Search Results for: Microsoft
Windows Smart App Control, SmartScreen bypass exploited since 2018
A design flaw in Windows Smart App Control and SmartScreen that enables attackers to launch programs without triggering security warnings has been under exploitation since at least 2018. Smart App Control is a reputation-based security feature that uses Microsoft’s app intelligence services for safety predictions and Windows’ code integrity features to identify and block untrusted (unsigned) […]
CISA warns of VMware ESXi bug exploited in ransomware attacks
CISA has ordered U.S. Federal Civilian Executive Branch (FCEB) agencies to secure their servers against a VMware ESXi authentication bypass vulnerability exploited in ransomware attacks. Broadcom subsidiary VMware fixed this flaw (CVE-2024-37085) discovered by Microsoft security researchers on June 25 with the release of ESXi 8.0 U3. CVE-2024-37085 allows attackers to add a new user […]
New Specula tool uses Outlook for remote code execution in Windows
Microsoft Outlook can be turned into a C2 beacon to remotely execute code, as demonstrated by a new red team post-exploitation framework named “Specula,” released today by cybersecurity firm TrustedSec. This C2 framework works by creating a custom Outlook Home Page using WebView by exploiting CVE-2017-11774, an Outlook security feature bypass vulnerability patched in October 2017. “In […]
NVIDIA Begins Sampling Its Next-Gen AI Powerhouse, Blackwell, All Over The World, Mass Production On-Track
NVIDIA will begin sampling the first Blackwell AI accelerators across the globe this week as the firm demonstrates unparalleled performance with its next-gen architecture. NVIDIA CEO Jensen Huang Provides Update On Blackwell At The SIGGRAPH, Sampling Starts This Week, Also Reveals Several New “AI Bits” It was a delight to see NVIDIA’s CEO Jensen Huang […]
1 million HotJar users vulnerable to XSS attacks
By combining OAuth features with an age-old cross-site scripting (XSS) vulnerability, Salt Labs researchers were able to take over any account in HotJar and Business Insider online services. Because HotJar serves more than 1 million websites, including, Adobe, Microsoft, T-Mobile, and Nintendo, security pros considered the issue serious, even though many protections were layered into […]
Proofpoint settings exploited to send millions of phishing emails daily
A massive phishing campaign dubbed “EchoSpoofing” exploited now-fixed, weak permissions in Proofpoint’s email protection service to dispatch millions of spoofed emails impersonating big entities like Disney, Nike, IBM, and Coca-Cola, to target Fortune 100 companies. The campaign started in January 2024, disseminating an average of 3 million spoofed emails daily and reaching a peak of 14 […]
How to Make Windows 11 Look and Feel Like Windows 10
Nearly three years after it came out and a year before Windows 10 reaches its end of life, Windows 11 still accounts for only 29% of PC operating system installs, with its predecessor accounting for 66%. One reason: a lot of people don’t like the subtle changes in Windows 11’s user interface, from its bloated Start menu to its […]
Windows 11 taskbar has a hidden “End Task” feature, how to turn it on
Microsoft has added a feature to Windows 11 that allows you to end tasks directly from the taskbar, but it’s turned off by default. How It Works When the “End Task” feature is enabled, you can right-click on an app icon in the taskbar and see an “End Task” option. When you select this option, […]
July Windows Server updates break Remote Desktop connections
Microsoft has confirmed that July’s security updates break remote desktop connections in organizations where Windows servers are configured to use the legacy RPC over HTTP protocol in the Remote Desktop Gateway. “Windows Servers might affect Remote Desktop Connectivity across an organization if legacy protocol (Remote Procedure Call over HTTP) is used in Remote Desktop Gateway. […]
Google Criticized for Abandoning Cookie Phase-Out
Google has been criticized for its decision to abandon plans to phase out third-party cookies in the Chrome browser, with privacy experts accusing the firm of prioritizing advertising revenue over user privacy. On July 22, Anthony Chavez, VP of the Privacy Sandbox initiative at Google, revealed the tech giant will no longer be deprecating third-party […]