December 3, 2024 at 06:03AM Cybersecurity researchers identified vulnerabilities in Palo Alto Networks and SonicWall VPN clients, allowing potential remote code execution on Windows and macOS systems. Exploiting these flaws via a rogue VPN server could lead to malicious software installation. Users are urged to apply patches to mitigate risks. No active exploitation reported yet. … Read more
October 28, 2024 at 05:14PM Delta Air Lines is suing CrowdStrike for $500 million in lost revenue due to a July outage caused by a defective update to its Falcon Sensor software. The incident led to thousands of flight cancellations and lawsuits. Delta aims to recover costs and punitive damages amid a dispute over liability. … Read more
October 26, 2024 at 08:34AM Attackers can exploit Windows Update to downgrade kernel components, bypassing security features and allowing rootkit deployment on patched systems. Researcher Alon Leviev demonstrated this vulnerability and developed a tool called Windows Downdate, highlighting the dangers of downgrade attacks that undermine the meaning of a “fully patched” system. ### Meeting Takeaways: … Read more
October 16, 2024 at 04:09PM EDRSilencer, an open-source tool used in red-team operations, is being exploited by threat actors to disable security alerts and evade detection by blocking 16 common EDR tools. This shift enhances stealth for malicious activities, prompting researchers to advise organizations to adopt advanced detection and threat-hunting strategies. ### Meeting Takeaways: 1. … Read more
August 27, 2024 at 09:30AM Microsoft is hosting the Windows Endpoint Security Ecosystem Summit to address security and resilience following the disruptive CrowdStrike incident. The summit aims to outline short- and long-term actions for user protection, with a focus on improving security, safe deployment practices, and resiliency. Discussions will include the impact of kernel access … Read more
August 16, 2024 at 01:18PM The utility gains privilege escalation and the ability to disable endpoint protection software by using a public exploit after loading a vulnerable driver. Based on the meeting notes, it appears that the discussion revolved around the use of a vulnerable driver to gain the ability to disable endpoint protection software … Read more
July 25, 2024 at 04:05PM Check Point discovered CVE-2024-38112, a remote code execution vulnerability affecting Microsoft Windows and Windows Server. Threat actors exploit this via Internet Shortcut files and by disguising .hta applications as PDFs. CISA has categorized it as a high-severity risk and mandated updates for federal Windows systems by July 30. Organizations with … Read more
June 27, 2024 at 03:18PM SecurityWeek Network provides cybersecurity news, webcasts, virtual events, and coverage of topics such as malware, cyberwarfare, data breaches, ransomware, and more. It also includes content on security operations, incident response, risk management, and industrial cybersecurity, as well as discussions on CISO strategy and cyber insurance. It seems that the provided … Read more
June 5, 2024 at 10:03AM The global work landscape has shifted due to the COVID-19 pandemic, leading to a rise in remote work. This brings benefits of flexibility and cost savings for employees and employers, but also poses security threats like phishing scams and ransomware. Establishing a robust remote-access policy and cybersecurity strategies is essential … Read more
May 29, 2024 at 10:56AM The BlackSuit ransomware gang, linked to the Royal gang, targets US-based companies in critical sectors with a focus on financial gain. Using advanced methods, the group’s attack tactics include lateral movement, Kerberoasting, FTP exfiltration, and ransomware deployment. Mitigation tactics involve network configuration management and strengthening password encryption to prevent such … Read more