December 6, 2024
Micropatchers share 1-instruction fix for NTLM hash leak flaw in Windows 7+
Microsoft's OS sure loves throwing your creds at remote systems Updated Acros Security claims to have found an unpatched bug in Microsoft Windows 7 and onward that can be exploited to steal users' OS account credentials.…
Facing sale or ban, TikTok tossed under national security bus by appeals court
Video slinger looks to Supremes for salvation, though anything could happen under Trump A US federal appeals court has rejected a challenge to the law that prevents popular apps that collect data on Americans from being controlled by a foreign adversary.…
Salt Typhoon forces FCC’s hand on making telcos secure their networks
Proposal pushes stricter infosec safeguards after Chinese state baddies expose vulns The head of America's Federal Communications Commission (FCC) wants to force telecoms operators to tighten network security in the wake of the Salt Typhoon revelations, and to submit an annual report detailing measures taken.…
Badass Russian techie outsmarts FSB, flees Putinland all while being tracked with spyware
Threatened with life in prison, Kyiv charity worker gives middle finger to state spies A Russian programmer defied the Federal Security Service (FSB) by publicizing the fact his phone was infected with spyware after being confiscated by authorities.…
Protect your clouds
Get best practice advice on how to safeguard your cloud infrastructure from SANS Sponsored Post According to the 2024 IBM Cost of the Data Breach Report 40 percent of data breaches identified between March 2023 and February 2024 involved data stored across multiple environments, including the cloud.…
PoC exploit chains Mitel MiCollab 0-day, auth-bypass bug to access sensitive files
Still unpatched 100+ days later, watchTowr says updated A zero-day arbitrary file read vulnerability in Mitel MiCollab can be chained with a now-patched critical bug in the same platform to give attackers access to sensitive files on vulnerable instances. …
Microsoft: Another Chinese cyberspy crew targeting US critical orgs ‘as of yesterday’
Redmond threat intel maven talks explains this persistent pain to The Reg A Chinese government-linked group that Microsoft tracks as Storm-0227 has been actively targeting critical organizations and US government agencies as of yesterday, according to Redmond's threat intel team.…