Attackers are leveraging Follina. What can you do?
As the world is waiting for Microsoft to push out a patch for CVE-2022-30190, aka “Follina”, attackers around the world are exploiting the vulnerability in a variety of campaigns. A complex vulnerability Microsoft has described CVE-2022-3.....»»
A breakthrough OLED technology is more than twice as bright as normal
Tandem OLED is all the rage in the world of display tech right now, and TCL is making some bold claims about its display leveraging the tech......»»
How attackers deliver malware to Foxit PDF Reader users
Threat actors are taking advantage of the flawed design of Foxit PDF Reader’s alerts to deliver malware via booby-trapped PDF documents, Check Point researchers have warned. Exploiting the issue The researchers have analyzed several campaigns u.....»»
Google will use AI to protect users from scam calls
Google will be leveraging the power of its AI in Gemini Nano to screen for potential scam calls and protect users. The post Google will use AI to protect users from scam calls appeared first on Phandroid. We’ve all received scam calls in.....»»
May 2024 Patch Tuesday: Microsoft fixes exploited zero-days (CVE-2024-30051, CVE-2024-30040)
For May 2024 Patch Tuesday, Microsoft has released fixes for 59 CVE-numbered vulnerabilities, including two zero-days (CVE-2024-30051, CVE-2024-30040) actively exploited by attackers. CVE-2024-30051 and CVE-2024-30040 CVE-2024-30051 is a heap-based b.....»»
Google fixes Chrome zero-day with in-the-wild exploit (CVE-2024-4671)
Google has fixed a Chrome zero-day vulnerability (CVE-2024-4671), an exploit for which exists in the wild. About CVE-2024-4671 CVE-2024-4671 is a use after free vulnerability in the Visuals component that can be exploited by remote attackers to trigg.....»»
Google patches its fifth zero-day vulnerability of the year in Chrome
Exploit code for critical "use-after-free" bug is circulating in the wild. Enlarge (credit: Getty Images) Google has updated its Chrome browser to patch a high-severity zero-day vulnerability that allows attackers to exe.....»»
Attackers may be using TunnelVision to snoop on users’ VPN traffic (CVE-2024-3661)
Researchers have brought to light a new attack method – dubbed TunnelVision and uniquely identified as CVE-2024-3661 – that can be used to intercept and snoop on VPN users’ traffic by attackers who are on the same local network. .....»»
SentinelOne Singularity Cloud Native Security simulates harmless attacks on cloud infrastructure
Attackers are targeting the scope and scale of the cloud to run rapid and coordinated threat campaigns. A new approach is needed to defend against them, and SentinelOne is delivering it with the launch of Singularity Cloud Native Security. A solution.....»»
Ghost Security Phantasm detects attackers targeting APIs
Ghost Security announced the early access availability of Phantasm, application-specific threat intelligence poised to fill a large gap that currently exists in both threat intelligence and application security. Developed by a team of industry expert.....»»
MITRE breach details reveal attackers’ successes and failures
MITRE has shared a timeline of the recent breach if fell victim to and has confirmed that it began earlier than previously thought: on December 31, 2023. On that day, the attackers deployed a web shell on an external-facing Ivanti Connect Secure VPN.....»»
Novel attack against virtually all VPN apps neuters their entire purpose
TunnelVision vulnerability has existed since 2002 and may already be known to attackers. Enlarge (credit: Getty Images) Researchers have devised an attack against nearly all virtual private network applications that forc.....»»
McAfee and Intel collaborate to combat deepfakes with Deepfake Detector
McAfee has unveiled enhancements to its AI-powered deepfake detection technology leveraging the power of the NPU in Intel Core Ultra processor-based PCs. The advanced AI-powered technology that underpins McAfee Deepfake Detector (previously known as.....»»
Lenovo launches AI-based Cyber Resiliency as a Service
Lenovo has launched its new AI-based Cyber Resiliency as a Service (CRaaS) leveraging Lenovo device telemetry and the Microsoft security software portfolio including Microsoft Copilot for Security and Defender for Endpoint. With AI offering protectio.....»»
Dropbox says attackers accessed customer and MFA info, API keys
File hosting service Dropbox has confirmed that attackers have breached the Dropbox Sign production environment and accessed customer personal and authentication information. “From a technical perspective, Dropbox Sign’s infrastructure is lar.....»»
AI-driven phishing attacks deceive even the most aware users
Vishing and deepfake phishing attacks are on the rise as attackers leverage GenAI to amplify social engineering tactics, according to Zscaler. AI automates and personalizes various aspects of the attack process AI-driven phishing attacks leverage AI.....»»
Discovery of uranium-contaminated soil purification material without secondary environmental pollution
Nuclear energy has long been regarded as a next-generation energy source, and major countries around the world are competing to secure cutting-edge technologies by leveraging the high economic efficiency and sustainability of nuclear power. However,.....»»
Palo Alto firewalls: CVE-2024-3400 exploitation and PoCs for persistence after resets/upgrades
There are proof-of-concept techniques allowing attackers to achieve persistence on Palo Alto Networks firewalls after CVE-2024-3400 has been exploited, the company has confirmed on Monday, but they are “not aware at this time of any malicious a.....»»
Fireblocks expands DeFi suite with threat detection features
Fireblocks introduced new security features to its DeFi suite: dApp Protection and Transaction Simulation. As the DeFi sector experiences unprecedented growth, the need for proactive security measures has never been more critical. With attackers taki.....»»
Hackers are using developing countries for ransomware practice
Businesses in Africa, Asia, and South America hit before moving on to Western targets. Enlarge (credit: Getty Images) Cyber attackers are experimenting with their latest ransomware on businesses in Africa, Asia, and Sout.....»»
Hackers are carrying out ransomware experiments in developing countries
Businesses in Africa, Asia, and South America hit before moving on to western targets. Enlarge (credit: Getty Images) Cyber attackers are experimenting with their latest ransomware on businesses in Africa, Asia and South.....»»