#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

operating system security | Breaking Cybersecurity News | The Hacker News

Category — operating system security
Windows Downgrade Attack Risks Exposing Patched Systems to Old Vulnerabilities

Windows Downgrade Attack Risks Exposing Patched Systems to Old Vulnerabilities

Aug 08, 2024 Windows Security / Vulnerability
Microsoft said it is developing security updates to address two loopholes that it said could be abused to stage downgrade attacks against the Windows update architecture and replace current versions of the operating system files with older versions. The vulnerabilities are listed below - CVE-2024-38202 (CVSS score: 7.3) - Windows Update Stack Elevation of Privilege Vulnerability CVE-2024-21302 (CVSS score: 6.7) - Windows Secure Kernel Mode Elevation of Privilege Vulnerability Credited with discovering and reporting the flaws is SafeBreach Labs researcher Alon Leviev, who presented the findings at Black Hat USA 2024 and DEF CON 32 . CVE-2024-38202, which is rooted in the Windows Backup component, allows an "attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security (VBS)," the tech giant said. It, however, noted that an attacker attempting to leverage the flaw would have to c
Reminder: Microsoft to end support for Windows 7 in 1-year from today

Reminder: Microsoft to end support for Windows 7 in 1-year from today

Jan 15, 2019
A new reminder for those who are still holding on to the Windows 7 operating system—you have one year left until Microsoft ends support for its 9-year-old operating system. So it's time for you to upgrade your OS and say goodbye to Windows 7, as its five years of extended support will end on January 14, 2020—that's precisely one year from today. After that date, the tech giant will no longer release free security updates, bug fixes and new functionalities for the operating system that's still widely used by people, which could eventually leave a significant number of users more susceptible to malware attacks. However, the end of free support doesn't end Windows 7 support for big business and enterprise customers. As always, Microsoft does make exceptions for certain companies that are willing to pay a lot of money to continue their support. According to a 'Death of Windows 7' report from content delivery firm Kollective, as many as 43% of enterprises
Say Goodbye to Phishing: Must-Haves to Eliminate Credential Theft

Say Goodbye to Phishing: Must-Haves to Eliminate Credential Theft

Sep 13, 2024Device Security / Identity Management
Even as cyber threats become increasingly sophisticated, the number one attack vector for unauthorized access remains phished credentials ( Verizon DBIR, 2024 ). Solving this problem resolves over 80% of your corporate risk, and a solution is possible.  However, most tools available on the market today cannot offer a complete defense against this attack vector because they were architected to deliver probabilistic defenses. Learn more about the characteristics of Beyond Identity that allow us to deliver deterministic defenses.  The Challenge: Phishing and Credential Theft Phishing attacks trick users into revealing their credentials via deceptive sites or messages sent via SMS, email, and/or voice calls. Traditional defenses, such as end-user training or basic multi-factor authentication (MFA), lower the risk at best but cannot eliminate it. Users may still fall prey to scams, and stolen credentials can be exploited. Legacy MFA is a particularly urgent problem, given that attackers
Expert Insights / Articles Videos
Cybersecurity Resources