Microsoft Warns of Active Zero-Day Exploitation, Patches 60 Windows Vulnerabilities
Microsoft Warns of Active Zero-Day Exploitation, Patches 60 Windows Vulnerabilities Go to Source Patch Tuesday: Microsoft documents 60 security flaws in multiple software products and flags an actively exploited Windows zero-day for...
Adobe Patches Critical Flaws in Reader, Acrobat
Adobe documents multiple code execution flaws in a wide range of products, including the widely deployed Adobe Acrobat and Reader software. The post Adobe Patches Critical Flaws in Reader, Acrobat appeared first on SecurityWeek.
Linux 6.9 arrives, plus Torvalds indicates Arm64 will get a bit more love
And the windows are opened to 6.10 in September or so Linux kernel 6.9 is here, with many under-the-covers improvements that won't be very visible to users, but which tidy things up, fix bugs, and pave the way for future changes.…
Google Pixel 8a review: The best midrange Android phone gets flagship AI features
The recipe for Google’s A-series Pixels is incredibly straightforward: Combine top-notch cameras with a vivid display and then cram all that in a tried and tested design for a reasonable price. But with the addition of a Tensor G3 chip, the Pixel 8a now supports the...
As AI expands into the search world, here’s what the current players are up to
As AI expands into the search world, here’s what the current players are up to Go to Source The search engine market could be on the verge of a tidal shift. Reuters, last week, reported that OpenAI was planning to launch an artificial...
North Korean Hackers Deploy New Golang Malware ‘Durian’ Against Crypto Firms
The North Korean threat actor tracked as Kimsuky has been observed deploying a previously undocumented Golang-based malware dubbed Durian as part of highly-targeted cyber attacks aimed at South Korean cryptocurrency firms. "Durian boasts comprehensive backdoor...
‘Four horsemen of cyber’ look back on 2008 DoD IT breach that led to US Cyber Command
'This was a no sh*tter' RSAC A malware-laced USB stick, inserted into a military laptop at a base in Afghanistan in 2008, led to what has been called the worst military breach in US history, and to the creation of the US Cyber Command.…
Malicious Android Apps Pose as Google, Instagram, WhatsApp, Spread via Smishing
Malicious Android apps masquerading as Google, Instagram, Snapchat, WhatsApp, and X (formerly Twitter) have been observed to steal users' credentials from compromised devices. "This malware uses famous Android app icons to mislead users and trick victims into...
The Post Millennial – 26,818,266 breached accounts
In May 2024, the conservative news website The Post Millennial suffered a data breach. The breach resulted in the defacement of the website and links posted to 3 different corpuses of data including hundreds of writers and editors (IP, physical address and email...
Kremlin-Backed APT28 Targets Polish Institutions in Large-Scale Malware Campaign
Polish government institutions have been targeted as part of a large-scale malware campaign orchestrated by a Russia-linked nation-state actor called APT28. "The campaign sent emails with content intended to arouse the recipient's interest and persuade him to click on...
Tappware – 94,734 breached accounts
In April 2024, a substantial volume of data was taken from the Bangladeshi IT services provider Tappware and published to a popular hacking forum. Comprising of 95k unique email addresses, the data also included extensive labour information on local citizens including...
Android Update Patches Critical Vulnerability
Android’s May 2024 security update patches 38 vulnerabilities, including a critical bug in the System component. The post Android Update Patches Critical Vulnerability appeared first on SecurityWeek.
Hijack Loader Malware Employs Process Hollowing, UAC Bypass in Latest Version
A newer version of a malware loader called Hijack Loader has been observed incorporating an updated set of anti-analysis techniques to fly under the radar. "These enhancements aim to increase the malware's stealthiness, thereby remaining undetected for longer periods...
MITRE Hack: China-Linked Group Breached Systems in December 2023
MITRE has shared more details on the recent hack, including the new malware involved in the attack and a timeline of the attacker’s activities. The post MITRE Hack: China-Linked Group Breached Systems in December 2023 appeared first on SecurityWeek.
Microsoft Edge update patches two security flaws and adds a handy speed test tool
Microsoft Edge update patches two security flaws and adds a handy speed test tool Go to Source If Edge is your browser of choice, you'll want to upgrade to the latest release to enjoy these enhancements.
Xiaomi Android Devices Hit by Multiple Flaws Across Apps and System Components
Multiple security vulnerabilities have been disclosed in various applications and system components within Xiaomi devices running Android. "The vulnerabilities in Xiaomi led to access to arbitrary activities, receivers and services with system privileges, theft of...
New ‘Cuckoo’ Persistent macOS Spyware Targeting Intel and Arm Macs
Cybersecurity researchers have discovered a new information stealer targeting Apple macOS systems that's designed to set up persistence on the infected hosts and act as a spyware. Dubbed Cuckoo by Kandji, the malware is a universal Mach-O binary that's capable of...
French Cyberwarriors Ready to Test Their Defense Against Hackers and Malware During the Olympics
Vincent Strubel, who heads France’s national cybersecurity agency, called the cyberthreats level facing the Olympic Games unprecedented. The post French Cyberwarriors Ready to Test Their Defense Against Hackers and Malware During the Olympics appeared first on...
Pursuit of Trustworthiness: Increasing User Trust in Generative AI Products
Pursuit of Trustworthiness: Increasing User Trust in Generative AI Products Go to Source Disclaimer: The author works at Microsoft. The article is a general exploration of user trust and AI, but it does call out some references to the...
Microsoft Outlook Flaw Exploited by Russia’s APT28 to Hack Czech, German Entities
Microsoft Outlook Flaw Exploited by Russia's APT28 to Hack Czech, German Entities Go to Source Czechia and Germany on Friday revealed that they were the target of a long-term cyber espionage campaign conducted by the Russia-linked...
Google Removes RISC-V Support From Android
Last year the introduction of RISC-V support to the Android-specific, Linux-derived Android Common Kernel (ACK) made it seem that before long Android devices might be using SoCs based around the RISC-V ISA, but it would seem that these hopes are now dashed. As...
Windows users left to fend for themselves after BitLocker patch bungle
Windows users left to fend for themselves after BitLocker patch bungle Go to Source Need a bigger partition for the update? You'll be manually resizing it then Microsoft has decided that there will be no automatic resolution for a...
Hackers Increasingly Abusing Microsoft Graph API for Stealthy Malware Communications
Hackers Increasingly Abusing Microsoft Graph API for Stealthy Malware Communications Go to Source Threat actors have been increasingly weaponizing Microsoft Graph API for malicious purposes with the aim of evading detection. This is...
Microsoft Warns of ‘Dirty Stream’ Vulnerability in Popular Android Apps
Microsoft has uncovered a new type of attack called Dirty Stream that impacted Android apps with billions of installations. The post Microsoft Warns of ‘Dirty Stream’ Vulnerability in Popular Android Apps appeared first on SecurityWeek.
New Deep Instinct AI assistant bridges the gap in malware analysis
Threat protection-focused startup Deep Instinct Ltd. today announced the launch of DIANNA — short for Deep Instinct’s Artificial Neural Network Assistant, a new generative artificial intelligence assistant that provides expert-level malware analysis for unknown...
Adobe targets AI security with bug bounty expansion for Content Credentials and Firefly
Creative software developer Adobe Inc. today announced an expansion of its bug bounty program to reward security researchers for discovering bugs specific to Content Credentials and Adobe Firefly. Content Credentials, built on the C2PA open standard, are integrated...
Microsoft’s latest Windows security updates might break your VPN
Microsoft’s latest Windows security updates might break your VPN Go to Source Microsoft says the April security updates for Windows may break your VPN. (Oops!) “Windows devices might face VPN connection failures after installing the...
More than two dozen Android vulnerabilities fixed … slowly
Meanwhile, Xiaomi slapped down 20 Oversecured, a business that scans mobile apps for security issues, says it has identified more than two dozen vulnerabilities over the past few years affecting Android apps from smartphone maker Xiaomi and Google's Android Open...
Popular Android Apps Like Xiaomi, WPS Office Vulnerable to File Overwrite Flaw
Several popular Android applications available in Google Play Store are susceptible to a path traversal-affiliated vulnerability that could be exploited by a malicious app to overwrite arbitrary files in the vulnerable app's home directory. "The implications of this...
Microsoft confirms spike in NTLM authentication traffic after Windows Server patch
Microsoft confirms spike in NTLM authentication traffic after Windows Server patch Go to Source Still using ancient protocol suite? April update might make you wish you weren't Microsoft's April 2024 security update blues continue...