Security
Headlines
HeadlinesLatestCVEs

Tag

#web

Decoy Microsoft Word Documents Used to Deliver Nim-Based Malware

A new phishing campaign is leveraging decoy Microsoft Word documents as bait to deliver a backdoor written in the Nim programming language. "Malware written in uncommon programming languages puts the security community at a disadvantage as researchers and reverse engineers' unfamiliarity can hamper their investigation," Netskope researchers Ghanashyam Satpathy and Jan Michael Alcantara

The Hacker News
Open in Source
#vulnerability#web#mac#windows#microsoft#intel#backdoor#zero_day#The Hacker News
Facebook Marketplace Is Being Ruined by Zelle Scammers

I tried to sell a futon on Facebook Marketplace and nearly all I got were scammers.

UAC-0099 Using WinRAR Exploit to Target Ukrainian Firms with LONEPAGE Malware

The threat actor known as UAC-0099 has been linked to continued attacks aimed at Ukraine, some of which leverage a high-severity flaw in the WinRAR software to deliver a malware strain called LONEPAGE. "The threat actor targets Ukrainian employees working for companies outside of Ukraine," cybersecurity firm Deep Instinct said in a Thursday analysis. UAC-0099 was first

Microsoft Warns of New 'FalseFont' Backdoor Targeting the Defense Sector

Organizations in the Defense Industrial Base (DIB) sector are in the crosshairs of an Iranian threat actor as part of a campaign designed to deliver a never-before-seen backdoor called FalseFont. The findings come from Microsoft, which is tracking the activity under its weather-themed moniker Peach Sandstorm (formerly Holmium), which is also known as APT33, Elfin, and Refined Kitten. "

BidenCash Market Leaks 1.6 Million Credit Card Details

By Waqas BidenCash is recognized as a hub for stolen payment card data, operating both on the dark web and the clear net. This is a post from HackRead.com Read the original post: BidenCash Market Leaks 1.6 Million Credit Card Details

Comcast’s Xfinity breached by Citrix Bleed; 36 million customer’s data accessed

Xfinity has notified customers that due to exploitation of the Citrix Bleed vulnerability, attackers were able to access personal data of almost 36 million customers.

How Outlook notification sounds can lead to zero-click exploits

A researcher found two Microsoft vulnerabilities which could be combined to achieve zero-click remote code execution.

Update Chrome now! Emergency update patches zero-day

Google has issued an emergency update for Chrome that fixes an actively exploited zero-day vulnerability in the WebRTC component.

Webinar recap: Ransomware gangs and Living Off The Land attacks (LOTL)

Learn how RaaS gangs use LOTL tactics in their attacks on organizations.

CVE-2023-7024: Chromium: CVE-2023-7024 Heap buffer overflow in WebRTC

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**