August 3, 2023
Via: The Hacker NewsMicrosoft is warning of the threat malicious cyber actors pose to stadium operations, warning that the cyber risk surface of live sporting events is “rapidly expanding.” “Information on athletic performance, competitive advantage, and personal information is a lucrative target,” the […]
Threats & Malware, Vulnerabilities
July 26, 2023
Via: SecurityWeekTwo of these flaws, tracked as CVE-2023-21554 and CVE-2023-28302, could lead to remote code execution (RCE) and denial-of-service (DoS) and were addressed by Microsoft with its April 2023 Patch Tuesday updates. No CVE identifier has been provided for the third […]
July 18, 2023
Via: The Hacker NewsStolen ChatGPT credentials flood dark web markets# Over the past year, 100,000 stolen credentials for ChatGPT were advertised on underground sites, being sold for as little as $5 on dark web marketplaces in addition to being offered for free. Stolen […]
Application security, Security
July 17, 2023
Via: Dark ReadingA human rights organization was alerted by Microsoft that it was compromised as part of a July email breach attributed to Storm-0558, but the organization couldn’t find any evidence of compromise in their logs. Why? It didn’t pay Microsoft a […]
Threats & Malware, Vulnerabilities
July 12, 2023
Via: The Hacker NewsMicrosoft on Tuesday released updates to address a total of 132 new security flaws spanning its software, including six zero-day flaws that it said have been actively exploited in the wild. Of the 132 vulnerabilities, nine are rated Critical, 122 […]
Threats & Malware, Virus & Malware
July 12, 2023
Via: The Hacker NewsCybersecurity researchers have unearthed a novel rootkit signed by Microsoft that’s engineered to communicate with an actor-controlled attack infrastructure. Trend Micro has attributed the activity cluster to the same actor that was previously identified as behind the FiveSys rootkit, which […]
July 12, 2023
Via: The Hacker NewsMicrosoft on Tuesday revealed that it repelled a cyber attack staged by a Chinese nation-state actor targeting two dozen organizations, some of which include government agencies, in a cyber espionage campaign designed to acquire confidential data. The attacks, which commenced […]
Threats & Malware, Vulnerabilities
June 21, 2023
Via: The Hacker NewsA security shortcoming in Microsoft Azure Active Directory (AD) Open Authorization (OAuth) process could have been exploited to achieve full account takeover, researchers said. California-based identity and access management service Descope, which discovered and reported the issue in April 2023, […]
June 19, 2023
Via: The Hacker NewsMicrosoft on Friday attributed a string of service outages aimed at Azure, Outlook, and OneDrive earlier this month to an uncategorized cluster it tracks under the name Storm-1359. “These attacks likely rely on access to multiple virtual private servers (VPS) […]
Threats & Malware, Vulnerabilities
June 14, 2023
Via: The Hacker NewsTwo “dangerous” security vulnerabilities have been disclosed in Microsoft Azure Bastion and Azure Container Registry that could have been exploited to carry out cross-site scripting (XSS) attacks. “The vulnerabilities allowed unauthorized access to the victim’s session within the compromised Azure […]
Application security, Security
June 13, 2023
Via: The Hacker News“Dozens” of organizations across the world have been targeted as part of a broad business email compromise (BEC) campaign that involved the use of adversary-in-the-middle (AitM) techniques to carry out the attacks. “Following a successful phishing attempt, the threat actor […]
June 9, 2023
Via: The Hacker NewsBanking and financial services organizations are the targets of a new multi-stage adversary-in-the-middle (AitM) phishing and business email compromise (BEC) attack, Microsoft has revealed. “The attack originated from a compromised trusted vendor and transitioned into a series of AiTM attacks […]
Threats & Malware, Vulnerabilities
May 31, 2023
Via: The Hacker NewsMicrosoft has shared details of a now-patched flaw in Apple macOS that could be abused by threat actors with root access to bypass security enforcements and perform arbitrary actions on affected devices. Specifically, the flaw – dubbed Migraine and tracked […]
Threats & Malware, Virus & Malware
May 24, 2023
Via: The Hacker NewsThe Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks targeting state bodies in the country as part of an espionage campaign. The intrusion set, attributed to a threat actor tracked by the authority as UAC-0063 since […]
May 24, 2023
Via: The Hacker NewsThe infamous Lazarus Group actor has been targeting vulnerable versions of Microsoft Internet Information Services (IIS) servers as an initial breach route to deploy malware on targeted systems. The findings come from the AhnLab Security Emergency response Center (ASEC), which […]
Threats & Malware, Virus & Malware
May 15, 2023
Via: The Hacker NewsPoorly managed Microsoft SQL (MS SQL) servers are the target of a new campaign that’s designed to propagate a category of malware called CLR SqlShell that ultimately facilitates the deployment of cryptocurrency miners and ransomware. “Similar to web shell, which […]
Threats & Malware, Vulnerabilities
May 10, 2023
Via: The Hacker NewsMicrosoft has rolled out Patch Tuesday updates for May 2023 to address 38 security flaws, including one zero-day bug that it said is being actively exploited in the wild. Trend Micro’s Zero Day Initiative (ZDI) said the volume is the […]
Threats & Malware, Vulnerabilities
May 10, 2023
Via: The Hacker NewsCybersecurity researchers have shared details about a now-patched security flaw in Windows MSHTML platform that could be abused to bypass integrity protections on targeted machines. The vulnerability, tracked as CVE-2023-29324 (CVSS score: 6.5), has been described as a security feature […]
Threats & Malware, Vulnerabilities
May 9, 2023
Via: The Hacker NewsIranian nation-state groups have now joined financially motivated actors in actively exploiting a critical flaw in PaperCut print management software, Microsoft disclosed over the weekend. The tech giant’s threat intelligence team said it observed both Mango Sandstorm (Mercury) and Mint […]
May 8, 2023
Via: Dark ReadingNorth Korean cyber espionage group Kimsuky has expanded its attack arsenal with a new spear-phishing campaign that uses Microsoft OneDrive links in documents armed with malicious macros that drop novel reconnaissance malware. Researchers at SentinelLabs observed a new campaign from […]