Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

Russian FSB Hackers Breach Pakistan's APT Storm-0156

Parasitic advanced persistent threat Secret Blizzard accesses another APT's infrastructure and steals what it has stolen from South Asian government and military targets.

DARKReading
Open in Source
#apple#microsoft#intel#backdoor#auth
Pegasus Spyware Infections Proliferate Across iOS, Android Devices

The notorious spyware from Israel's NSO Group has been found targeting journalists, government officials, and corporate executives in multiple variants discovered in a threat scan of 3,500 mobile phones.

Are We on the Brink of Saying Goodbye to Passwords?

Explore the transition from passwords to a passwordless future: enhanced security, convenience, and cutting-edge innovations in biometrics and…

About Elevation of Privilege – Windows Task Scheduler (CVE-2024-49039) vulnerability

About Elevation of Privilege – Windows Task Scheduler (CVE-2024-49039) vulnerability. It was released on November Microsoft Patch Tuesday and showed signs of exploitation in the wild right away. To exploit the vulnerability, an authenticated attacker runs a specially crafted application on the target system. The attack can be performed from an AppContainer restricted environment. Using […]

Hackers Use Corrupted ZIPs and Office Docs to Evade Antivirus and Email Defenses

Cybersecurity researchers have called attention to a novel phishing campaign that leverages corrupted Microsoft Office documents and ZIP archives as a way to bypass email defenses. "The ongoing attack evades #antivirus software, prevents uploads to sandboxes, and bypasses Outlook's spam filters, allowing the malicious emails to reach your inbox," ANY.RUN said in a series of posts on X. The

Data Vigilante Leaks 772K Employee Records from Top Firms and 12.3M-Row Database

A massive data leak linked to the MOVEit vulnerability has exposed millions of employee records from major companies. Learn about the impact of this leak, the role of the "data vigilante" Nam3L3ss.

Microsoft Warbird and PMP Security Research

This paper provides an in-depth technical explanation, illustration, and verification of discovered attacks affecting PlayReady on Windows 10 / 11 x64 that pertain to Warbird deficiencies, content key sniffer operation, magic XOR keys discovery, white-box crypto attack, and complete client identity compromise attacks.

How Attackers Use Corrupted Files to Slip Past Security

New zero-day attack bypasses antivirus, sandboxes, and spam filters using corrupted files. Learn how ANY.RUN’s sandbox detects and…

'Bootkitty' First Bootloader to Take Aim at Linux

Though it's still just a proof of concept, the malware is functional and can evade the Secure Boot process on devices from multiple vendors.

New Rockstar 2FA Phishing-as-a-Service Kit Targets Microsoft 365 Accounts

SUMMARY Cybersecurity researchers at Trustwave have discovered “Rockstar 2FA,” a phishing-as-a-service platform designed to help hackers and script…