September 2023 - Page 37 of 87 - Cyber Security News

ZDI-23-1445: Microsoft Windows UMPDDrvRealizeBrush Use-After-Free Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code...

September 19, 2023

Advisories

ZDI-23-1446: Microsoft Windows Untrusted Script Execution Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that...

September 19, 2023

Advisories

ZDI-23-1447: Microsoft Exchange ExFileLog Deserialization of Untrusted Data Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. Read More

September 19, 2023

Advisories

ZDI-23-1448: Microsoft Exchange SharedTypeResolver Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. Read More

September 19, 2023

Advisories

CVE-2022-28357 (nats-server)

NATS nats-server 2.2.0 through 2.7.4 allows directory traversal because of an unintended path to a management action from a management account. Read More

September 19, 2023

News

Who’s Behind the 8Base Ransomware Website?

The victim shaming website operated by the cybercriminals behind 8Base — currently one of the more active ransomware groups — was until earlier today leaking...

September 19, 2023

Advisories

SQL Injection vulnerability in SearchTextBox parameter in Fortra (Formerly HelpSystems) DeliverNow before version 1.2.18, allows attackers to execute arbitrary code, escalate privileges, and gain sensitive...

September 19, 2023

Advisories

pmix-4.1.3-1.fc38

FEDORA-2023-d6dbdf62ad Packages in this update: pmix-4.1.3-1.fc38 Update description: Security fix for CVE-2023-41915 Read More

September 18, 2023

Advisories

pmix-4.1.3-1.fc37

FEDORA-2023-155d2f22f1 Packages in this update: pmix-4.1.3-1.fc37 Update description: Security fix for CVE-2023-41915 Read More

September 18, 2023

Advisories

pmix-4.1.3-1.fc39

FEDORA-2023-1185eca900 Packages in this update: pmix-4.1.3-1.fc39 Update description: Security fix for CVE-2023-41915 Read More

September 18, 2023

Swiss Cyber Agency Warns of QR Code Malware in Mail Scam

Most of 2023’s Top Exploited Vulnerabilities Were Zero-Days

‘ClickFix’ Cyber-Attacks for Malware Deployment on the Rise

Fake Donald Trump Assassination Story Used in Phishing Scam

Surge in DocuSign Phishing Attacks Target US State Contractors

North Korean IT Worker Network Tied to BeaverTail Phishing Campaign

FTC Records 50% Drop in Nuisance Calls Since 2021

NCSC Warns UK Shoppers Lost £11.5m Last Christmas

Friday Squid Blogging: Female Gonatus Onyx Squid Carrying Her Eggs

Month: September 2023

ZDI-23-1445: Microsoft Windows UMPDDrvRealizeBrush Use-After-Free Local Privilege Escalation Vulnerability

ZDI-23-1446: Microsoft Windows Untrusted Script Execution Remote Code Execution Vulnerability

ZDI-23-1447: Microsoft Exchange ExFileLog Deserialization of Untrusted Data Denial-of-Service Vulnerability

ZDI-23-1448: Microsoft Exchange SharedTypeResolver Deserialization of Untrusted Data Remote Code Execution Vulnerability

CVE-2022-28357 (nats-server)

Who’s Behind the 8Base Ransomware Website?

CVE-2021-26837

pmix-4.1.3-1.fc38

pmix-4.1.3-1.fc37

pmix-4.1.3-1.fc39