Neowin

Following in the footsteps of Chrome, Edge has received an update to fix a rather severe 0-day exploit too. This is because the issue affects all browsers based on Chromium, including Edge.

Usama Jawad · Jul 7, 2022 with 3 comments

Google has rolled out security updates for Chrome across various channels to fix a handful of issues, including one 0-day exploit. Details of the problem are private for now but it has high severity.

Usama Jawad · Jul 5, 2022 with 0 comments

This week's digest recaps a hefty amount of news related to Microsoft Edge, some about a Windows 11 Dev Channel build, and an exploit that affects virtually all supported versions of Windows.

Usama Jawad · Jun 4, 2022 with 0 comments

Google has issued a warning about a sophisticated exploit kit being used to target news media, IT, crypto, and fintech personnel. The attackers were reportedly state-sponsored North Korean groups.

Usama Jawad · Mar 24, 2022 with 1 comment

Microsoft has issued an advisory about an Active Directory privilege escalation attack. The vulnerabilities have already been patched but unpatched domain controllers are more at risk now than ever.

Usama Jawad · Dec 21, 2021 · Hot! with 10 comments

Thanks to an as yet undisclosed critical vulnerability in Chrome 96, confirmed to be actively being exploited in the wild, Google is rolling out an update to Chrome 96, which y'all should update to.

Steven Parker · Dec 14, 2021 with 1 comment

Razer has confirmed that it is working on patching an easily exploitable security issue which allows a local attacker to gain admin privileges to your system using just a Razer mouse or a dongle.

Usama Jawad · Aug 23, 2021 with 17 comments

Microsoft has released another patch for the critical PrintNightmare vulnerability. It makes major changes to the Point and Print functionality on Windows, and immediate installation is recommended.

Usama Jawad · Aug 10, 2021 · Hot! with 9 comments

Microsoft has confirmed that its update KB5004945 breaks Zebra printers preventing them from working properly. The company will release a new patch within the next few days that will fix the problem.

Sayan Sen · Jul 9, 2021 · Hot! with 13 comments

Despite claims to the contrary, Microsoft says that its PrintNightmare patch works as intended. It states that security researchers who are calling it ineffective are using insecure configurations.

Usama Jawad · Jul 9, 2021 · Hot! with 34 comments

Security researchers are reporting that Microsoft's fix for the PrintNightmare vulnerability that rolled out to most Windows versions is ineffective, and can let attackers completely bypass it.

Abhay V · Jul 7, 2021 · Hot! with 32 comments

Microsoft has offered some further mitigations against the highly dangerous PrintNightmare exploit. The company has also given it a CVSS rating of 8.8/10, which almost awards it "critical" severity.

Usama Jawad · Jul 4, 2021 · Hot! with 12 comments

An exploit called "PrintNightmare" is being investigated by Microsoft. It potentially affects all versions of Windows. U.S. CISA has marked it as "critical" as it can lead to remote code execution.

Usama Jawad · Jul 2, 2021 · Hot! with 20 comments

"Half-double" is a Rowhammer exploit which grants access to wider memory addresses on newer DRAM chips. Malicious code can potentially take control of the full system through this hardware bypass.

Usama Jawad · May 26, 2021 with 6 comments

A security researcher has published code on GitHub that takes advantage of an exploit recently patched by Microsoft. The Redmond firm recommends users install the latest patches to avoid issues.

Subir Kathuria · May 17, 2021 with 0 comments

Microsoft has enabled Defender Antivirus to automatically mitigate a recent vulnerability in on-premises Exchange server instances. This acts only as a temporary workaround to break the attack chain.

Usama Jawad · Mar 19, 2021 with 1 comment

The week brought us Ignite news, Exchange on-prem vulnerability news, and even some expected Insider build news. Make sure to catch up with everything that happened via our handy overview.

Florin Bodnarescu · Mar 7, 2021 with 0 comments

Microsoft has revealed that on-premises Exchange servers are under attack from a state-sponsored group operating from China and utilizing 0-day exploits. Exchange Online is safe from the threat.

Usama Jawad · Mar 3, 2021 with 19 comments

Malicious actors, reportedly from North Korea, are targeting security researchers with social engineering attacks using fake social media accounts, exploit claims, and injected malware.

Ather Fawaz · Jan 26, 2021 with 0 comments

According to a report, dozens of journalists - mostly from Al Jazeera - had their iPhones hacked via an Israeli firm's spyware. Four attackers have been linked to the UAE and Saudi Arabia.

Ather Fawaz · Dec 21, 2020 · Hot! with 27 comments

Google has updated the rules for its Chrome Vulnerability Rewards Program, offering bigger bounties and bonuses for security researchers who discover security exploits in Chrome's JavaScript engine.

Usama Jawad · Dec 9, 2020 with 0 comments

Sony is issuing permanent bans to PlayStation 5 owners who are engaging in an exploitative technique of selling access to the PlayStation Plus Collection games available for free on their new console.

Usama Jawad · Nov 27, 2020 · Hot! with 14 comments

Google's Project Zero team has disclosed a zero-day vulnerability in Windows that enables elevated code execution that is currently being exploited. Microsoft is expected to patch the bug next month.

Abhay V · Oct 30, 2020 · Hot! with 20 comments

Twitter has revealed that hackers attempted to match phone numbers to Twitter usernames. It said the hack may have been state-backed, possibly being linked to Iran, Israel, or Malaysia.

Paul Hill · Feb 4, 2020 with 6 comments

A subset of users with sudo access could have run commands restricted to root users by leveraging a discovered exploit in a function return call that changes the user ID in Linux and Unix systems.

Ather Fawaz · Oct 15, 2019 · Hot! with 15 comments

Microsoft has identified and patched two critical vulnerabilities in Windows Remote Desktop Services that affect Windows 7 through 10. The two Bluekeep-like vulnerabilities are also wormable.

Muhammad Jarir Kanji · Aug 13, 2019 · Hot! with 5 comments

CERT-Bund, the computer emergency response team of Germany, has identified a critical security flaw in the popular VLC Media Player that would allow remote code execution and more.

Muhammad Jarir Kanji · Jul 20, 2019 · Hot! with 59 comments

With today's highlighted deal, the gigantic 114-hour track (12 courses) to go from cybersecurity zero to systems security hero can be yours for just $3.25 per course. Save and profit via Neowin Deals!

News Staff · Jul 23, 2019 with 0 comments

A report claims that WhatsApp has been the target of a surveillance attack developed by Israel-based security firm NSO Group. WhatsApp has confirmed the vulnerability and is still investigating.

Usama Jawad · May 14, 2019 · Hot! with 8 comments

Google today revealed that a zero-day vulnerability in Windows 7 was being used in concert with an exploit in its Chrome browser to target users. The company is alerting users to update the browser.

Muhammad Jarir Kanji · Mar 8, 2019 · Hot! with 16 comments

Facebook has updated us on the situation regarding the View As attack that came to light a few weeks ago. Those affected are fewer than thought and those who were will be contacted soon.

Paul Hill · Oct 12, 2018 · Hot! with 12 comments

Facebook has said that it is temporarily disabling the View As feature after it discovered an exploit in the feature which led to attacks against 50 million user accounts. It notified all affected.

Paul Hill · Sep 28, 2018 · Hot! with 18 comments

Zerodium, an exploit vendor, has announced that it sold a Tor Browser vulnerability to governments around the world. Since revealing the exploit, the vulnerability, caused by NoScript, was patched.

Paul Hill · Sep 10, 2018 · Hot! with 0 comments

An ambitious smartphone hack described by researchers would allow an attacker to accurately recreate what you're doing on the phone by taking into account how much battery power each action consumes.

Muhammad Jarir Kanji · Jun 25, 2018 · Hot! with 10 comments

A code execution vulnerability in Windows 10 allowed Cortana to be duped into running PowerShell scripts even while a device was locked by leveraging a combination of voice and context menu commands.

Muhammad Jarir Kanji · Jun 12, 2018 · Hot! with 11 comments

Researchers today warned that a critical flaw in OpenPGP and S/MIME encryption tools could leave your electronic communications at risk, allowing attackers to read encrypted emails in plaintext form.

Muhammad Jarir Kanji · May 14, 2018 · Hot! with 8 comments

While prior homebrew software efforts focused on firmware 3.0.0 for the Switch, a bootROM coding oversight within its embedded Tegra processor may blow the door wide open for all current models.

Boyd Chan · Apr 25, 2018 · Hot! with 13 comments

Microsoft has released an emergency Windows update for Windows 7 and Windows Server 2008 R2 systems to fix a serious memory bug that was introduced after a bungled Meltdown patch in January.

Usama Jawad · Mar 30, 2018 · Hot! with 10 comments

It appears that Control Flow Guard (CFG) in Windows 8.1 and 10 can be bypassed, effectively putting 500 million computers at risk. Microsoft is investigating the issue and should have a fix soon.

Usama Jawad · Mar 7, 2018 · Hot! with 27 comments

Having initially rolled out a buggy Spectre patch, Intel has now released an updated patch for Skylake CPUs. The updates will be made available through OEM updates so make sure to update soon.

Faheemmuddeen Patel · Feb 8, 2018 · Hot! with 9 comments