Critical ‘BatBadBut’ Rust Vulnerability Exposes Windows Systems to Attacks
Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks Go to Source A critical security flaw in the Rust standard library could be exploited to target Windows users and stage command injection attacks. The...
Microsoft squashes SmartScreen security bypass bug exploited in the wild
Plus: Adobe, SAP, Fortinet, VMware, Cisco issue pressing updates Patch Tuesday Microsoft fixed 149 security flaws in its own products this week, and while Redmond acknowledged one of those vulnerabilities is being actively exploited, we've been told another hole is...
Patch Tuesday: Code Execution Flaws in Multiple Adobe Software Products
Adobe calls attention to a pair of code execution bugs in Adobe Commerce and Magento Open Source, a product used to manage online stories. The post Patch Tuesday: Code Execution Flaws in Multiple Adobe Software Products appeared first on SecurityWeek.
Attackers Using Obfuscation Tools to Deliver Multi-Stage Malware via Invoice Phishing
Cybersecurity researchers have discovered an intricate multi-stage attack that leverages invoice-themed phishing decoys to deliver a wide range of malware such as Venom RAT, Remcos RAT, XWorm, NanoCore RAT, and a stealer that targets crypto wallets. The email messages...
Kaspersky Club – 55,971 breached accounts
In March 2024, the independent fan forum Kaspersky Club suffered a data breach. The incident exposed 56k unique email addresses alongside usernames, IP addresses and passwords stored as either MD5 or bcrypt hashes.
Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks
Threat actors are actively scanning and exploiting a pair of security flaws that are said to affect as many as 92,000 internet-exposed D-Link network-attached storage (NAS) devices. Tracked as CVE-2024-3272 (CVSS score: 9.8) and CVE-2024-3273 (CVSS score: 7.3), the...
Company Offering $30 Million for Android, iOS, Browser Zero-Day Exploits
Crowdfense has announced a $30 million exploit acquisition program covering Android, iOS, Chrome, and Safari zero-days. The post Company Offering $30 Million for Android, iOS, Browser Zero-Day Exploits appeared first on SecurityWeek.
Watch Out for ‘Latrodectus’ – This Malware Could Be In Your Inbox
Threat hunters have discovered a new malware called Latrodectus that has been distributed as part of email phishing campaigns since at least late November 2023. "Latrodectus is an up-and-coming downloader with various sandbox evasion functionality," researchers from...
boAt – 7,528,986 breached accounts
In March 2024, the Indian audio and wearables brand boAt suffered a data breach that exposed 7.5M customer records. The data included physical and email address, names and phone numbers, all of which were subsequently published to a popular clear web hacking forum.
Head of Israeli cyber spy unit exposed … by his own privacy mistake
PLUS: Another local government hobbled by ransomware; Huge rise in infostealing malware; and critical vulns In Brief Protecting your privacy online is hard. So hard, in fact, that even a top Israeli spy who managed to stay incognito for 20 years has found himself...
Price of zero-day exploits rises as companies harden products against hackers
Tools that allow government hackers to break into iPhones and Android phones, popular software like the Chrome and Safari browsers, and chat apps like WhatsApp and iMessage, are now worth millions of dollars — and their price has multiplied in the last few years as...
The TechBeat: The Case Against Rocky Linux (4/6/2024)
How are you, hacker? 🪐Want to know what's trending right now?: The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here. ## The Case Against Rocky Linux By @eluser [ 12 Min read ] Rocky Linux...
This backdoor almost infected Linux everywhere: The XZ Utils close call
For the first time, an open-source maintainer put malware into a key Linux utility. We're still not sure who or why - but here's what you can do about it.
Our favorite cheap Android tablet is on sale for $170
We highlight Samsung's Galaxy Tab A9+ in our Android tablet buying guide for those who just want a competent slate for as little money as possible. If that describes you, take note: The 11-inch device is now on sale for $170 at several retailers, including Amazon,...
Cisco Warns of Vulnerability in Discontinued Small Business Routers
Cisco says it will not release patches for a cross-site scripting vulnerability impacting end-of-life small business routers. The post Cisco Warns of Vulnerability in Discontinued Small Business Routers appeared first on SecurityWeek.
From PDFs to Payload: Bogus Adobe Acrobat Reader Installers Distribute Byakugan Malware
Bogus installers for Adobe Acrobat Reader are being used to distribute a new multi-functional malware dubbed Byakugan. The starting point of the attack is a PDF file written in Portuguese that, when opened, shows a blurred image and asks the victim to click on a link...
New Wave of JSOutProx Malware Targeting Financial Firms in APAC and MENA
Financial organizations in the Asia-Pacific (APAC) and Middle East and North Africa (MENA) are being targeted by a new version of an "evolving threat" called JSOutProx. "JSOutProx is a sophisticated attack framework utilizing both JavaScript and .NET,"...
Vietnam-Based Hackers Steal Financial Data Across Asia with Malware
A suspected Vietnamese-origin threat actor has been observed targeting victims in several Asian and Southeast Asian countries with malware designed to harvest valuable data since at least May 2023. Cisco Talos is tracking the cluster under the name CoralRaider,...
New Phishing Campaign Targets Oil & Gas with Evolved Data-Stealing Malware
An updated version of an information-stealing malware called Rhadamanthys is being used in phishing campaigns targeting the oil and gas sector. "The phishing emails use a unique vehicle incident lure and, in later stages of the infection chain, spoof the Federal...
Want to keep Windows 10 secure? This is how much Microsoft will charge you
Want to keep Windows 10 secure? This is how much Microsoft will charge you Go to Source Hint: It will keep going up Updated Microsoft has laid out the ground rules for getting Windows 10 Extended Security Updates (ESU) as market...
The TechBeat: The Case Against Rocky Linux (4/4/2024)
How are you, hacker? 🪐Want to know what's trending right now?: The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here. ## The Case Against Rocky Linux By @eluser [ 12 Min read ] Rocky Linux...
Want to keep getting Windows 10 updates next year? Here’s what it will cost
Want to keep getting Windows 10 updates next year? Here's what it will cost Go to Source The official price list for the Windows 10 Extended Security Updates program is out. For businesses, it's shockingly expensive. For educators,...
Google Warns: Android Zero-Day Flaws in Pixel Phones Exploited by Forensic Companies
Google has disclosed that two Android security flaws impacting its Pixel smartphones have been exploited in the wild by forensic companies. The high-severity zero-day vulnerabilities are as follows - CVE-2024-29745 - An information disclosure flaw in the bootloader...
Microsoft lays out plans, pricing for Windows 10 life support
Microsoft lays out plans, pricing for Windows 10 life support Go to Source Want security updates? It's gonna cost you Microsoft has laid out the ground rules for getting Windows 10 Extended Security Updates (ESU) as market share...
Google Chrome Beta Tests New DBSC Protection Against Cookie-Stealing Attacks
Google on Tuesday said it's piloting a new feature in Chrome called Device Bound Session Credentials (DBSC) to help protect users against session cookie theft by malware. The prototype – currently tested against "some" Google Account users running Chrome Beta – is...
Cyber Security Today, April 3, 2024 – New Linux vulnerability is found, and a must-read ransomware case study
A new Linux vulnerability is found and a must-read ransomware case study. Welcome to Cyber Security Today. It’s Wednesday, April 3rd, 2024. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S. Following on...
Google Patches Exploited Pixel Vulnerabilities
Google patches 28 vulnerabilities in Android and 25 bugs in Pixel devices, including two flaws exploited in the wild. The post Google Patches Exploited Pixel Vulnerabilities appeared first on SecurityWeek.
SurveyLama – 4,426,879 breached accounts
In February 2024, the paid survey website SurveyLama suffered a data breach that exposed 4.4M customer email addresses. The incident also exposed names, physical and IP addresses, phone numbers, dates of birth and passwords stored as either salted SHA-1, bcrypt or...
A Nifty F1C100S Dual-Board Computer
The F1C100S (and the F1C200S) is a super simple CPU to use – it’s QFN, it has RAM built-in, and it can run Linux. It just makes sense that we bring it up to you once again, this time, on this dual-board computer by [minilogic]. The boards look super accessible to...
HP Spectre x360 14 review (2024): Keeping the 2-in-1 laptop dream alive
HP Spectre x360 14 review (2024): Keeping the 2-in-1 laptop dream alive Go to Source The idea behind convertible, or 2-in-1 PCs, has remained the same over the last decade: Why buy a tablet when your laptop can fold a full 360...