Jun 26, 2024NewsroomVulnerability / Data Protection A newly disclosed critical security flaw impacting Progress Software MOVEit Transfer is already seeing exploitation attempts in the wild shortly after details of the bug were publicly disclosed. The vulnerability, tracked as CVE-2024-5806 (CVSS score: 9.1), concerns an authentication bypass that impacts the following … [Read more...] about New MOVEit Transfer Vulnerability Under Active Exploitation
software vulnerability
New Attack Technique Exploits Microsoft Management Console Files
Jun 25, 2024NewsroomVulnerability / Threat Detection Threat actors are exploiting a novel attack technique in the wild that leverages specially crafted management saved console (MSC) files to gain full code execution using Microsoft Management Console (MMC) and evade security defenses. Elastic Security Labs has codenamed the approach GrimResource after identifying an artifact … [Read more...] about New Attack Technique Exploits Microsoft Management Console Files
Google Introduces Project Naptime for AI-Powered Vulnerability Research
Jun 24, 2024NewsroomVulnerability / Artificial Intelligence Google has developed a new framework called Project Naptime that it says enables a large language model (LLM) to carry out vulnerability research with an aim to improve automated discovery approaches. "The Naptime architecture is centered around the interaction between an AI agent and a target codebase," Google … [Read more...] about Google Introduces Project Naptime for AI-Powered Vulnerability Research
ExCobalt Cyber Gang Targets Russian Sectors with New GoRed Backdoor
Jun 22, 2024NewsroomCyber Espionage / Threat Intelligence Russian organizations have been targeted by a cybercrime gang called ExCobalt using a previously unknown Golang-based backdoor known as GoRed. "ExCobalt focuses on cyber espionage and includes several members active since at least 2016 and presumably once part of the notorious Cobalt Gang," Positive Technologies … [Read more...] about ExCobalt Cyber Gang Targets Russian Sectors with New GoRed Backdoor
New Adware Campaign Targets Meta Quest App Seekers
Jun 22, 2024NewsroomPhishing Attack / Adware A new campaign is tricking users searching for the Meta Quest (formerly Oculus) application for Windows into downloading a new adware family called AdsExhaust. "The adware is capable of exfiltrating screenshots from infected devices and interacting with browsers using simulated keystrokes," cybersecurity firm eSentire said in an … [Read more...] about New Adware Campaign Targets Meta Quest App Seekers
Chinese Hackers Deploy SpiceRAT and SugarGh0st in Global Espionage Campaign
Jun 21, 2024NewsroomMalware / Threat Intelligence A previously undocumented Chinese-speaking threat actor codenamed SneakyChef has been linked to an espionage campaign primarily targeting government entities across Asia and EMEA (Europe, Middle East, and Africa) with SugarGh0st malware since at least August 2023. "SneakyChef uses lures that are scanned documents of government … [Read more...] about Chinese Hackers Deploy SpiceRAT and SugarGh0st in Global Espionage Campaign
Researchers Uncover UEFI Vulnerability Affecting Multiple Intel CPUs
Jun 20, 2024NewsroomFirmware Security / Vulnerability Cybersecurity researchers have disclosed details of a now-patched security flaw in Phoenix SecureCore UEFI firmware that affects multiple families of Intel Core desktop and mobile processors. Tracked as CVE-2024-0762 (CVSS score: 7.5), the "UEFIcanhazbufferoverflow" vulnerability has been described as a case of a buffer … [Read more...] about Researchers Uncover UEFI Vulnerability Affecting Multiple Intel CPUs
Kraken Crypto Exchange Hit by $3 Million Theft Exploiting Zero-Day Flaw
Jun 19, 2024NewsroomCybercrime / Crypto Security Crypto exchange Kraken revealed that an unnamed security researcher exploited an "extremely critical" zero-day flaw in its platform to steal $3 million in digital assets and refused to return them. Details of the incident were shared by Kraken's Chief Security Officer, Nick Percoco, on X (formerly Twitter), stating it received … [Read more...] about Kraken Crypto Exchange Hit by $3 Million Theft Exploiting Zero-Day Flaw
Signal Foundation Warns Against EU’s Plan to Scan Private Messages for CSAM
Jun 18, 2024NewsroomPrivacy / Encryption A controversial proposal put forth by the European Union to scan users' private messages for detection child sexual abuse material (CSAM) poses severe risks to end-to-end encryption (E2EE), warned Meredith Whittaker, president of the Signal Foundation, which maintains the privacy-focused messaging service of the same name. "Mandating … [Read more...] about Signal Foundation Warns Against EU’s Plan to Scan Private Messages for CSAM
ASUS Patches Critical Authentication Bypass Flaw in Multiple Router Models
Jun 17, 2024NewsroomRouter Security / Vulnerability ASUS has shipped software updates to address a critical security flaw impacting its routers that could be exploited by malicious actors to bypass authentication. Tracked as CVE-2024-3080, the vulnerability carries a CVSS score of 9.8 out of a maximum of 10.0. "Certain ASUS router models have authentication bypass … [Read more...] about ASUS Patches Critical Authentication Bypass Flaw in Multiple Router Models