Cybersecurity researchers today disclosed a new highly critical "wormable" vulnerability—carrying a severity score of 10 out of 10 on the CVSS scale—affecting Windows Server versions 2003 to 2019.The 17-year-old remote code execution flaw (CVE-2020-1350), dubbed 'SigRed' by Check Point, could allow an unauthenticated, remote attacker to gain domain administrator privileges over … [Read more...] about 17-Year-Old Critical ‘Wormable’ RCE Vulnerability Impacts Windows DNS Servers
windows
Unpatched Critical Flaw Disclosed in Zoom Software for Windows 7 or Earlier
A zero-day vulnerability has been discovered in Zoom video conferencing software for Windows that could allow an attacker to execute arbitrary code on a victim's computer running Microsoft Windows 7 or older.To successfully exploit the zoom vulnerability, all an attacker needs to do is tricking a Zoom user into performing some typical action like opening a received document … [Read more...] about Unpatched Critical Flaw Disclosed in Zoom Software for Windows 7 or Earlier
Microsoft Releases Urgent Windows Update to Patch Two Critical Flaws
Microsoft yesterday quietly released out-of-band software updates to patch two high-risk security vulnerabilities affecting hundreds of millions of Windows 10 and Server editions' users.To be noted, Microsoft rushed to deliver patches almost two weeks before the upcoming monthly 'Patch Tuesday Updates' scheduled for 14th July.That's likely because both flaws reside in the … [Read more...] about Microsoft Releases Urgent Windows Update to Patch Two Critical Flaws
Zero-day RCE vulnerabilities in Windows Adobe Type Manager Library actively exploited
Updated on April 14. Microsoft has issued a warning about two new vulnerabilities in the Adobe Type Manager Library. Moreover, according to their information, some attackers are already exploiting them in targeted attacks. On April 14, Microsoft released security updates that address these vulnerabilities. What is Adobe Type Manager Library and how is it vulnerable There were … [Read more...] about Zero-day RCE vulnerabilities in Windows Adobe Type Manager Library actively exploited
A Bug in Facebook Messenger for Windows Could’ve Helped Malware Gain Persistence
Cybersecurity researchers at Reason Labs, the threat research arm of security solutions provider Reason Cybersecurity, today disclosed details of a vulnerability they recently discovered in the Facebook Messenger application for Windows.The vulnerability, which resides in Messenger version 460.16, could allow attackers to leverage the app to potentially execute malicious files … [Read more...] about A Bug in Facebook Messenger for Windows Could’ve Helped Malware Gain Persistence
Apple iTunes and iCloud for Windows 0-Day Exploited in Ransomware Attacks
Watch out Windows users!The cybercriminal group behind BitPaymer and iEncrypt ransomware attacks has been found exploiting a zero-day vulnerability affecting a little-known component that comes bundled with Apple's iTunes and iCloud software for Windows to evade antivirus detection.The vulnerable component in question is the Bonjour updater, a zero-configuration implementation … [Read more...] about Apple iTunes and iCloud for Windows 0-Day Exploited in Ransomware Attacks
Smominru botnet attacks outdated Windows systems with EternalBlue
Active since 2017, Smominru has now become one of the most rapidly spreading computer malware, according to a publicly available report. In 2019, during August alone, it infected 90,000 machines worldwide, with an infection rate of up to 4,700 сcomputers per day. China, Taiwan, Russia, Brazil, and the US have seen the most attacks, but that doesn’t mean other countries are out … [Read more...] about Smominru botnet attacks outdated Windows systems with EternalBlue
New Malware Uses Windows BITS Service to Stealthy Exfiltrate Data
Cybersecurity researchers have discovered a new computer virus associated with the Stealth Falcon state-sponsored cyber espionage group that abuses a built-in component of the Microsoft Windows operating system to stealthily exfiltrate stolen data to attacker-controlled server.Active since 2012, Stealth Falcon is a sophisticated hacking group known for targeting journalists, … [Read more...] about New Malware Uses Windows BITS Service to Stealthy Exfiltrate Data
Google Discloses 20-Year-Old Unpatched Flaw Affecting All Versions of Windows
Update — With this month's patch Tuesday updates, Microsoft has finally addressed this vulnerability, tracked as CVE-2019-1162, by correcting how the Windows operating system handles calls to Advanced Local Procedure Call (ALPC). A Google security researcher has just disclosed details of a 20-year-old unpatched high-severity vulnerability affecting all versions of Microsoft … [Read more...] about Google Discloses 20-Year-Old Unpatched Flaw Affecting All Versions of Windows
FinSpy is spyware for Android, iOS, Windows, and macOS
What happens when spyware is developed not by underground malware coders, but by a serious IT firm? The result can be a nasty thing like FinSpy (also known as FinFisher), which has been developed and sold perfectly legally for quite some time now. Over the past year, we’ve detected this spyware on dozens of mobile devices. What FinSpy gets up to Although a desktop version of … [Read more...] about FinSpy is spyware for Android, iOS, Windows, and macOS