Threats & Malware, Vulnerabilities
May 10, 2023
Via: The Hacker NewsCybersecurity researchers have shared details about a now-patched security flaw in Windows MSHTML platform that could be abused to bypass integrity protections on targeted machines. The vulnerability, tracked as CVE-2023-29324 (CVSS score: 6.5), has been described as a security feature […]
Threats & Malware, Virus & Malware
April 24, 2023
Via: The Hacker NewsA new “all-in-one” stealer malware named EvilExtractor (also spelled Evil Extractor) is being marketed for sale for other threat actors to steal data and files from Windows systems. “It includes several modules that all work via an FTP service,” Fortinet […]
Threats & Malware, Virus & Malware
April 6, 2023
Via: Help Net SecurityAn unbranded ransomware strain that recently hit a US-based company is being deployed by attackers who are misusing a tool included in a commercial security product, Check Point researchers have found. The solution in question is Palo Alto Networks’ Cortex […]
Threats & Malware, Vulnerabilities
March 22, 2023
Via: Naked SecurityJust yesterday, we wrote about a bug in Google Pixel phones, apparently now patched, with potentially dangerous consequences. The bug finders, understandably excited (and concerned) by what they’d found, decided to follow the BWAIN principle for maximum, turning it into […]
Threats & Malware, Virus & Malware
March 14, 2023
Via: The RegisterCriminals are exploiting a Microsoft SmartScreen bug to deliver Magniber ransomware, potentially infecting hundreds of thousands of devices, without raising any security red flags, according to Google’s Threat Analysis Group (TAG). TAG discovered the in-the-wild exploit, and reported it to […]
Threats & Malware, Vulnerabilities
February 15, 2023
Via: The Hacker NewsMicrosoft on Tuesday released security updates to address 75 flaws spanning its product portfolio, three of which have come under active exploitation in the wild. The updates are in addition to 22 flaws the Windows maker patched in its Chromium-based […]
Threats & Malware, Vulnerabilities
December 1, 2022
Via: Security WeekThe most severe of the security defects is CVE‑2022‑34669 (CVSS score of 8.8), an issue in the user mode layer of Nvidia’s Windows driver that could be exploited by an unprivileged attacker to access or tamper with system files or […]
Threats & Malware, Vulnerabilities
October 27, 2022
Via: Security WeekEvent Log is an Internet Explorer-specific application that exists in all Windows iterations, due to the deep integration of the browser with the operating system. Due to the specific set of permissions that Event Log has, two security defects haunt […]
Threats & Malware, Virus & Malware
September 28, 2022
Via: The Hacker NewsA new, multi-functional Go-based malware dubbed Chaos has been rapidly growing in volume in recent months to ensnare a wide range of Windows, Linux, small office/home office (SOHO) routers, and enterprise servers into its botnet. “Chaos functionality includes the ability […]
September 16, 2022
Via: TechRadarRoughly one in every five Windows servers(opens in new tab) is missing endpoint protection, meaning organizations of all sizes are risking various cybersecurity incidents, including ransomware. A report from Sevco Security, which analyzed data coming in from more than 500,000 […]
Access control, Cyber-crime, Malware, Security
July 18, 2022
Via: Help Net SecurityA threat actor is targeting industrial engineers and operators with trojanized password-cracking software for programmable logic controllers (PLCs) and human-machine interfaces (HMIs), exploiting their pressing needs to turn industrial workstations into dangerous bots. According to Dragos researchers, the adversary seems […]
Threats & Malware, Vulnerabilities
May 31, 2022
Via: Help Net SecurityA newly numbered Windows zero-day vulnerability (CVE-2022-30190) is being exploited in the wild via specially crafted Office documents (without macros), security researchers are warning. After initially dismissing the vulnerability as “not a security related issue”, Microsoft has now issued a […]
May 6, 2022
Via: Threat PostWormable malware dubbed Raspberry Robin has been active since last September and is wriggling its way through USB drives onto Windows machines to use Microsoft Standard Installer and other legitimate processes to install malicious files, researchers have found. Researchers at […]
May 4, 2022
Via: Threat PostResearchers have discovered a malicious campaign utilizing a never-before-seen technique for quietly planting fileless malware on target machines. The technique involves injecting shellcode directly into Windows event logs. This allows adversaries to use the Windows event logs as a cover […]
February 2, 2022
Via: Tech RadarMicrosoft has revealed it enterprise endpoint security antivirus offering also now provides threat and vulnerability management for Android and iOS. The move means that Microsoft Defender for Endpoint now works with all major platforms for workstations, servers, as well as […]
Threats & Malware, Vulnerabilities
January 31, 2022
Via: CSO OnlineMore than half (53%) of the IoT (internet of things) and internet of medical things (IoMT) devices used in healthcare contain critical cybersecurity risks, according to The State of IoMT Device Security report by Cynerio, which analyzed devices from more […]
Threats & Malware, Virus & Malware
January 12, 2022
Via: The Hacker NewsA new cross-platform backdoor called “SysJoker” has been observed targeting machines running Windows, Linux, and macOS operating systems as part of an ongoing espionage campaign that’s believed to have been initiated during the second half of 2021. “SysJoker masquerades as […]
September 16, 2021
Via: Help Net SecurityAfter offering the passwordless authentication option to enterprise customers in March 2021, Microsoft has now started rolling it out to its consumer segment of users. The Passwordless account option “Beginning today, you can now completely remove the password from your […]
Threats & Malware, Vulnerabilities
September 14, 2021
Via: Security AffairsGoogle released Chrome 93.0.4577.82 for Windows, Mac, and Linux that fixed eleven security issues, including two zero-days vulnerabilities actively exploited in the wild. This is the tenth zero-day vulnerability in Chrome fixed by Google that was exploited in attacks in […]
July 26, 2021
Via: Naked SecurityFrench researcher Gilles Lionel, who goes by @topotam77, recently published proof-of-concept code that attackers could use to take over a Windows network. The hack, which he has dubbed PetitPotam (which is a nod to the endangered Pygmy Hippopotamus, as far […]