article thumbnail

Windows Smart App Control, SmartScreen bypass exploited since 2018

Bleeping Computer

A design flaw in Windows Smart App Control and SmartScreen that enables attackers to launch programs without triggering security warnings has been under exploitation since at least 2018. [.]

122
122
article thumbnail

Hackers exploit 2018 ThinkPHP flaws to install ‘Dama’ web shells

Bleeping Computer

Chinese threat actors are targeting ThinkPHP applications vulnerable to CVE-2018-20062 and CVE-2019-9082 to install a persistent web shell named Dama. [.]

100
100
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Patch Tuesday, December 2018 Edition

Krebs on Security

Microsoft patched a zero-day flaw that is already being exploited ( CVE-2018-8611 ) and allows an attacker to elevate their privileges on a host system. Similarly, CVE-2018-8628 is flaw in all supported versions of PowerPoint which is also likely to be used by attackers. Ghacks writeup on December 2018 Patch Tuesday.

Software 187
article thumbnail

Patch Tuesday, October 2018 Edition

Krebs on Security

The zero-day bug — CVE-2018-8453 — affects Windows versions 7, 8.1, Another vulnerability patched on Tuesday — CVE-2018-8423 — was publicly disclosed last month along with sample exploit code. 10 and Server 2008, 2012, 2016 and 2019.

Software 203
article thumbnail

Patch Tuesday, November 2018 Edition

Krebs on Security

This week’s patch batch addresses two flaws of particular urgency: One is a zero-day vulnerability ( CVE-2018-8589 ) that is already being exploited to compromise Windows 7 and Server 2008 systems.

article thumbnail

Zales.com Leaked Customer Data, Just Like Sister Firms Jared, Kay Jewelers Did in 2018

Krebs on Security

In December 2018, bling vendor Signet Jewelers fixed a weakness in their Kay Jewelers and Jared websites that exposed the order information for all of their online customers. This week, Signet subsidiary Zales.com updated its website to remediate a nearly identical customer data exposure.

Scams 271
article thumbnail

Threat Modeling in 2018 (video release)

Adam Shostack

Blackhat has released all the 2018 US conference videos. My threat modeling in 2018 video is, of course, amongst them. Slides are linked here.

140
140