#markoftheweb — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #markoftheweb, aggregated by home.social.
-
Take heed, traveler, those that are marked by the Web are everywhere.
They can be friends, acquaintances, or even family. Stay vigilant.
-
7-Zip: Mark-of-the-Web-Lücke wurde von Angreifern missbraucht | Security https://www.heise.de/news/7-Zip-Mark-of-the-Web-Luecke-wurde-von-Angreifern-missbraucht-10269973.html #MarkOfTheWeb #MotW #exploit #7zip #Patchday
-
Bug Left Some Windows PCs Dangerously Unpatched
https://krebsonsecurity.com/2024/09/bug-left-some-windows-pcs-dangerously-unpatched/
#PatchTuesdaySeptember2024 #MicrosoftOffice #CVE-2024-38217 #CVE-2024-38226 #CVE-2024-43491 #ImmersiveLabs #markoftheweb #SatnamNarang #TimetoPatch #microsoft #KevBreen #Rapid7
-
Six 0-Days Lead Microsoft’s August 2024 Patch Push https://krebsonsecurity.com/2024/08/six-0-days-lead-microsofts-august-2024-patch-push/ #ZeroDayInitiative #MicrosoftProject #CVE-2024-38106 #CVE-2024-38107 #CVE-2024-38178 #CVE-2024-38189 #CVE-2024-38193 #CVE-2024-38213 #markoftheweb #TimetoPatch #WindowsEdge #KevBreen
-
Six 0-Days Lead Microsoft’s August 2024 Patch Push
https://krebsonsecurity.com/2024/08/six-0-days-lead-microsofts-august-2024-patch-push/
#ZeroDayInitiative #MicrosoftProject #CVE-2024-38106 #CVE-2024-38107 #CVE-2024-38178 #CVE-2024-38189 #CVE-2024-38193 #CVE-2024-38213 #markoftheweb #TimetoPatch #WindowsEdge #KevBreen
-
Another Zero Day Initiative security advisory, since RARLAB failed to include the CVE ID in their release notes: CVE-2024-30370 (4.3 medium, CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability. I'm not a betting man, but I can see threat actors utilizing this quickly based on historical abuse. 🔗 https://www.zerodayinitiative.com/advisories/ZDI-24-357/ and https://www.rarlab.com/rarnew.htm#27.%20Busgs%20fixed
This vulnerability allows remote attackers to bypass the Mark-Of-The-Web protection mechanism on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must perform a specific action on a malicious page.
The specific flaw exists within the archive extraction functionality. A crafted archive entry can cause the creation of an arbitrary file without the Mark-Of-The-Web. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current user.
-
CW: Windows zero-day
Reading up on some #infosec news after three crazy days of moving (reminder: never move) and came across the most amazing attribute name Windows gives to files from untrusted remote locations:
Mark of the Web.
But when you open such a file, you only see a boring 'Security Warning' popup.
Why not just have burning flames, cackling demons and blood-red dripping capital letters shouting "WARNING! THIS FILE BEARS THE MARK OF THE WEB!" Missed opportunity!
Also, excuse my noobness if Mark of the Web is something I should TOTALLY know about already, sheesh.
#markoftheweb #cybersecurity #bleepingcomputer #zeroday #malware -
📬 Windows: Zero-Day-Lücke lässt QBot Dein System infiltrieren
#Hacking #Malware #MarkoftheWeb #PhishingMail #QBot #Signaturblock #SmartScreen #windows #ZeroDayLücke https://tarnkappe.info/artikel/malware/windows-zero-day-luecke-laesst-qbot-dein-system-infiltrieren-259367.html -
📬 Windows: Zero-Day-Lücke lässt QBot Dein System infiltrieren
#Hacking #Malware #MarkoftheWeb #PhishingMail #QBot #Signaturblock #SmartScreen #windows #ZeroDayLücke https://tarnkappe.info/artikel/malware/windows-zero-day-luecke-laesst-qbot-dein-system-infiltrieren-259367.html