NewApp Digest
search bot

vulnerability

This local privilege escalation vulnerability in iTunes could spell big trouble for Windows users
Winsage
November 3, 2024

This local privilege escalation vulnerability in iTunes could spell big trouble for Windows users

Cyfirma Research has identified a security vulnerability in iTunes for Windows, designated as CVE-2024-44193, which allows attackers to escalate privileges on systems running versions 12.13.2.3 and earlier. This local privilege escalation vulnerability arises from improper permission management related to the AppleMobileDeviceService.exe, enabling attackers to manipulate files in the C:ProgramDataAppleLockdown directory. The exploitation is straightforward, involving tools like NTFS junctions and opportunistic locks to gain elevated access. Organizations are advised to update iTunes to version 12.13.3 or later to mitigate this risk. Although there is no current evidence of active exploitation, the vulnerability poses a significant threat, particularly to sectors reliant on Windows-based systems, such as media, education, government, and corporate environments.
The best antivirus software options
Tech Optimizer
November 3, 2024

The best antivirus software options

All products featured are independently selected by editors and writers, and Mashable may earn an affiliate commission from purchases made through links on their site. Antivirus software is designed to identify and eliminate viruses and malware, preventing potential damage to devices. Malware is a broad category that includes viruses, which are a subset of malware. Computer viruses replicate and spread across devices, infecting applications and emails, and can cause various types of damage. Anti-malware software offers broader protection against a variety of attacks compared to antivirus software. Key features to consider when selecting antivirus software include phishing protection, spyware and adware scanning, on-demand malware scans, and vulnerability scanning. It is advisable to upgrade from pre-installed antivirus software to more advanced solutions. Investing in quality antivirus software is important for protecting computers and sensitive data.
New Microsoft Windows Attacks—Stop Doing This Now, US Government Warns Users
Winsage
November 3, 2024

New Microsoft Windows Attacks—Stop Doing This Now, US Government Warns Users

The FBI has warned users about vulnerabilities in popular webmail accounts, highlighting risks to passwords and multifactor authentication (MFA) due to emerging cyber threats. The Cybersecurity and Infrastructure Security Agency (CISA) has advised Windows users to reconsider SMS-based MFA. CISA's guidance targets Chief Information Security Officers (CISOs) and enterprise users, emphasizing a sophisticated spear-phishing campaign affecting various sectors, including government and IT. Spear phishing, although less than 0.1% of phishing emails, accounts for 66% of successful breaches, with average costs of USD 4.76 million and potential losses up to USD 100 million. CISA notes that foreign threat actors often impersonate trusted entities and use malicious remote desktop protocol (RDP) files to gain unauthorized access. CISA has recommended ten security measures for organizations, including restricting outbound RDP connections, blocking RDP files, enabling MFA, and adopting phishing-resistant authentication methods. CISA advises against SMS-based MFA due to its vulnerability to SIM-jacking attacks. Kaspersky has raised concerns about SIM swap fraud, particularly in areas with high smartphone usage. Organizations are encouraged to use stronger MFA alternatives, such as software authenticators or passkeys.
Take action now to plug Windows Themes vulnerability, says expert
Winsage
November 1, 2024

Take action now to plug Windows Themes vulnerability, says expert

A significant security vulnerability has been discovered in Windows operating systems due to the use of the outdated NTLM password hashing method. This vulnerability affects all Windows client versions starting from Windows 7, leaving a large number of users at risk. Exploiting the vulnerability does not require special privileges, allowing a wide range of attackers to capture NTLM authentication hashes, which can lead to further security breaches. The vulnerability can be triggered easily by viewing a malicious theme file in Windows Explorer, and users may unknowingly activate it through automatic downloads.
New Microsoft Password Hack Uses Windows Themes 0-Day
Winsage
October 31, 2024

New Microsoft Password Hack Uses Windows Themes 0-Day

Researchers from 0patch discovered a new zero-day vulnerability, CVE-2024-38030, while developing a micropatch for an existing Windows security flaw, CVE-2024-21320, which allowed attackers to extract NT Lan Manager user credentials through malicious Windows theme files. Microsoft’s patch for CVE-2024-21320 did not fully address all potential credential leakage scenarios, prompting the identification of the new vulnerability. 0patch created a more general patch for Windows theme files that covers all execution paths leading to credential leakage. Microsoft has acknowledged the new vulnerability and is working on a fix, but an official patch has not yet been released. Meanwhile, 0patch users can install a micropatch to protect their systems.
New Windows Theme Zero-Day Vulnerability Let Attackers Steal Credentials
Winsage
October 31, 2024

New Windows Theme Zero-Day Vulnerability Let Attackers Steal Credentials

Security researchers at Acros have identified a new zero-day vulnerability (CVE-2024-38030) related to Windows theme files that can lead to the potential exposure of NTLM credentials. This vulnerability affects multiple Windows platforms, including Windows 11 (version 24H2). The issue arises when a theme file specifies a network file path for certain properties, causing Windows to send authenticated network requests to remote hosts, which can result in credential leaks if a malicious theme file is used. Microsoft issued a patch for an earlier related vulnerability (CVE-2024-21320), but researchers found it insufficient for systems that had stopped receiving updates. A more comprehensive patch has been developed by researchers to address all execution paths that could lead to credential leaks, and users of the micropatch service 0patch are currently protected against this vulnerability. The micropatches are available for all supported Windows versions and some legacy versions, specifically for Windows Workstation, and not for Windows Server.
Windows Themes 0-day opens door to NTLM credential theft
Winsage
October 31, 2024

Windows Themes 0-day opens door to NTLM credential theft

A new zero-day vulnerability has been identified that targets Windows Themes, allowing attackers to steal NTLM credentials. Acros Security has released a complimentary micropatch to address this issue. The vulnerability, identified as CVE-2024-38030, allows exploitation through a malicious theme file that tricks users into transmitting their NTLM credentials. This flaw affects all fully updated Windows versions, including Windows 11 24H2. Acros Security has reported the vulnerability to Microsoft and has created micropatches for both legacy and currently supported Windows versions. User interaction is required for the exploit to be successful, such as downloading the malicious theme file from an email or website. Users are advised to apply the micropatches promptly to improve their security.
New Zero-Day Vulnerability in Windows Themes Threatens NTLM Security - SOCRadar® Cyber Intelligence Inc.
Winsage
October 30, 2024

New Zero-Day Vulnerability in Windows Themes Threatens NTLM Security – SOCRadar® Cyber Intelligence Inc.

A newly identified zero-day vulnerability in Windows Themes files allows attackers to exploit NTLM credential leaks by simply having a malicious theme file viewed in Windows Explorer. This vulnerability, reported by ACROS Security, affects fully updated Windows systems, including Windows 11 24H2, and enables remote credential theft without user interaction. Microsoft previously addressed a related issue with a patch for CVE-2024-21320, but researchers discovered that attackers could bypass this fix, leading to the emergence of CVE-2024-38030. ACROS Security has released a temporary micropatch via their 0patch service to prevent NTLM leaks by accurately detecting network paths within theme files. The vulnerability allows attackers to execute NTLM relay and pass-the-hash attacks across multiple Windows versions, from Windows 7 to Windows 11 24H2. A demonstration showed that transferring a malicious theme file to an unpatched PC triggers a network connection that sends NTLM credentials to the attacker, while the micropatch blocks this connection.
Microsoft Update Warning—400 Million Windows PCs Now At Risk
Winsage
October 30, 2024

Microsoft Update Warning—400 Million Windows PCs Now At Risk

Approximately 400 million users are at risk as vulnerabilities in Windows resurface, prompting warnings for immediate action to protect PCs and personal data. The public interest advocacy group PIRG is urging Microsoft to extend Windows 10 support to all users, as the current support for educational institutions will end in one year, potentially rendering many computers obsolete. Microsoft has provided extended support options for educational institutions, allowing them to maintain security for an additional three years at a nominal fee, but details for consumer options remain undisclosed. A significant vulnerability, referred to as a "downdate" threat, remains unpatched, and a new Windows Theme vulnerability has been classified as a zero-day threat. PIRG is advocating for automatic extensions of essential security updates for Windows 10 to prevent a surge of electronic waste and enhance security for users.
Search