Credit to Author: Andy Greenberg, Lily Hay Newman| Date: Sat, 16 Dec 2023 14:00:00 +0000
Plus: Apple tightens anti-theft protections, Chinese hackers penetrate US critical infrastructure, and the long-running rumor of eavesdropping phones crystallizes into more than an urban legend.
Read moreCredit to Author: Microsoft Threat Intelligence| Date: Fri, 15 Dec 2023 17:00:00 +0000
Four new unauthenticated remotely exploitable security vulnerabilities discovered in the popular source code management platform Perforce Helix Core Server have been remediated after being responsibly disclosed by Microsoft. Perforce Server customers are strongly urged to update to version 2023.1/2513900.
The post Patching Perforce perforations: Critical RCE vulnerability discovered in Perforce Helix Core Server appeared first on Microsoft Security Blog.
Read more
Over the past year, we’ve seen Microsoft make radical improvements in its browser stability and significant positive changes to its Windows update communication and telemetry strategies. And this month’s Patch Tuesday release brings with it an incredibly light set of updates — maybe the fewest number of updates I have ever seen.
There are no zero-days, which is a great finish to 2023, though Windows gets three critical updates and Visual Studio will require immediate attention due to several re-releases of past critical application patches.
The team at Readiness has created a helpful infographic to outline the risks associated with each update in this last release of 2023. One note of caution: we have seen several potential updates to older patches (October/November) potentially coming down the release pipeline from Microsoft. It might be worth checking in during the upcoming holiday break to see whether there are any out-of-band patches for the Windows ecosystem.
PikaBot, a stealthy malware normally distributed via malspam is now being spread via malicious ads.
Read moreGoogle will soon roll out its Tracking Protection feature to some randomly chosen users in order to prepare for a full deployment.
Read more
Credit to Author: Andy Greenberg| Date: Thu, 14 Dec 2023 22:59:59 +0000
Kytch, the company that tried to fix McDonald’s broken ice cream machines, has unearthed a 3-year-old email it says proves claims of an alleged plot to undermine their business.
Read more
Credit to Author: Lily Hay Newman| Date: Thu, 14 Dec 2023 17:22:40 +0000
Ten years in, Microsoft’s DCU has honed its strategy of using both unique legal tactics and the company’s technical reach to disrupt global cybercrime and state-backed actors.
Read moreCredit to Author: Jagir Shastri| Date: Fri, 15 Dec 2023 00:00:00 +0000
In this blog entry, we discuss the technical details of CVE-2023-50164, a critical vulnerability that affects Apache Struts 2 and enables unauthorized path traversal.
Read moreApple has plans to make it harder for iPhone thieves to steal your personal information even if they have your device’s passcode.
Read moreA recently patched Apache Struts 2 vulnerability has been spotted in worldwide exploitation attempts. Users and admins should update ASAP.
Read more