New Windows Themes zero-day gets free, unofficial patches

Windows Themes zero-day bug exposes users to NTLM credential theft

itsecuritynews.info - 30/Oct 22:04

Plus a free micropatch until Redmond fixes the flaw There’s a Windows Themes spoofing zero-day bug on the loose that allows attackers to steal...

New Windows Zero-Day Vulnerability Let Attackers Steal Credentials From Victim’s Machine

itsecuritynews.info - 13:15

A security researcher discovered a vulnerability in Windows theme files in the previous year, which allowed malicious actors to steal Windows users’...

Critical Flaw in Open Policy Agent Exposed NTLM Credentials, Patch Released

itsecuritynews.info - 23/Oct 20:34

A now-resolved security vulnerability in Styra’s Open Policy Agent (OPA) could have exposed New Technology LAN Manager (NTLM) hashes, potentially...

Fortinet warns of new critical FortiManager flaw used in zero-day attacks

bleepingcomputer.com - 23/Oct 15:05

Fortinet publicly disclosed today a critical FortiManager API vulnerability, tracked as CVE-2024-47575, that was exploited in zero-day attacks to...

Security Flaw in Styra’s OPA Exposes NTLM Hashes to Remote Attackers

itsecuritynews.info - 22/Oct 14:34

Details have emerged about a now-patched security flaw in Styra’s Open Policy Agent (OPA) that, if successfully exploited, could have led to leakage...

Exploit released for new Windows Server "WinReg" NTLM Relay attack

bleepingcomputer.com - 22/Oct 17:26

Proof-of-concept exploit code is now public for a vulnerability in Microsoft's Remote Registry client that could be used to take control of a...

Lazarus rises again … targeting cryptocurrency

it-online.co.za - 25/Oct 08:58

Kaspersky’s Global Research and Analysis Team (GReAT) has uncovered a sophisticated malicious campaign by the Lazarus advanced persistent threat...

Samsung zero-day flaw actively exploited in the wild

securityaffairs.co - 22/Oct 15:41

Google’s Threat Analysis Group (TAG) researchers warn of a Samsung zero-day vulnerability that is exploited in the wild. Google’s Threat Analysis...

New version of Android malware FakeCall redirects bank calls to scammers

securityaffairs.co - 31/Oct 00:52

The latest FakeCall malware version for Android intercepts outgoing bank calls, redirecting them to attackers to steal sensitive info and bank funds....

Gitlab fixes CVE-2024-8312 and CVE-2024-6826

thecyberthrone.in - 25/Oct 08:17

GitLab has released patches for two vulnerabilities affecting multiple versions of its Community Edition (CE) and Enterprise Edition (EE) software....

Rubriques :