#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

windows font | Breaking Cybersecurity News | The Hacker News

Warning — Two Unpatched Critical 0-Day RCE Flaws Affect All Windows Versions

Warning — Two Unpatched Critical 0-Day RCE Flaws Affect All Windows Versions
Mar 23, 2020
Microsoft today issued a new security advisory warning billions of Windows users of two new critical, unpatched zero-day vulnerabilities that could let hackers remotely take complete control over targeted computers. According to Microsoft , both unpatched flaws are being used in limited, targeted attacks and impact all supported versions of the Windows operating system—including Windows 10, 8.1 and Server 2008, 2012, 2016, and 2019 editions, as well as Windows 7 for which Microsoft ended its support on January 14, 2020. Both vulnerabilities reside in the Windows Adobe Type Manager Library , a font parsing software that not only parses content when open with a 3rd-party software but also used by Windows Explorer to display the content of a file in the 'Preview Pane' or 'Details Pane' without having users to open it. The flaws exist in Microsoft Windows when the Adobe Type Manager Library improperly "handles a specially-crafted multi-master font - Adobe Type

Warning: Your Windows PC Can Get Hacked by Just Visiting a Site

Warning: Your Windows PC Can Get Hacked by Just Visiting a Site
Apr 10, 2018
Can you get hacked just by clicking on a malicious link or opening a website? — YES . Microsoft has just released its April month's Patch Tuesday security updates, which addresses multiple critical vulnerabilities in its Windows operating systems and other products, five of which could allow an attacker to hack your computer by just tricking you visit a website. Microsoft has patched five critical vulnerabilities in Windows Graphics Component that reside due to improper handling of embedded fonts by the Windows font library and affects all versions of Windows operating systems to date, including Windows 10 / 8.1 / RT 8.1 / 7, Windows Server 2008 / 2012 / 2016. An attacker can exploit these issues by tricking an unsuspecting user to open a malicious file or a specially crafted website with the malicious font, which if open in a web browser, would hand over control of the affected system to the attacker. All these five vulnerabilities in Windows Microsoft Graphics were dis

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future
Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
Cybersecurity Resources