KFC Owner Discloses Data Breach
Yum! Brands warns of fallout from January incident Read More
Why reporting an incident only makes the cybersecurity community stronger
Reporting an incident to the correct authorities or vulnerability clearinghouses can be an experience fraught with frustration. You pour time, energy, and resources into fighting...
Latitude Financial Refuses to Pay Ransom
Breached Aussie firm says it will only embolden extorters Read More
ZDI-23-381: Microsoft Windows Remote Desktop Connection Uninitialized Variable Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that...
ZDI-23-382: Microsoft SharePoint WSSXmlUrlResolver Server-Side Request Forgery Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability. Read More
ZDI-23-383: Microsoft Windows Bluetooth BNEP Protocol Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that...
ZDI-23-384: Microsoft Office Word DOCX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in...
ZDI-23-385: Microsoft Office Word SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in...
ZDI-23-380: Microsoft Azure Machine Learning Service DSIMountAgent Missing Authentication Information Disclosure Vulnerability
This vulnerability allows network-adjacent attackers to disclose sensitive information on Microsoft Azure. Authentication is not required to exploit this vulnerability. Read More
APPLE-SA-2023-04-10-3 macOS Big Sur 11.7.6
Posted by Apple Product Security via Fulldisclosure on Apr 10 APPLE-SA-2023-04-10-3 macOS Big Sur 11.7.6 macOS Big Sur 11.7.6 addresses the following issues. Information about...