Pwning the Windows kernel – the crooks who hoodwinked Microsoft [Audio + Text] – Naked Security

DOUG.  Wireless spyware, credit card skimming, and patches galore. All that, and more, on the Naked Security podcast. [MUSICAL MODEM] Welcome to the podcast, everybody. I am Doug Aamoth; he is Paul Ducklin. Paul, how do you do? DUCK.  I’m very well, Doug. Cold, but well. DOUG.  It’s freezing here too, and everyone is sick… but that’s December […]

Read More

How to hack an unpatched Exchange server with rogue PowerShell code – Naked Security

Just under two months ago, some worrying bug news broke: a pair of zero-day vulnerabilities were announced in Microsoft Exchange. As we advised at the time, these vulnerabilities, officially designated CVE-2022-41040 and CVE-2022-41082: [were] two zero-days that [could] be chained together, with the first bug used remotely to open enough of a hole to trigger […]

Read More