Software Archives - CyberConvoy Blog

Hackers start using double DLL sideloading to evade detection

These attack variations begin with an initial vector that leverages a clean application that sideloads a second-stage payload which in turn, sideloads a malicious malware loader DLL

5 May

SonicWall warns web content filtering is broken on Windows 11 22H2

This results in Web Content Filtering (WCF) policies that enforce blocked categories to be no longer effective on impacted endpoints

9 February

Microsoft Defender ASR rule deletes Windows app shortcuts

The issue affected app shortcuts across onboarded devices after the Microsoft Defender for Endpoint attack surface reduction (ASR) rule was triggered erroneously

14 January

Unpatched 15-year old Python bug allows code execution in 350k projects

09/21/2022
Cyber News
Exploit, Hacking, Patching, PrivEsc, Python, Security, Software

Disclosed in 2007 and tagged as CVE-2007-4559, the security issue never received a patch, the only mitigation provided being a documentation update warning developers about the risk.

21 September

Microsoft Teams stores auth tokens as cleartext in Windows, Linux, Macs

The newly discovered security issue impacts Windows, Linux, and Mac versions of the application. It refers to Microsoft Teams storing user authentication tokens in clear text without protecting access to them.

14 September

NSA and CISA share tips to secure the software supply chain

09/10/2022
Cyber News
Hardening, Security, Software, SupplyChain

Developers will find helpful guidance from NSA and partners on developing secure code, verifying third party components, hardening the built environment, and delivering the code. Until all DevOps is DevSecOps, the software development lifecycle will be at risk

10 September