Security
Headlines
HeadlinesLatestCVEs

Source

Threatpost

Zero-Day ‘Follina’ Bug Lays Older Microsoft Office Versions Open to Attack

Malware loads itself from remote servers and bypasses Microsoft's Defender AV scanner, according to reports.

Threatpost
#vulnerability#mac#microsoft#zero_day
Critical Flaws in Popular ICS Platform Can Trigger RCE

Cisco Talos discovered eight vulnerabilities in the Open Automation Software, two of them critical, that pose risk for critical infrastructure networks.

Cybergang Claims REvil is Back, Executes DDoS Attacks

Actors claiming to be the defunct ransomware group are targeting one of Akami’s customers with a Layer 7 attack, demanding an extortion payment in Bitcoin.

Link Found Connecting Chaos, Onyx and Yashma Ransomware

A slip-up by a malware author has allowed researchers to taxonomize three ransomware variations going by different names.

Zoom Patches ‘Zero-Click’ RCE Bug

The Google Project Zero researcher found a bug in XML parsing on the Zoom client and server.

Verizon Report: Ransomware, Human Error Among Top Security Risks

2022’s DBIR also highlighted the far-reaching impact of supply-chain breaches and how organizations and their employees are the reasons why incidents occur.

Fronton IOT Botnet Packs Disinformation Punch

Fronton botnet has far more ability than launching DDOS attack, can track social media trends and launch suitable propaganda.

Zero Trust for Data Helps Enterprises Detect, Respond and Recover from Breaches

Mohit Tiwari, CEO of Symmetry Systems, explores Zero Trust, data objects and the NIST framework for cloud and on-prem environments.

Snake Keylogger Spreads Through Malicious PDFs

Microsoft Word also leveraged in the email campaign, which uses a 22-year-old Office RCE bug.

Closing the Gap Between Application Security and Observability

Daniel Kaar, global director application security engineering at Dynatrace, highlights the newfound respect for AppSec-enabled observability in the wake of Log4Shell.