Security News

Cybersecurity researchers at Reason Labs, the threat research arm of security solutions provider Reason Cybersecurity, today disclosed details of a vulnerability they recently discovered in the Facebook Messenger application for Windows. The vulnerability, which resides in Messenger version 460.16, could allow attackers to leverage the app to potentially execute malicious files already present on a compromised system in an attempt to help malware gain persistent/extended access.

One of the vulnerabilities that Microsoft addressed on June 2020 Patch Tuesday is a Server Message Block protocol bug that could allow an attacker to leak kernel memory remotely, without authentication. Called SMBleed and tracked as CVE-2020-1206, the vulnerability could be chained with SMBGhost, a flaw addressed in March 2020, to achieve pre-authentication remote code execution, security researchers with ZecOps reveal.

"Microsoft's latest fixes in its June Patch Tuesday update show that when it comes to vulnerabilities, what's old is new again. The same vulnerabilities we've seen appear in Adobe Flash over the past few years, along with common cross-site-scripting issues, were addressed this month. As witnessed within Microsoft Office SharePoint, there were multiple XSS vulnerabilities identified in the same product - this could be the result of a researcher who found one flaw and decided to continue digging, or Microsoft itself going through similar flows of code to try to fix them all." "This month starts with CVE-2020-1281, a remote code execution vulnerability in Microsoft's Object Linking & Embedding. This vulnerability impacts Windows 7 through 10 and Windows Server 2008 through 2019. The vulnerability exists in the way OLE validates user input. An attacker who sent a specially crafted file or program, or convinced a victim to download one, could execute malicious code on the victim's machine. Microsoft assigned this vulnerability a CVSS score of 7.8; a similar vulnerability, CVE-2017-0199, has been widely exploited including by the Lazarus group and APT 34.".

The Redmond giant has posted fixes for CVE-listed bugs in its latest monthly security update, including 23 that allow for remote code execution. One of the bugs that was of particular interest to researchers was CVE-2020-1299, a remote code execution issue that arises when trying to load Windows shortcut files.

Cybersecurity researchers today uncovered a new critical vulnerability affecting the Server Message Block protocol that could allow attackers to leak kernel memory remotely, and when combined with a previously disclosed "Wormable" bug, the flaw can be exploited to achieve remote code execution attacks. The newly discovered vulnerability impacts Windows 10 versions 1903 and 1909, for which Microsoft today released security patches as part of its monthly Patch Tuesday updates for June.

A security researcher has published a PoC RCE exploit for SMBGhost, a wormable flaw that affects SMBv3 on Windows 10 and some Windows Server versions. The PoC exploit is unreliable, but could be used by malicious attackers as a starting point for creating a more effective exploit.

The application is free and open source, but he still has to pay for a code-signing certificate to avoid potential users being put off by warnings when they try to download and install. Warning or preventing users from installing unverified applications is commonplace in today's operating systems, but does Windows go too far? We counted seven steps needed to download and install the open-source audio package Ardour 6, which is both unsigned and newly released, using the latest Edge and Windows 10.

Aimed at SMBs, educational facilities, and software companies, the ransomware leverages Java to encrypt server-based files, according to BlackBerry and KPMG. Cybercriminals are always looking for new tricks and techniques to target potential victims without being caught. That's especially true of ransomware attackers who need to stealthily invade an organization's network to encrypt the sensitive files they plan to hold hostage.

Application threats and security trends you need to know aboutApplications are a gateway to valuable data, so it's no wonder they are one of attackers' preferred targets. C-suite execs often pressure IT teams to make security exceptions for themThe C-suite is the most likely group within an organization to ask for relaxed mobile security protocols - despite also being highly targeted by malicious cyberattacks, according to MobileIron.

Windows 10 release 2004 is out, with a slew of new features. In Windows 10 1903, it launched the Windows Sandbox, which is a lightweight desktop environment that isolates anything you run in it and wipes all its files when you close it down.