Found 15 bookmarks
Custom sorting
Microsoft Says Windows Update Zero-Day Being Exploited to Undo Security Fixes
Microsoft Says Windows Update Zero-Day Being Exploited to Undo Security Fixes
Microsoft on Tuesday raised an alarm for in-the-wild exploitation of a critical flaw in Windows Update, warning that attackers are rolling back security fixes on certain versions of its flagship operating system.
·securityweek.com·
Microsoft Says Windows Update Zero-Day Being Exploited to Undo Security Fixes
CrowdStrike blames a test software bug for Windows wipeout
CrowdStrike blames a test software bug for Windows wipeout
CrowdStrike has blamed a bug in its own test software for the mass-crash-event it caused last week. A Wednesday update to its remediation guide added a preliminary post incident review (PIR) that offers the antivirus maker's view of how it brought down 8.5 million Windows boxes.
·theregister.com·
CrowdStrike blames a test software bug for Windows wipeout
No Way, PHP Strikes Again! (CVE-2024-4577)
No Way, PHP Strikes Again! (CVE-2024-4577)
Orange Tsai tweeted a few hours ago about “One of [his] PHP vulnerabilities, which affects XAMPP by default”, and we were curious to say the least. XAMPP is a very popular way for administrators and developers to rapidly deploy Apache, PHP, and a bunch of other tools, and any bug
·labs.watchtowr.com·
No Way, PHP Strikes Again! (CVE-2024-4577)
Microsoft: APT28 hackers exploit Windows flaw reported by NSA
Microsoft: APT28 hackers exploit Windows flaw reported by NSA
Microsoft warns that the Russian APT28 threat group exploits a Windows Print Spooler vulnerability to escalate privileges and steal credentials and data using a previously unknown hacking tool called GooseEgg. #APT28 #Computer #Credential #Escalation #Exploit #GooseEgg #InfoSec #NSA #Print #Privilege #Security #Spooler #Theft #Windows
·bleepingcomputer.com·
Microsoft: APT28 hackers exploit Windows flaw reported by NSA
What a Cluster: Local Volumes Vulnerability in Kubernetes
What a Cluster: Local Volumes Vulnerability in Kubernetes
  • Akamai security researcher Tomer Peled recently discovered a high-severity vulnerability in Kubernetes that was assigned CVE-2023-5528 with a CVSS score of 7.2. The vulnerability allows remote code execution with SYSTEM privileges on all Windows endpoints within a Kubernetes cluster. To exploit this vulnerability, the attacker needs to apply malicious YAML files on the cluster. This vulnerability can lead to full takeover on all Windows nodes in a cluster. This vulnerability can be exploited on default installations of Kubernetes (earlier than version 1.28.4), and was tested against both on-prem deployments and Azure Kubernetes Service. In this blog post, we provide a proof-of-concept YAML file as well as an Open Policy Agent (OPA) rule for blocking this vulnerability.
·akamai.com·
What a Cluster: Local Volumes Vulnerability in Kubernetes
Kubernetes Vulnerability Allows Remote Code Execution on Windows Endpoints
Kubernetes Vulnerability Allows Remote Code Execution on Windows Endpoints
The exploitation of a high-severity Kubernetes vulnerability can lead to arbitrary code execution with System privileges on all Windows endpoints in a cluster, Akamai warns. The issue, tracked as CVE-2023-5528 and impacting default Kubernetes installations, exists in the way the open source container orchestration system processes YAML files, which it uses for virtually every function. In some regards, the vulnerability is like CVE-2023-3676, a lack of sanitization in the subPath parameter in YAML files leading to code injection when creating pods with volumes.
·securityweek.com·
Kubernetes Vulnerability Allows Remote Code Execution on Windows Endpoints
The "EventLogCrasher" 0day For Remotely Disabling Windows Event Log, And a Free Micropatch For It
The "EventLogCrasher" 0day For Remotely Disabling Windows Event Log, And a Free Micropatch For It
If you ever troubleshooted anything on Windows or investigated a suspicious event, you know that Windows store various types of events in Windows Event Log. An application crashed and you want to know more about it? Launch the Event Viewer and check the Application log. A service behaving strangely? See the System log. A user account got unexpectedly blocked? The Security log may reveal who or what blocked it. All these events are getting stored to various logs through the Windows Event Log service. Unsurprisingly, this service's description says: "Stopping this service may compromise security and reliability of the system." The Windows Event Log service performs many tasks. Not only is it responsible for writing events coming from various source to persistent file-based logs (residing in %SystemRoot%\System32\Winevt\Logs), it also provides structured access to these stored events through applications like Event Viewer. Furthermore, this service also performs "event forwarding" if you want your events sent to a central log repository like Splunk or Sumo Logic, an intrusion detection system or a SIEM server. Therefore, Windows Event Log service plays an important role in many organizations' intrusion detection and forensic capabilities. And by extension, their compliance check boxes.
·blog.0patch.com·
The "EventLogCrasher" 0day For Remotely Disabling Windows Event Log, And a Free Micropatch For It