Attackers are slowly abandoning malicious macros
Malicious macro-enabled documents as vehicles for email-based malware delivery are being used less and less, Proofpoint researchers have noticed. Threat actors are switching to email attachments using Windows Shortcut (LNK) files and container file f.....»»
Versa Director zero-day exploited to compromise ISPs, MSPs (CVE-2024-39717)
Advanced, persistent attackers have exploited a zero-day vulnerability (CVE-2024-39717) in Versa Director to compromise US-based managed service providers with a custom-made web shell dubbed VersaMem by the researchers. The malware harvests credentia.....»»
Hackers infect ISPs with malware that steals customers’ credentials
Zero-day that was exploited since June to infect ISPs finally gets fixed. Enlarge (credit: Getty Images) Malicious hackers likely working on behalf of the Chinese government have been exploiting a high-severity zero-day.....»»
Lateral movement: Clearest sign of unfolding ransomware attack
44% of unfolding ransomware attacks were spotted during lateral movement, according to Barracuda Networks. 25% of incidents were detected when the attackers started writing or editing files, and 14% were unmasked by behavior that didn’t fit with kn.....»»
SonicWall patches critical flaw affecting its firewalls (CVE-2024-40766)
SonicWall has patched a critical vulnerability (CVE-2024-40766) in its next-gen firewalls that could allow remote attackers unauthorized access to resources and, in specific conditions, to crash the appliances. About CVE-2024-40766 CVE-2024-40766 is.....»»
Week in review: PostgreSQL databases under attack, new Chrome zero-day actively exploited
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: PostgreSQL databases under attack Poorly protected PostgreSQL databases running on Linux machines are being compromised by cryptojacking attackers......»»
Meta cancels its headset rival to Apple Vision Pro
Meta's chief technology officer has all but confirmed reports that the company is abandoning its plan to take on the Apple Vision Pro with a similarly powerful device.Meta Quest ProRight before the announcement of the Apple Vision Pro, Meta "leaked".....»»
Stranded student helps design synthetic polymers to combat fungal infections
Every year, more than 2 million people are affected by invasive fungal infections, which are often caused by Candida species and are associated with high mortality rates. The development of new therapies is progressing very slowly. Demand is increasi.....»»
It’s time to say goodbye to the Windows Control Panel
Microsoft has kept its mouth shut for years as the Control Panel has slowly been replaced by the Settings app -- but now its deprecation is official......»»
Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800)
A critical vulnerability (CVE-2024-6800) affecting all currently supported versions of GitHub Enterprise Server (GHES) may allow attackers to gain unrestricted access to the instance’s contents. The issue, reported via the GitHub Bug Bounty pro.....»»
New Chrome zero-day actively exploited, patch quickly! (CVE-2024-7971)
A new Chrome zero-day vulnerability (CVE-2024-7971) exploited by attackers in the wild has been fixed by Google. About CVE-2024-7971 CVE-2024-7971 is a high-severity vulnerability caused by a type confusion weakness in V8, the open-source JavaScript.....»»
Android malware uses NFC to steal money at ATMs
ESET researchers uncovered NGate malware, which can relay data from victims’ payment cards via a malicious app installed on their Android devices to the attacker’s rooted Android phone. Attack overview (Source: ESET) Unauthorized ATM withdrawals.....»»
Novel technique allows malicious apps to escape iOS and Android guardrails
Web-based apps escape iOS "Walled Garden" and Android side-loading protections. Enlarge (credit: Getty Images) Phishers are using a novel technique to trick iOS and Android users into installing malicious apps that bypas.....»»
PostgreSQL databases under attack
Poorly protected PostgreSQL databases running on Linux machines are being compromised by cryptojacking attackers. The attack – observed by Aqua Security researchers on a honeypot system – starts with the threat actors brute-forcing access.....»»
Disney abandons Disney+ arbitration defense in restaurant allergy death case
Disney said it "strive[s] to put humanity above all other considerations." Enlarge (credit: Getty Images | Gary Hershorn ) Disney said it is abandoning its motion to compel arbitration in a case filed by a man who allege.....»»
Vulnerabilities in Microsoft macOS apps may give attackers access to microphone, camera
Vulnerabilities in popular Microsoft apps for macOS can be abused by attackers to record video and audio clips, take pictures, access and exfiltrate data and send emails, Cisco Talos researchers have discovered. Library injection vulnerabilities in M.....»»
Vulnerability in Microsoft apps allowed hackers to spy on Mac users
A vulnerability found in Microsoft apps for macOS allowed hackers to spy on users. Security researchers from Cisco Talos reported in a blog post how the vulnerability could be exploited by attackers and what Microsoft has been doing to fix the explo.....»»
Security flaws in Microsoft Mac apps could let attackers spy on users
Cisco Talos recently uncovered security vulnerabilities in several Microsoft apps for macOS that can potentially let attackers spy on your camera and other system components.Security flaws found in Microsoft apps for MacTalos claims to have found eig.....»»
Week in review: MS Office flaw may leak NTLM hashes, malicious Chrome, Edge browser extensions
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Unpatched MS Office flaw may leak NTLM hashes to attackers (CVE-2024-38200) A new MS Office zero-day vulnerability (CVE-2024-38200) can be exploited.....»»
The Crimson Diamond is a wonderful EGA-like graphic adventure game for 2024
The parser works much better than you'd think, and the mystery is pitch-perfect. In my mind, this image is slowly drawing into place, with the text arriving last. (credit: Julia Minamata) A text parser? Typing in “Open.....»»
Tech support scammers impersonate Google via malicious search ads
Google Search ads that target users looking for Google’s own services lead them to spoofed sites and Microsoft and Apple tech support scams. The fake Google Search ads (Source: Malwarebytes) “In this particular scheme, all web resources u.....»»