Researchers published an exploit for an actively exploited Microsoft Windows vulnerability tracked as CVE-2023-29336. The Microsoft Windows vulnerability CVE-2023-29336 (CVSS score 7.8) is an elevation of privilege issue that resides in the Win32k component. Win32k.sys is a system driver file in the Windows operating system. The driver is responsible for

Beta software is pre-release software, designed for developers to test against their apps to ensure that everything runs smoothly. It is also used internally to check for bugs and compatibility. If you’re really into your Apple products, and like to be the first to try out what’s new, you may have signed up for Apple’s public beta release

Apple has given a preview of this year’s Mac operating system, macOS Sonoma, which has plenty of cool new features, from Safari enhancements to new screensavers, from video conferencing to improved gameplay. Here are 10 of the best features in macOS Sonoma that you’ll be able to try out in the fall. 1. Desktop widgetsmacOS Ventura lets you conf

North Korea-linked APT Kimsuky has been linked to a social engineering campaign aimed at experts in North Korean affairs. SentinelLabs researchers uncovered a social engineering campaign by the North Korea-linked APT group Kimsuky that is targeting experts in North Korean affairs. The attacks are part of a broader campaign recently detailed in a joint adv

Pflegia, a German healthcare recruitment platform, has exposed hundreds of thousands of files with sensitive user data such as names, home addresses, and emails. Scouting for a new career can be stressful. Now imagine that, instead of a new role, you find that your resume data was exposed. That’s what job seekers using Pflegia’s services are dealing with.

Cisco addressed a high-severity flaw in Cisco Secure Client that can allow attackers to escalate privileges to the SYSTEM account. Cisco has fixed a high-severity vulnerability, tracked as CVE-2023-20178 (CVSS Score 7.8), found in Cisco Secure Client (formerly AnyConnect Secure Mobility Client) that can be exploited by low-privileged, authenticated, local

We look at what Apple presented at this year’s worldwide developers conference. We discussed the key features in macOS Sonoma, iOS 17, and iPadOS 17, and we talk a bit about Apple’s new Vision Pro AR/VR headset. We also discuss some recent Chrome vulnerabilities.There’s another actively exploited vulnerability in Chromium-based browsers34 more ma

Barracuda warns customers to immediately replace Email Security Gateway (ESG) appliances impacted by the flaw CVE-2023-2868. At the end of May, the network security solutions provider Barracuda warned customers that some of its Email Security Gateway (ESG) appliances were recently breached by threat actors exploiting a now-patched zero-day vulnerability.

Microsoft is counting the cost of privacy violations, with $20m in fines related to illegal data collection from children’s Xbox accounts. The Xbox manufacturer has reached a settlement with the Federal Trade Commision (FTC), a result which promises to have other console developers looking closely at their privacy policies. The FTC’s release

Online criminals are notorious for lurking on social media sites and tricking users into visiting malicious links. We recently observed a scheme where Facebook users are clicking on posts that lead to external websites set up for the sole purpose of scamming them out of hundreds of dollars via fake browser alerts. What is unique

Qualys Security AdvisoryLPE and RCE in RenderDoc: CVE-2023-33865, CVE-2023-33864, CVE-2023-33863========================================================================Contents========================================================================SummaryCVE-2023-33865, a symlink vulnerability in /tmp/RenderDoc- Analysis- ExploitationCVE-2023-33864, an integ

Hi @ll,about a month ago Microsoft published HVCIScan-{amd,arm}64.exe, a"Tool to check devices for compatibility with memory integrity (HVCI)"The "Install instructions" on the download page<https://www.microsoft.com/en-us/download/105217> tell:| Download the hvciscan.exe for your system architecture (AMD64 or ARM64).| From an elevat

Virtualization giant VMware addressed critical and high-severity vulnerabilities in VMware Aria Operations for Networks. Virtualization technology giant VMware released security patches to address three critical and high-severity vulnerabilities, tracked as CVE-2023-20887, CVE-2023-20888, CVE-2023-20889, in VMware Aria Operations for Networks. VMware A

Starting a business is like embarking on a thrilling adventure. It’s a journey filled with excitement, challenges, and endless possibilities.  Just like raising a child, a startup requires nurturing, dedication, and careful attention to every aspect of its growth. As a startup owner, you invest your heart and soul into building a strong and suc

Clop ransomware group claims to have hacked hundreds of companies globally by exploiting MOVEit Transfer vulnerability. The Clop ransomware group may have compromised hundreds of companies worldwide by exploiting a vulnerability in MOVEit Transfer software. MOVEit Transfer is a managed file transfer that is used by enterprises to securely transfer fi