Microsoft Office has a security flaw that might allow for remote code execution attacks, according to researchers. The vulnerability gained notoriety as a zero-day after researchers discovered it was being exploited against Microsoft Office programmes. Microsoft Office Zero-Day A significant…
Latest posts - Page 56
QBot is now distributing Black Basta ransomware in bot-powered attacks
To spread laterally through hacked corporate environments, the Black Basta ransomware gang has collaborated with the QBot malware operation. QBot (QuakBot) is a Windows malware that steals bank credentials and Windows domain credentials before delivering additional malware payloads to infected…
Yunmai’s weight-monitoring software faces mass account takeover danger due to an unpatched bug chain
At least 500,000 Android accounts have had their data compromised. According to security researchers, a chained zero-day attack could potentially expose all user data in the backend of the companion mobile app for a popular smart weight scale. Bogdan Tiron,…
CISA Warns About Critical Vulnerabilities in Illumina’s DNA Sequencing Devices
The Food and Drug Administration (FDA) and the US Cybersecurity and Infrastructure Security Agency (CISA) have issued an advisory concerning serious security vulnerabilities in Illumina’s next-generation sequencing (NGS) software. The severity of three of the problems is rated 10 out…
State-sponsored hackers use Microsoft’s ‘Follina’ bug to target entities in Europe and the United States
A suspected state-aligned threat actor has been linked to a new wave of attacks targeting government entities in Europe and the United States using the Microsoft Office “Follina” vulnerability. Proofpoint, an enterprise security firm, said it blocked attempts to exploit…
Evasive phishing employs reverse tunnels and URL shortening services
Researchers are seeing an increase in the use of reverse tunnel services, as well as URL shorteners, for large-scale phishing campaigns, making the malicious activity more difficult to detect. This practise differs from the more common practice of registering domains…
Spam campaign using SVCReady malware
A new phishing campaign using SVCReady, a known malware, has been observed. “The malware is notable for the unusual way it is delivered to target PCs — using shellcode hidden in the properties of Microsoft Office documents,” Patrick Schläpfer, a…
Critical flaw was found inside the UNISOC smartphone chip
Check Point Research was the one who found the flaw. UNISOC handles 11% of all smartphones in the globe. Check Point Research has discovered a significant security flaw in UNISOC’s smartphone chip, which is responsible for cellular connection in 11%…
Bored Ape Yacht club hacked third time this year
Threat actors took over Bored Ape Yacht Club (BAYC) for the third time this year. They have stolen and sold NFTs worth $250,000 or 142 ETH. The attacker used a phishing attack and established a phishing site that mimicked the…
Foxconn confirms ransomware attack halted the production in Mexico
A ransomware attack on one of Foxconn’s Mexico-based production factories occurred in late May, according to the electronics maker. The organisation could not offer any information about the attackers, but the LockBit ransomware gang claimed responsibility for the incident. Foxconn…