Zero-Day ‘Follina’ Bug Lays Microsoft Office Open to Attack
Malware loads itself from remote servers and bypasses Microsoft's Defender AV scanner, according to reports. [...]
Malware loads itself from remote servers and bypasses Microsoft's Defender AV scanner, according to reports. [...]
Malware loads itself from remote servers and bypasses Microsoft's Defender AV scanner, according to reports. [...]
Cisco Talos discovered eight vulnerabilities in the Open Automation Software, two of them critical, that pose risk for critical infrastructure networks. [...]
The Google Project Zero researcher found a bug in XML parsing on the Zoom client and server. [...]
2022’s DBIR also highlighted the far-reaching impact of supply-chain breaches and how organizations and their employees are the reasons why incidents occur. [...]
Following a recent Supreme Court ruling, the Justice Department will no longer prosecute “good faith” security researchers with cybercrimes: The policy for the first time directs that good-faith security research should not be charged. Good faith security research means accessing a computer solely for purposes of good-faith testing, investigation …
Privilege escalation flaw discovered in the Jupiter and JupiterX Core Plugin affects more than 90,000 sites. [...]
Researchers say a GitHub proof-of-concept exploitation of recently announced VMware bugs is being abused by hackers in the wild. [...]
Microsoft researchers say they are tracking a botnet that is leveraging bugs in the Spring Framework and WordPress plugins. [...]
Wireless features Bluetooth, NFC and UWB stay on even when the device is powered down, which could allow attackers to execute pre-loaded malware. [...]
Microsoft's May Patch Tuesday update is triggering authentication errors. [...]
Tony Lauro, director of security technology and strategy at Akamai, discusses reducing your company's attack surface and the "blast radius" of a potential attack. [...]
Dell and HP were among the first to release patches and fixes for the bug. [...]
Microsoft's May Patch Tuesday roundup also included critical fixes for a number of flaws found in infrastructure present in many enterprise and cloud environments. [...]
Why a private college that stayed in business for 157 years had to close after the combo of COVID-19 and ransomware proved too much. [...]
The bug has a severe rating of 9.8, public exploits are released. [...]
A huge spike in fraudulent activities related to attacks leveraging business email accounts is a billion-dollar-problem. [...]
The vulnerability is 'critical' with a CVSS severity rating of 9.8 out of 10. [...]
A flaw in all versions of the popular C standard libraries uClibe and uClibe-ng can allow for DNS poisoning attacks against target devices. [...]
A deep dive into securing containerized environments and understanding how they present unique security challenges. [...]
Exclusive Threatpost research examines organizations’ top cloud security concerns, attitudes towards zero-trust and DevSecOps. [...]
GitHub shared the timeline of breaches in April 2022, this timeline encompasses the information related to when a threat actor gained access and stole private repositories belonging to dozens of organizations. [...]
The Botnet appears to use a new delivery method for compromising Windows systems after Microsoft disables VBA macros by default. [...]
Both Google and Mandiant are reporting a significant increase in the number of zero-day vulnerabilities reported in 2021. Google: 2021 included the detection and disclosure of 58 in-the-wild 0-days, the most ever recorded since Project Zero began tracking in mid-2014. That’s more than double the previous maximum of …
Four months after the critical flaw was discovered, attackers have a massive attack surface from which they can exploit the flaw and take over systems, researchers found. [...]