It has been nine days since Microsoft patched the high-severity vulnerability known as BlueKeep, and yet the dire advisories about its potential to sow worldwide disruptions keep coming.
A security researcher and exploit seller going by the name of SandboxEscaper has published today new Windows zero-days for the third day in a row.
On her GitHub account, the researcher published proof-of-concept code for two zero-days, but also short explainers on how to use the two exploits.
These two new exploits mark the seventh and eight zero-days the researcher has published in the last ten months. To summarize, over the course of the last three days, she also published:
Shade, a ransomware known to target Russian victims, has been spotted in several recent campaigns scoping out new locations – including in the U.S. and Japan.
The ransomware, first spotted in late 2014 by Kaspersky Lab researchers, has been known for focusing on Russian victims – but more recent cyberattacks indicate that the majority of Shade ransomware executables are targeting users outside of Russia.
Joomla has issued a statement revealing that its servers were hacked and subsequent to the breach, a cryptocurrencies mining script was installed on some of them. Joomla added that, after investigation, it believes the breach could have been prevented.
Mark Zuckerberg is countering calls to break up Facebook, saying that doing so would only diminish his company's billion-dollar attempts to fix the social network.
"The amount of our budget that goes toward our safety systems I believe is greater than Twitter's revenue for this whole year," Zuckerberg told journalists on a press call on Thursday.
For the first time, security researchers have uncovered and analyzed a Linux variant of Winnti, one of the favorite hacking tools used by Beijing hackers over the past decade.
Discovered by security researchers from Chronicle, Alphabet's cyber-security division, the Linux version of the Winnti malware works as a backdoor on infected hosts, granting attackers access to compromised systems.
A group that’s been linked to Iranian-based hackers has been working to obfuscate its activities to evade detection, according to new research from Cisco’s Talos researchers.
The hackers, whose attacks are ongoing, are working to avoid host-based signatures and Yara signatures by using a Visual Basic for Applications (VBA) script, PowerShell stager attacks, and a separate command and control server, researchers write in a blog post. In some cases the group, which Talos has dubbed “BlackWater,” has been successful in avoiding detection mechanisms.
Researchers have found a new way to defeat the boot verification process for some Intel-based systems, but the technique can also impact other platforms and can be used to compromise machines in a stealthy and persistent way.
Researchers Peter Bosch and Trammell Hudson presented a time-of-check, time-of-use (TOCTOU) attack against the Boot Guard feature of Intel's reference Unified Extensible Firmware Interface (UEFI) implementation at the Hack in the Box conference in Amsterdam this week.
You've heard the advice a million times. Don't click links in suspicious emails or texts. Don't download shady apps. But a new Financial Times report alleges that the notorious Israeli spy firm NSO Group developed a WhatsApp exploit that could inject malware onto targeted phones—and steal data from them—simply by calling them. The targets didn't need to pick up to be infected, and the calls often left no trace on the phone's log. But how would a hack like that even work in the first place?
First disclosed in January 2018, the Meltdown and Spectre attacks have opened the floodgates, leading to extensive research into the speculative execution hardware found in modern processors, and a number of additional attacks have been published in the months since.
