Neowin

OpenAI's ChatGPT was successfully tricked into generating valid activation keys for Windows 95. Although it refused at first, a revised prompt was able to trick the AI without the chatbot realizing.

Sayan Sen · Apr 3, 2023 · Hot! with 12 comments

U.S. federal cybersecurity agency CISA has developed a Python-based utility to detect signs of hacking in Microsoft cloud environments including Microsoft 365, Azure, and Azure Active Directory (AAD).

Usama Jawad · Mar 24, 2023 with 0 comments

SH1MMER, a dangerous new ChromeOS exploit that was released on Friday the 13th, has flown under the radar for two weeks, and there's nothing stopping you from having a little fun with it.

Dean Howell · Jan 30, 2023 · Hot! with 10 comments

Modders have managed to jailbreak the PlayStation 5 using a WebKit exploit in an old PS5 firmware. The exploit is quite limited at this point, but work will likely continue to make it more useful.

Paul Hill · Oct 3, 2022 with 2 comments

This edition of Microsoft Weekly recaps a bunch of Windows 11 2022 Update issues, new features introduced to the Dev Channel, recent capabilities added to Teams, and the death of SwiftKey for iOS.

Usama Jawad · Oct 1, 2022 with 1 comment

Google has revealed an expansion to its Vulnerability Reward Program (VRP). It is designed to encourage privately reporting security flaws in open source software in exchange for monetary rewards.

Usama Jawad · Aug 30, 2022 with 0 comments

The MITRE Corporation has officially declared that Janet Jackson's music video of Rhythm Nation is an exploit. It has assigned it a CVE ID nearly two decades after its initial discovery.

Usama Jawad · Aug 18, 2022 · Hot! with 8 comments

Following in the footsteps of Chrome, Edge has received an update to fix a rather severe 0-day exploit too. This is because the issue affects all browsers based on Chromium, including Edge.

Usama Jawad · Jul 7, 2022 with 3 comments

Google has rolled out security updates for Chrome across various channels to fix a handful of issues, including one 0-day exploit. Details of the problem are private for now but it has high severity.

Usama Jawad · Jul 5, 2022 with 0 comments

This week's digest recaps a hefty amount of news related to Microsoft Edge, some about a Windows 11 Dev Channel build, and an exploit that affects virtually all supported versions of Windows.

Usama Jawad · Jun 4, 2022 with 0 comments

Google has issued a warning about a sophisticated exploit kit being used to target news media, IT, crypto, and fintech personnel. The attackers were reportedly state-sponsored North Korean groups.

Usama Jawad · Mar 24, 2022 with 1 comment

Microsoft has issued an advisory about an Active Directory privilege escalation attack. The vulnerabilities have already been patched but unpatched domain controllers are more at risk now than ever.

Usama Jawad · Dec 21, 2021 · Hot! with 10 comments

Thanks to an as yet undisclosed critical vulnerability in Chrome 96, confirmed to be actively being exploited in the wild, Google is rolling out an update to Chrome 96, which y'all should update to.

Steven Parker · Dec 14, 2021 with 1 comment

Razer has confirmed that it is working on patching an easily exploitable security issue which allows a local attacker to gain admin privileges to your system using just a Razer mouse or a dongle.

Usama Jawad · Aug 23, 2021 · Hot! with 17 comments

Microsoft has released another patch for the critical PrintNightmare vulnerability. It makes major changes to the Point and Print functionality on Windows, and immediate installation is recommended.

Usama Jawad · Aug 10, 2021 · Hot! with 9 comments

Microsoft has confirmed that its update KB5004945 breaks Zebra printers preventing them from working properly. The company will release a new patch within the next few days that will fix the problem.

Sayan Sen · Jul 9, 2021 · Hot! with 13 comments

Despite claims to the contrary, Microsoft says that its PrintNightmare patch works as intended. It states that security researchers who are calling it ineffective are using insecure configurations.

Usama Jawad · Jul 9, 2021 · Hot! with 34 comments

Security researchers are reporting that Microsoft's fix for the PrintNightmare vulnerability that rolled out to most Windows versions is ineffective, and can let attackers completely bypass it.

Abhay V · Jul 7, 2021 · Hot! with 32 comments

Microsoft has offered some further mitigations against the highly dangerous PrintNightmare exploit. The company has also given it a CVSS rating of 8.8/10, which almost awards it "critical" severity.

Usama Jawad · Jul 4, 2021 · Hot! with 12 comments

An exploit called "PrintNightmare" is being investigated by Microsoft. It potentially affects all versions of Windows. U.S. CISA has marked it as "critical" as it can lead to remote code execution.

Usama Jawad · Jul 2, 2021 · Hot! with 20 comments

"Half-double" is a Rowhammer exploit which grants access to wider memory addresses on newer DRAM chips. Malicious code can potentially take control of the full system through this hardware bypass.

Usama Jawad · May 26, 2021 with 6 comments

A security researcher has published code on GitHub that takes advantage of an exploit recently patched by Microsoft. The Redmond firm recommends users install the latest patches to avoid issues.

Subir Kathuria · May 17, 2021 · Hot! with 0 comments

Microsoft has enabled Defender Antivirus to automatically mitigate a recent vulnerability in on-premises Exchange server instances. This acts only as a temporary workaround to break the attack chain.

Usama Jawad · Mar 19, 2021 with 1 comment

The week brought us Ignite news, Exchange on-prem vulnerability news, and even some expected Insider build news. Make sure to catch up with everything that happened via our handy overview.

Florin Bodnarescu · Mar 7, 2021 with 0 comments

Microsoft has revealed that on-premises Exchange servers are under attack from a state-sponsored group operating from China and utilizing 0-day exploits. Exchange Online is safe from the threat.

Usama Jawad · Mar 3, 2021 with 19 comments

Malicious actors, reportedly from North Korea, are targeting security researchers with social engineering attacks using fake social media accounts, exploit claims, and injected malware.

Ather Fawaz · Jan 26, 2021 with 0 comments

According to a report, dozens of journalists - mostly from Al Jazeera - had their iPhones hacked via an Israeli firm's spyware. Four attackers have been linked to the UAE and Saudi Arabia.

Ather Fawaz · Dec 21, 2020 · Hot! with 27 comments

Google has updated the rules for its Chrome Vulnerability Rewards Program, offering bigger bounties and bonuses for security researchers who discover security exploits in Chrome's JavaScript engine.

Usama Jawad · Dec 9, 2020 with 0 comments

Sony is issuing permanent bans to PlayStation 5 owners who are engaging in an exploitative technique of selling access to the PlayStation Plus Collection games available for free on their new console.

Usama Jawad · Nov 27, 2020 · Hot! with 13 comments

Google's Project Zero team has disclosed a zero-day vulnerability in Windows that enables elevated code execution that is currently being exploited. Microsoft is expected to patch the bug next month.

Abhay V · Oct 30, 2020 · Hot! with 20 comments

Twitter has revealed that hackers attempted to match phone numbers to Twitter usernames. It said the hack may have been state-backed, possibly being linked to Iran, Israel, or Malaysia.

Paul Hill · Feb 4, 2020 with 6 comments

A subset of users with sudo access could have run commands restricted to root users by leveraging a discovered exploit in a function return call that changes the user ID in Linux and Unix systems.

Ather Fawaz · Oct 15, 2019 · Hot! with 15 comments

Microsoft has identified and patched two critical vulnerabilities in Windows Remote Desktop Services that affect Windows 7 through 10. The two Bluekeep-like vulnerabilities are also wormable.

Muhammad Jarir Kanji · Aug 13, 2019 · Hot! with 5 comments

CERT-Bund, the computer emergency response team of Germany, has identified a critical security flaw in the popular VLC Media Player that would allow remote code execution and more.

Muhammad Jarir Kanji · Jul 20, 2019 · Hot! with 59 comments

With today's highlighted deal, the gigantic 114-hour track (12 courses) to go from cybersecurity zero to systems security hero can be yours for just $3.25 per course. Save and profit via Neowin Deals!

News Staff · Jul 23, 2019 with 0 comments

A report claims that WhatsApp has been the target of a surveillance attack developed by Israel-based security firm NSO Group. WhatsApp has confirmed the vulnerability and is still investigating.

Usama Jawad · May 14, 2019 · Hot! with 8 comments

Google today revealed that a zero-day vulnerability in Windows 7 was being used in concert with an exploit in its Chrome browser to target users. The company is alerting users to update the browser.

Muhammad Jarir Kanji · Mar 8, 2019 · Hot! with 16 comments

Facebook has updated us on the situation regarding the View As attack that came to light a few weeks ago. Those affected are fewer than thought and those who were will be contacted soon.

Paul Hill · Oct 12, 2018 · Hot! with 12 comments

Facebook has said that it is temporarily disabling the View As feature after it discovered an exploit in the feature which led to attacks against 50 million user accounts. It notified all affected.

Paul Hill · Sep 28, 2018 · Hot! with 18 comments

Zerodium, an exploit vendor, has announced that it sold a Tor Browser vulnerability to governments around the world. Since revealing the exploit, the vulnerability, caused by NoScript, was patched.

Paul Hill · Sep 10, 2018 · Hot! with 0 comments