Razer has confirmed that it is working on patching an easily exploitable security issue which allows a local attacker to gain admin privileges to your system using just a Razer mouse or a dongle.
Microsoft has released another patch for the critical PrintNightmare vulnerability. It makes major changes to the Point and Print functionality on Windows, and immediate installation is recommended.
Microsoft has confirmed that its update KB5004945 breaks Zebra printers preventing them from working properly. The company will release a new patch within the next few days that will fix the problem.
Despite claims to the contrary, Microsoft says that its PrintNightmare patch works as intended. It states that security researchers who are calling it ineffective are using insecure configurations.
Security researchers are reporting that Microsoft's fix for the PrintNightmare vulnerability that rolled out to most Windows versions is ineffective, and can let attackers completely bypass it.
Microsoft has offered some further mitigations against the highly dangerous PrintNightmare exploit. The company has also given it a CVSS rating of 8.8/10, which almost awards it "critical" severity.
An exploit called "PrintNightmare" is being investigated by Microsoft. It potentially affects all versions of Windows. U.S. CISA has marked it as "critical" as it can lead to remote code execution.
"Half-double" is a Rowhammer exploit which grants access to wider memory addresses on newer DRAM chips. Malicious code can potentially take control of the full system through this hardware bypass.
A security researcher has published code on GitHub that takes advantage of an exploit recently patched by Microsoft. The Redmond firm recommends users install the latest patches to avoid issues.
Microsoft has enabled Defender Antivirus to automatically mitigate a recent vulnerability in on-premises Exchange server instances. This acts only as a temporary workaround to break the attack chain.
The week brought us Ignite news, Exchange on-prem vulnerability news, and even some expected Insider build news. Make sure to catch up with everything that happened via our handy overview.
Microsoft has revealed that on-premises Exchange servers are under attack from a state-sponsored group operating from China and utilizing 0-day exploits. Exchange Online is safe from the threat.
Malicious actors, reportedly from North Korea, are targeting security researchers with social engineering attacks using fake social media accounts, exploit claims, and injected malware.
According to a report, dozens of journalists - mostly from Al Jazeera - had their iPhones hacked via an Israeli firm's spyware. Four attackers have been linked to the UAE and Saudi Arabia.
Sony is issuing permanent bans to PlayStation 5 owners who are engaging in an exploitative technique of selling access to the PlayStation Plus Collection games available for free on their new console.
Google's Project Zero team has disclosed a zero-day vulnerability in Windows that enables elevated code execution that is currently being exploited. Microsoft is expected to patch the bug next month.
Twitter has revealed that hackers attempted to match phone numbers to Twitter usernames. It said the hack may have been state-backed, possibly being linked to Iran, Israel, or Malaysia.
A subset of users with sudo access could have run commands restricted to root users by leveraging a discovered exploit in a function return call that changes the user ID in Linux and Unix systems.
Microsoft has identified and patched two critical vulnerabilities in Windows Remote Desktop Services that affect Windows 7 through 10. The two Bluekeep-like vulnerabilities are also wormable.
CERT-Bund, the computer emergency response team of Germany, has identified a critical security flaw in the popular VLC Media Player that would allow remote code execution and more.
With today's highlighted deal, the gigantic 114-hour track (12 courses) to go from cybersecurity zero to systems security hero can be yours for just $3.25 per course. Save and profit via Neowin Deals!
A report claims that WhatsApp has been the target of a surveillance attack developed by Israel-based security firm NSO Group. WhatsApp has confirmed the vulnerability and is still investigating.
Google today revealed that a zero-day vulnerability in Windows 7 was being used in concert with an exploit in its Chrome browser to target users. The company is alerting users to update the browser.
Facebook has updated us on the situation regarding the View As attack that came to light a few weeks ago. Those affected are fewer than thought and those who were will be contacted soon.
Facebook has said that it is temporarily disabling the View As feature after it discovered an exploit in the feature which led to attacks against 50 million user accounts. It notified all affected.
Zerodium, an exploit vendor, has announced that it sold a Tor Browser vulnerability to governments around the world. Since revealing the exploit, the vulnerability, caused by NoScript, was patched.
An ambitious smartphone hack described by researchers would allow an attacker to accurately recreate what you're doing on the phone by taking into account how much battery power each action consumes.
A code execution vulnerability in Windows 10 allowed Cortana to be duped into running PowerShell scripts even while a device was locked by leveraging a combination of voice and context menu commands.
Researchers today warned that a critical flaw in OpenPGP and S/MIME encryption tools could leave your electronic communications at risk, allowing attackers to read encrypted emails in plaintext form.
While prior homebrew software efforts focused on firmware 3.0.0 for the Switch, a bootROM coding oversight within its embedded Tegra processor may blow the door wide open for all current models.
Microsoft has released an emergency Windows update for Windows 7 and Windows Server 2008 R2 systems to fix a serious memory bug that was introduced after a bungled Meltdown patch in January.
It appears that Control Flow Guard (CFG) in Windows 8.1 and 10 can be bypassed, effectively putting 500 million computers at risk. Microsoft is investigating the issue and should have a fix soon.
Having initially rolled out a buggy Spectre patch, Intel has now released an updated patch for Skylake CPUs. The updates will be made available through OEM updates so make sure to update soon.
Ledger's software wallets are vulnerable to an exploit which could see your bitcoins get surreptitiously sent to a hacker. The firm said that it doesn't plan to fix the issue but will raise awareness.
Microsoft this weekend issued an emergency update to abide by Intel's advisory requesting users to not not install a buggy Spectre mitigation that was causing systems to crash unexpectedly.
For those hoping to see backward compatible games coming to the latest generation PlayStation console, might be interested to see how the hacking community is working to make this happen.
A Chinese security researcher submitted two bugs to Google back in August 2017 that, combined, could allow the remote injection of arbitrary code into Android devices. Both bugs are already patched.
In a blog post, the company's Executive Vice President Navin Shenoy admitted that further testing revealed a bug causing patched systems to reboot more frequently, also affects newer processors.
A new lawsuit filed in the United States claims malfeasance on the smartphone maker's part by not informing its users of the existence of these processor vulnerabilities at an earlier date.