"Leviev’s findings were shocking to say the least: 'I was able to make a fully patched Windows machine susceptible to thousands of past vulnerabilities, turning fixed vulnerabilities into zero-days and making the term ‘fully patched’ meaningless on any Windows machine in the world.'" Read the latest on Windows Downdate in Forbes: https://hubs.ly/Q02MWKm_0
SafeBreach’s Post
More Relevant Posts
-
🗣#tclabfollowsnews 🚨 Critical Security Alert for Windows Users! 🚨 If you haven't updated your Windows system with the latest patches, now is the time to act! A proof-of-concept (PoC) code has been released, making a critical vulnerability in Windows systems a prime target for attackers. 🛡️ 🔔 What’s Happening? The vulnerability, CVE-2024-38063, carries a CVSS score of 9.8 and affects Windows 10, 11, and Windows Server systems. This flaw allows unauthenticated attackers to remotely run malicious code on an unpatched machine using a specially crafted IPv6 packet. With the recent release of exploit code, the urgency to patch your systems has skyrocketed. This is a zero-click vulnerability, meaning the attack can be executed without user interaction, making it extremely dangerous. The only temporary workaround is disabling IPv6, which isn't practical for most users. The safest course of action is to deploy the August patches immediately. 📢 Expert Insights: The PoC code was released by a coder known as Ynwarcs, who described the exploit as “rather flaky” but still effective under specific conditions. Marcus Hutchins, known for stopping the WannaCry malware, has confirmed how easy it is to exploit this vulnerability, adding to the patch's urgency. 🔗 Read the full article for a detailed breakdown of the vulnerability and its implications: https://lnkd.in/eQzErCmf #tclabnews #testingtools #qaplatform #qualityassurance #softwaretestingplatform #testing #testcasemanagement #testcaselab #news
PoCcode released for zero-click Windows critical vuln
theregister.com
To view or add a comment, sign in
-
🚨 Attention! A new variant of DLL search order hijacking has been identified, circumventing security measures in Windows 10 and 11 🚨 How does it work? 👇 This technique exploits the WinSxS folder, a crucial Windows component, to execute malicious code without elevated privileges. In doing so, it allows attackers to eliminate the need for elevated privileges when attempting to run nefarious code on a compromised machine as well as introduce potentially vulnerable binaries into the attack chain. What can you do? 👇 It's essential to monitor process relationships and activities of binaries in the WinSxS folder. Stay vigilant folks!! Read more here 👇👇 https://lnkd.in/e2NqbciV #windows #windows11 #cyberdefense #cyberawareness
New Variant of DLL Search Order Hijacking Bypasses Windows 10 and 11 Protections
thehackernews.com
To view or add a comment, sign in
-
Windows certutil is a Windows utility that is used by threat actors to, amongst other things, download files. It’s an example of a Living of the Land Binary (LOLBin) that is used during an attack to achieve some malicious goal while using as many native programs as possible. This blog post by Cyber Triage will focus on using certutils to download files and what DFIR artifacts are created from this activity. These artifacts are important because they can provide evidence about tools a threat actor downloaded and used. URL: https://lnkd.in/e_VETcbA #IncidentResponse #Certutils #CyberTriage #OTISPFeeds #DFIR
DFIR Breakdown: Using Certutil To Download Attack Tools
cybertriage.com
To view or add a comment, sign in
-
Experiencing issues with the DNS service on your Windows 11 PC? Don't worry, we've got you covered! Here are some troubleshooting steps you can take to fix the issue: - Check your administrator privileges to ensure you have access to the necessary settings. - Run the built-in network troubleshooter to automatically detect and fix common network-related issues. - Restart the DNS service or check for any policies that might be restricting access to DNS settings. - Run a full system scan to check for any malware infections that might be interfering with your network settings. - Ensure that your Windows 11 operating system is up to date. - Consider resetting your network settings to their default configuration as a last resort. If none of these steps work, seek further assistance from a technical support professional or your network administrator. #Windows11 #DNStroubleshooting #networkingtips
To view or add a comment, sign in
-
Critical Windows Vulnerability Stop what you are doing and make sure your Windows machine is updated! Thankfully this security update does not even need a restart, so nothing should stop you. https://lnkd.in/gDX79euM
Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled, patch now
bleepingcomputer.com
To view or add a comment, sign in
-
#Cybersecurity | Microsoft’s first Patch Tuesday of 2024 has landed with two bugs described as “critical” out of a total of 47 security fixes. The worst is CVE-2024-20674, which is present in Windows Server versions as far back as 2008, as well as Windows 10 and Windows 11. It’s a Kerberos security feature bypass which Microsoft said allows an impersonation attack, and carries a CVSS score of 9.0. https://lnkd.in/giGtNyBn
Microsoft fixes ancient Kerberos impersonation bug
itnews.asia
To view or add a comment, sign in
-
How to protect against BitLocker-bypassing vulnerabilities in Windows recovery partitions https://lnkd.in/euHC2x4s
How to protect against BitLocker-bypassing vulnerabilities in Windows recovery partitions
csoonline.com
To view or add a comment, sign in
-
Windows #Downdate attack totally undermines Windows security; fix not yet ready-“#security of #Windows11 can be undermined by corrupting Windows Update process with a simple edit to the #WindowsRegistry, forcing a downgrade to vulnerable older #versions” #scmagazine
Windows Downdate attack totally undermines Windows security; fix not yet ready
scmagazine.com
To view or add a comment, sign in
-
Data-Driven Leader | Building High-Performing Teams & Delivering Innovative Security Solutions | Ph.D. Candidate (Information Technology)
**Remember that time you thought Windows XP was invincible? Yeah, about that... ** Connecting your XP machine to the internet in 2024 is like leaving your grandma's china cabinet outside during a hurricane. It's not going to end well. ️ This article from XDA-Developers proves that XP and the internet are a match made in malware heaven. Hackers can exploit it faster than you can say "dial-up." In a recent experiment, a brave (or maybe foolish) soul connected an XP machine to the internet. Let's just say it became a virus buffet within minutes. Security software from the XP era is about as useful as a floppy disk in a world of cloud storage. The takeaway? Unless you enjoy nostalgia laced with a heavy dose of security threats, XP and the internet should never meet. ♀️ Upgrade your OS, people! It's the gift that keeps on protecting (unlike that AOL free trial CD ). https://lnkd.in/eu2UCTcD #WindowsXP #RIP #UpgradeYourStuff #MalwareMagnet
Someone connected Windows XP to the internet, and it didn't survive long
xda-developers.com
To view or add a comment, sign in
-
A serious security vulnerability in the Windows Wi-Fi driver, known as CVE-2024-30078, has been fixed by Microsoft. This vulnerability allowed remote code execution through network packets and affected all current versions of Windows and Windows Server. There was no need to have any past access to the target system. The problem was classified as "Important" because to its low attack complexity, even though there were no known active exploits. To stay safe, make sure your systems are up to date! Here is Microsoft Security guide: https://lnkd.in/efACnzsJ And if you are interested to read more: https://lnkd.in/e_Q2Pt4d
To view or add a comment, sign in
20,717 followers