Tag: Security vulnerability

CrowdStrike has shared details on Spyboy Terminator EDR killer. It is one of the EDRs, alongside the likes of Microsoft Defender, Avast, and more, that can be disabled by the evasion tool.

Sayan Sen · 23 hours ago with 4 comments

Microsoft recently began patching UEFI bootkit vulnerabilities with this month's Patch Tuesday update. The company has now released a helpful guide about blocking such Windows boot managers.

Sayan Sen · May 12, 2023 · Hot! with 0 comments

Microsoft has released details on how it plans to protect against unsupported, unpatched, vulnerable Exchange Servers. The tech giant says that it will throttle and eventually block such mails.

Sayan Sen · May 9, 2023 with 5 comments

An AMD fTPM side channel security flaw dubbed "faulTPM" has been discovered by researchers. This security bug can even bypass BitLocker and it affects modern Windows 11-supported Ryzen chips.

Sayan Sen · May 4, 2023 with 4 comments

Microsoft has issued PowerShell scripts for multiple security vulnerabilities on Windows 11 and Windows 10. These are for speculative side channel attack CPU flaws, thirteen in total.

Sayan Sen · Apr 23, 2023 · Hot! with 11 comments

Microsoft has published some helpful guidance against the BlackLotus UEFI bootkit vulnerability that can bypass Secure Boot, VBS, BitLocker, Windows Defender, and more to infect updated Windows PCs.

Sayan Sen · Apr 13, 2023 with 0 comments

Microsoft has released a couple of PowerShell scripts to address a BitLocker bypass security vulnerability issue. In its bulletin, the company has explained the differences between the two scripts.

Sayan Sen · Mar 17, 2023 with 0 comments

BlackLotus, which is a bootkit, has been doing the rounds on the internet since last year. This bootkit is capable of bypassing Secure Boot, disabling BitLocker, Microsoft Defender, and more.

Sayan Sen · Mar 2, 2023 · Hot! with 0 comments

AMD has advised users to update Ryzen Master as it was vulnerable to a high severity flaw. This follows the earlier report today where the company's CPUs have begun exhibiting fTPM stutters on Linux.

Sayan Sen · Feb 15, 2023 · Hot! with 0 comments

Microsoft has formally announced that it has deprecated MSDT and its related troubleshooters. The company has explained in a document how the retirement is going to be a gradual phase out.

Sayan Sen · Feb 8, 2023 · Hot! with 12 comments

CISA has released a data recovery script dubbed "ESXiArgs-Recover" in order to help users who have been affected by the massive worldwide ESXiArgs ransomware server attacks on VMWare's vSphere.

Sayan Sen · Feb 8, 2023 with 1 comment

A security researcher recently discovered serious vulnerabilities in Google Home smart speakers that could allow an attacker to install a "backdoor" account on the device and gain remote access.

Karthik Mudaliar · Dec 30, 2022 with 1 comment

Microsoft Defender, AVG, Avast, and more, were found vulnerable to a new zero-day security exploit through which harmless files, even system files, could be deleted using the anti-virus.

Sayan Sen · Dec 11, 2022 · Hot! with 12 comments

AMD has shared details about a Spectre Variant 2 vulnerability that affects almost all AMD Ryzen, Athlon, and EPYC systems. The security flaw is patched in the latest Patch Tuesday updates.

Sayan Sen · Nov 9, 2022 with 0 comments

ESET has discovered another set of security vulnerabilities on Windows 11 and 10 Lenovo laptops. These allow attackers to disable Secure Boot. A list of vulnerable device models has been published.

Sayan Sen · Nov 9, 2022 with 4 comments

Today, Microsoft has issued important security fixes to address DoS vulnerabilities affecting .NET Core and Visual Studio. The patches are available via .NET 6.0.9 and .NET Core 3.1.29.

Sayan Sen · Sep 14, 2022 with 6 comments

HP has warned that it has discovered a new high severity privilege escalation vulnerability inside its own Support Assistant software utility. The company has also issued a fix for the security flaw.

Sayan Sen · Sep 7, 2022 with 5 comments

Twitter's former head of security, Peiter Zatko, alleged in a whistleblower complaint that Twitter has major security problems that pose a threat to its own users' personal information.

Harryson Sotomayor · Aug 23, 2022 with 10 comments

Apple has released small updates for its iPhone, iPad, and Mac devices. macOS 12.5.1, iOS 15.6.1, and iPadOS 15.6.1 address security vulnerabilities that exist within the Kernel and WebKit.

Alap Naik Desai · Aug 17, 2022 with 10 comments

Modern Intel processors consisting of 10th Gen, 11th Gen and 12th Gen CPUs have been found to be vulnerable to a new "ÆPIC" security flaw. The vulnerability is able to exploit Intel's APIC MMIO.

Sayan Sen · Aug 10, 2022 · Hot! with 24 comments

AMD Zen-based processors with Simultaneous Multi-threading (SMT) like Ryzen, Threadripper, EPYC, and Athlon CPUs have been found to be vulnerable to a new “SQUIP” side-channel attack.

Sayan Sen · Aug 10, 2022 · Hot! with 19 comments

Microsoft's Threat Intelligence Center (MSTIC) claims it caught an Austrian company selling spyware called Subzero. The malware relied on zero-day vulnerabilities, which have been patched.

Alap Naik Desai · Jul 27, 2022 with 1 comment

QNAP has issued a patch of a security vulnerability that could affect certain configurations of its NAS Drives. The flaw resides in PHP that deals with FPM. It can allow remote code execution.

Alap Naik Desai · Jun 22, 2022 with 0 comments

Several Intel CPUs from different generations have been found to be susceptible to new processor vulnerabilities related to MMIO Stale Data. Microsoft and Intel have published advisories about it.

Sayan Sen · Jun 16, 2022 · Hot! with 6 comments

Microsoft released two small updates for the Chromium-based Edge browser over the weekend. The latest update addresses a bug that prevented PDF files from being printed using the browser.

Alap Naik Desai · Jun 14, 2022 with 0 comments

Following the recent Follina security vulnerability, another Microsoft Support Diagnostic Tool (MSDT) bug has been found called "DogWalk". This one too has been ignored by Microsoft at first glance.

Sayan Sen · Jun 8, 2022 · Hot! with 1 comment

Nearly all Android smartphones and devices packing MediaTek or Qualcomm with a Security Patch dated prior to December 2021 remain vulnerable to an RCE security bug that can allow eavesdropping.

Alap Naik Desai · Apr 21, 2022 with 12 comments

Several popular Lenovo consumer models, including IdeaPad, Legion, and more, have been found to be vulnerable to UEFI firmware security bugs. The vulnerabilities can lead to privilege of escalation.

Sayan Sen · Apr 19, 2022 with 9 comments

The infamous Hafnium group which successfully targeted on-premises Microsoft Exchange servers is now going after Windows using Tarrask malware which evades detection by cleaning its activities.

Alap Naik Desai · Apr 12, 2022 with 10 comments

Google has released Chrome v99.0.4844.84 to the Stable Channel. The update for the web browser is available for all desktop OSes and includes a security fix for a vulnerability rated 'High'.

Alap Naik Desai · Mar 25, 2022 with 4 comments

An unofficial patch for a Windows LPE security vulnerability under "CVE-2021-34484" is out, one that was supposedly fixed by Microsoft via its Patch Tuesday updates twice, but apparently not.

Sayan Sen · Mar 21, 2022 · Hot! with 1 comment

Intel and ARM are vulnerable to the Spectre-BHB flaw, but AMD is apparently troubled by Spectre v2, which it should have fixed back in 2018. AMD has now issued a new fix for the CVE-2017-5715 bug.

Alap Naik Desai · Mar 12, 2022 · Hot! with 4 comments

Mozilla has released Firefox v97.0.2. It's an out-of-band security update to patch two "Critical" security flaws that are being exploited in the wild. These 0-Days rely on the 'Use-after-free' bug.

Alap Naik Desai · Mar 5, 2022 · Hot! with 8 comments

Linux is a lot safer than Windows, macOS, and others because open-source programmers are racing to fix security vulnerabilities in record time, claim security researchers at Google's Project Zero.

Alap Naik Desai · Feb 18, 2022 · Hot! with 55 comments

Firmware security research firm Binarly has revealed that it discovered nearly two dozen vulnerabilities in InsydeH2O UEFI used by several vendors like Microsoft, Intel, Dell, HP, and more.

Sayan Sen · Feb 2, 2022 with 9 comments

ESET has released updated builds for a whole bunch of its products on Windows. These updated product builds fix a local privilege escalation (LPE) vulnerability that the firm learned about last year.

Sayan Sen · Feb 2, 2022 · Hot! with 0 comments

An LPE security vulnerability under the ID CVE-2021-4034 was found by Linux security researchers at Qualys. The bug has been present for 12+ years and almost every major Linux distro is vulnerable.

Sayan Sen · Jan 26, 2022 · Hot! with 12 comments

Microsoft had discovered a macOS security vulnerability inside the TCC that can allow an attacker to gain control over a Mac's various settings. A patch is already out via the macOS Monterey 12.1.

Sayan Sen · Jan 11, 2022 with 1 comment

HP has issued a list of its printers that are vulnerable to a new "Critical" buffer overflow bug that can lead to exploitation. Fortunately, patched firmware for these models has also been released.

Sayan Sen · Nov 30, 2021 · Hot! with 18 comments

AMD has published a long list of security bugs and exploits that its Windows 10 graphics driver was susceptible to. Thankfully for Radeon GPU owners, these exploits have since been patched.

Sayan Sen · Nov 13, 2021 · Hot! with 26 comments