivers, poses significant risks due to its wide attack surface and high privilege level that enables the dynamic loading of third-party binaries. Shortly after the initial patch, Microsoft updated its assessment of the vulnerability’s impact from an elevation of privilege to remote code execution (RCE) and increased the severity rating.

Researchers Disclose PoC Exploit for Critical Windows RCE Vulnerability On June 30, 2021, news emerged regarding the brief online availability of a proof-of-concept (PoC) exploit linked to a critical remote code execution (RCE) vulnerability in the Windows Print Spooler service. This vulnerability, cataloged as CVE-2021-1675, was identified as potentially allowing…

Read More

Researchers Release PoC Exploit for Critical Windows RCE Vulnerability

On June 30, 2021, a proof-of-concept (PoC) exploit for a remote code execution vulnerability in the Windows Print Spooler, identified as CVE-2021-1675, was temporarily posted online before being removed. This security flaw, which Microsoft addressed in a Patch Tuesday update on June 8, 2021, could allow remote attackers to gain complete control over affected systems. The Print Spooler component, responsible for managing printer operations and loading drivers, poses significant risks due to its wide attack surface and high privilege level that enables the dynamic loading of third-party binaries. Shortly after the initial patch, Microsoft updated its assessment of the vulnerability’s impact from an elevation of privilege to remote code execution (RCE) and increased the severity rating.