159-CVE January Patch Tuesday smashes single-month record
Credit to Author: Angela Gunn| Date: Wed, 15 Jan 2025 03:09:41 +0000
Brace yourselves… and consider reading your email in plaintext for now
Read MoreComputer Security Articles
RSS Reader for Computer Security Articles
Author: admin
Investigating A Web Shell Intrusion With Trend Micro™ Managed XDR
Credit to Author: Stephen Carbery| Date: Tue, 14 Jan 2025 00:00:00 +0000
This blog discusses a web shell intrusion incident where attackers abused the IIS worker to exfiltrate stolen data.
Read MoreMicrosoft: Happy 2025. Here’s 161 Security Updates
Credit to Author: BrianKrebs| Date: Tue, 14 Jan 2025 22:50:00 +0000
Microsoft today unleashed updates to plug a whopping 161 security vulnerabilities in Windows and related software, including three “zero-day” weaknesses that are already under active attack. Redmond’s inaugural Patch Tuesday of 2025 bundles more fixes than the company has shipped in one go since 2017.
Read MoreThe ‘Largest Illicit Online Marketplace’ Ever Is Growing at an Alarming Rate, Report Says
Credit to Author: Matt Burgess, Lily Hay Newman| Date: Tue, 14 Jan 2025 09:00:00 +0000
Huione Guarantee, a gray market researchers believe is central to the online scam ecosystem, now includes a messaging app, stablecoin, and crypto exchange—while facilitating $24 billion in transactions.
Read MoreInsurance company accused of using secret software to illegally collect and sell location data on millions of Americans
An insurance company is accused of unlawfully collecting, using, and selling location data from millions of people’s cell phones.
Read MoreAnalyzing CVE-2024-44243, a macOS System Integrity Protection bypass through kernel extensions
Credit to Author: Microsoft Threat Intelligence| Date: Mon, 13 Jan 2025 17:00:00 +0000
Microsoft discovered a macOS vulnerability allowing attackers to bypass System Integrity Protection (SIP) by loading third party kernel extensions, which could lead to serious consequences, such as allowing attackers to install rootkits, create persistent malware, bypass Transparency, Consent, and Control (TCC), and expand the attack surface to perform other unauthorized operations.
The post Analyzing CVE-2024-44243, a macOS System Integrity Protection bypass through kernel extensions appeared first on Microsoft Security Blog.
Read More3 takeaways from red teaming 100 generative AI products
Credit to Author: Blake Bullwinkel and Ram Shankar Siva Kumar| Date: Mon, 13 Jan 2025 16:00:00 +0000
Since 2018, Microsoft’s AI Red Team has probed generative AI products for critical safety and security vulnerabilities. Read our latest blog for three lessons we’ve learned along the way.
The post 3 takeaways from red teaming 100 generative AI products appeared first on Microsoft Security Blog.
Read MoreInside the Black Box of Predictive Travel Surveillance
Credit to Author: Caitlin Chandler| Date: Mon, 13 Jan 2025 10:00:00 +0000
Behind the scenes, companies and governments are feeding a trove of data about international travelers into opaque AI tools that aim to predict who’s safe—and who’s a threat.
Read More