Lazarus exploit Log4Shell vulnerability to deliver novel RAT malware
North Korea-backed group Lazarus has been spotted exploiting the Log4Shell vulnerability (CVE-2021-44228) and novel malware written in DLang (i.e., the memory-safe D programming language). “This campaign consists of continued opportunistic targ.....»»
Critical Start helps organizations reduce cyber risk from vulnerabilities
Critical Start announced Critical Start Vulnerability Management Service (VMS) and Vulnerability Prioritization. These new offerings are a foundational pillar of Managed Cyber Risk Reduction, allowing organizations to assess, manage, prioritize, and.....»»
Pixel problems: Google"s security nightmare caused by hidden software
A vulnerability included in every version of Android for previous Google Pixel models will soon be patched, but Pixel 9 buyers don't need to worry.Google Pixel 9The majority of Google Pixel smartphones sold from September 2017 onward have included a.....»»
Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986)
SolarWinds has fixed a critical vulnerability (CVE-2024-28986) in its Web Help Desk (WHD) solution that may allow attackers to run commands on the host machine. “While it was reported as an unauthenticated vulnerability, SolarWinds has been una.....»»
IntelOwl: Open-source threat intelligence management
IntelOwl is an open-source solution designed for large-scale threat intelligence management. It integrates numerous online analyzers and advanced malware analysis tools, providing comprehensive insights in one platform. “In late 2019, I faced a.....»»
A major Sonos exploit was explained at Black Hat — but you needn’t worry
Researchers from NCC Group showed how a Sonos One could fall victim to an attack that would let someone listen in on the microphones......»»
Chrome, Edge users beset by malicious extensions that can’t be easily removed
A widespread campaign featuring a malicious installer that saddles users with difficult-to-remove malicious Chrome and Edge browser extensions has been spotted by researchers. “The trojan malware contains different deliverables ranging from sim.....»»
Unpatched MS Office flaw may leak NTLM hashes to attackers (CVE-2024-38200)
A new MS Office zero-day vulnerability (CVE-2024-38200) can be exploited by attackers to grab users’ NTLM hashes, Microsoft has shared late last week. The vulnerability is exploitable remotely and requires no special privileges or user interact.....»»
A common parasite could deliver drugs to the brain—how scientists are turning Toxoplasma gondii from foe into friend
Parasites take an enormous toll on human and veterinary health. But researchers may have found a way for patients with brain disorders and a common brain parasite to become frenemies......»»
How Do You Get Drugs to the Brain? Maybe Try a Parasite
A common parasite could one day deliver drugs to the brain. Here's how scientists are turning Toxoplasma gondii from foe into friend......»»
1Password urges Mac users to patch now to avoid having their data stolen
This 1Password vulnerability could expose your vaults to theft, so patch now.....»»
Critical 1Password flaws may allow hackers to snatch your passwords (CVE-2024-42219, CVE-2024-42218)
Two vulnerabilities (CVE-2024-42219, CVE-2024-42218) affecting the macOS version of the popular 1Password password manager could allow malware to steal secrets stored in the software’s vaults and obtain the account unlock key, AgileBits has con.....»»
“0.0.0.0-Day” vulnerability affects Chrome, Safari and Firefox
A “0.0.0.0-Day” vulnerability affecting Chrome, Safari and Firefox can be – and has been – exploited by attackers to gain access to services on internal networks, Oligo Security researchers have revealed. The vulnerability ste.....»»
Malware-as-a-Service and Ransomware-as-a-Service lower barriers for cybercriminals
The sophistication of cyber threats has escalated dramatically, with malicious actors’ deploying advanced tactics, techniques, and procedures (TTPs) to exploit vulnerabilities and evade detection, according to Darktrace. Subscription-based tools su.....»»
This Windows Update exploit is downright terrifying
A new tool called Windows Downdate can trick your PC into thinking that it's fully patched, all the while exposing you to dangerous vulnerabilities......»»
1Password 8 for Mac flaw allows attackers to steal credentials, here’s how to patch it
1Password has shared that its software for Mac has a vulnerability that exposes users to a potentially serious threat. Along with attackers being able to compromise credentials, the flaw can give bad actors access to your account unlock key. more.....»»
macOS Sequoia to fix exploit that lets hackers access internal networks
Apple and other tech companies are constantly looking for ways to improve the security of their operating systems. Even so, some things go unnoticed. An exploit from 18 years ago is still being actively used by hackers to access internal networks, bu.....»»
Apple has closed an ancient macOS Safari security hole
Apple is fixing a vulnerability in Safari for macOS, that seems to date back to the dawn of Intel Macs.Icon for Safari in macOSThe Defcon hacking conference is taking place from August 8 to August 11 in Las Vegas, which hosts talks about newly discov.....»»
Lasers deliver powerful shocking punch in material experiments
Shock experiments are widely used to understand the mechanical and electronic properties of matter under extreme conditions, like planetary impacts by meteorites. However, after the shock occurs, a clear description of the post-shock thermal state an.....»»
The best SSDs for 2024
The best SSDs deliver the fastest read and write speeds on the market in a durable, compact package. Here are the best and why these cards make great upgrades......»»
Flashpoint Ignite and Echosec deliver threat intelligence for enhanced protection
Flashpoint has released new features and capabilities to its flagship platform, Flashpoint Ignite, and Echosec, its comprehensive location intelligence solution. Those working in security and threat analysis are at the forefront of the constantly evo.....»»