Microsoft says the RansomEXX ransomware gang has been exploiting a high-severity zero-day flaw in the Windows Common Log File System to gain SYSTEM privileges on victims’ systems. […] Go to Source Author: Sergiu Gatlan
Author Archives: Onsite Computing, Inc.
Fortinet has released security updates to address a critical security flaw impacting FortiSwitch that could permit an attacker to make unauthorized password changes. The vulnerability, tracked as CVE-2024-48887, carries a CVSS score of 9.3 out of a maximum of 10.0. “An unverified password change vulnerability [CWE-620] in FortiSwitch GUI may allow a remote unauthenticated attacker […]
Today is Microsoft’s April 2025 Patch Tuesday, which includes security updates for 134 flaws, including one actively exploited zero-day vulnerability. […] Go to Source Author: Lawrence Abrams
Microsoft has released the KB5055518 cumulative update for Windows 10 22H2 and Windows 10 21H2, with nine changes or fixes. […] Go to Source Author: Lawrence Abrams
Microsoft has released Windows 11 KB5055523 and KB5055528 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues. […] Go to Source Author: Mayank Parmar
Unknown attackers who breached the Treasury’s Office of the Comptroller of the Currency (OCC) in June 2023 gained access to over 150,000 emails. […] Go to Source Author: Sergiu Gatlan
Cybersecurity researchers have disclosed details of a now-patched security flaw in the Amazon EC2 Simple Systems Manager (SSM) Agent that, if successfully exploited, could permit an attacker to achieve privilege escalation and code execution. The vulnerability could permit an attacker to create directories in unintended locations on the filesystem, execute arbitrary scripts with root privileges, […]
Meta warned Windows users to update the WhatsApp messaging app to the latest version to patch a vulnerability that can let attackers execute malicious code on their devices. […] Go to Source Author: Sergiu Gatlan
Neither security issue requires user interaction; and one of the vulnerabilities was used to unlock a student activist’s device in an attempt to install spyware. Go to Source Author: Kristina Beek, Associate Editor, Dark Reading
Threat actors have been observed distributing malicious payloads such as cryptocurrency miner and clipper malware via SourceForge, a popular software hosting service, under the guise of cracked versions of legitimate applications like Microsoft Office. “One such project, officepackage, on the main website sourceforge.net, appears harmless enough, containing Microsoft Office add-ins copied from a Go to […]