Recent Security News
-
October 10, 2023 at 12:38PM – Microsoft announces plans to kill VBScript malware delivery
October 10, 2023 at 12:38PM Microsoft plans to phase out VBScript in future Windows releases, after 30 years of use. VBScript will become an on-demand feature until it is completely removed from the operating system. This decision is likely related to the discontinuation of Internet Explorer, which eliminates a major infection vector for malware. Microsoft…
-
Mirai DDoS malware variant expands targets with 13 router exploits
October 10, 2023 at 04:36PM The Mirai-based DDoS malware botnet known as IZ1H9 has expanded its targets to include Linux-based routers and routers from brands like D-Link, Zyxel, TP-Link, and TOTOLINK. Fortinet researchers have observed high exploitation rates in September, with tens of thousands of attempts on vulnerable devices. IZ1H9 compromises devices, enlists them in…
-
October 10, 2023 at 12:16PM – North Korea’s State-Sponsored APTs Organize & Align
October 10, 2023 at 12:16PM North Korean APT groups have increased collaboration and coordination during the COVID-19 pandemic. The lines are blurring between individual groups, making it difficult to determine responsibility for specific threat activities. North Korean actors are diversifying attacks, sharing tools and code, and targeting the supply chain. Collaboration between defenders, governments, and…
-
October 10, 2023 at 12:07PM – Researcher bags two-for-one deal on Linux bugs while probing GNOME component
October 10, 2023 at 12:07PM Researchers have discovered a high-severity remote code execution (RCE) vulnerability in a component of GNOME-based Linux distros. Tracked as CVE-2023-43641, the exploit takes advantage of the libcue library, used to parse cue sheets, and the tracker-miners application. The vulnerability affects all GNOME-based distros and can be triggered by downloading a…
-
Microsoft Exchange gets ‘better’ patch to mitigate critical bug
October 10, 2023 at 04:07PM Microsoft has released a new security update (CVE-2023-36434) to address a critical vulnerability in Microsoft Exchange Server (CVE-2023-21709). The update eliminates the need for additional steps and manual removal of a vulnerable Windows IIS Token Cache module. Admins who have already removed the module must install the new security update…