December 11, 2024 at 10:36AM A new technique exploits Windows UI Automation to conduct malicious activities undetected by endpoint security. It allows for command execution, data theft, and access to messaging apps. Additionally, recent research highlights vulnerabilities in the DCOM protocol, enabling attackers to remotely write and execute payloads, creating embedded backdoors on target machines. … Read more
December 10, 2024 at 06:09PM Microsoft’s December 2024 Patch Tuesday introduces a significant security update addressing a Windows zero-day vulnerability (CVE-2024-49138) and 71 patches, bringing the year’s total to 1,020. Critical issues involve exploits in LDAP, Hyper-V, and RDP services, necessitating immediate action from security administrators to mitigate risks. ### Meeting Takeaways – December 2024 … Read more
December 10, 2024 at 03:55PM This month, Microsoft has released 72 fixes, with CVE-2024-49138 posing an immediate risk due to active exploitation. Adobe, on the other hand, issued 167 fixes, including 91 for Adobe Experience Manager and critical updates for Adobe Connect. Users are urged to patch vulnerabilities across all platforms promptly. ### Meeting Takeaways … Read more
December 10, 2024 at 01:38PM Several Microsoft vulnerabilities were reported, affecting various components such as Microsoft Defender, Edge, Office, SharePoint, and Windows services. Severity levels range from moderate to critical, with numerous remote code execution and elevation of privilege vulnerabilities listed, posing significant security risks to users and systems. ### Meeting Takeaways: CVE Vulnerabilities Overview … Read more
November 29, 2024 at 12:00PM Unofficial security patches have been released on the 0patch platform to fix a two-year-old zero-day vulnerability in the Windows Mark of the Web (MotW) security mechanism. **Meeting Takeaways:** 1. **Security Update Release**: Free unofficial security patches are now available via the 0patch platform. 2. **Vulnerability Addressed**: These patches target a … Read more
November 28, 2024 at 05:06AM A malware campaign exploiting the Godot Engine has infected over 17,000 systems since June 2024, using crafted GDScript code. The attack employs 200+ bogus GitHub accounts to distribute GodLoader, targeting Windows and adaptable to other OS. This underscores the need for users to download from trusted sources. **Meeting Takeaways (Nov … Read more
November 27, 2024 at 04:22AM A Russia-linked hacking group, RomCom, has exploited two recent Firefox and Windows zero-day vulnerabilities to install a backdoor on victims’ machines. Mostly targeting entities in North America and Europe, the group employs sophisticated methods requiring no user interaction, highlighting their capacity for stealthy cyber operations. ### Meeting Takeaways: 1. **APT … Read more
November 26, 2024 at 06:18AM The Russia-aligned group RomCom has exploited two zero-day vulnerabilities in Mozilla Firefox and Microsoft Windows to install their backdoor malware on victim systems without user interaction. The attacks utilize a fake website to redirect users, highlighting RomCom’s advanced capabilities and its history of cybercrime since 2022. ### Meeting Takeaways – … Read more
November 25, 2024 at 04:24AM Researchers have identified a new malware campaign utilizing the Bring Your Own Vulnerable Driver (BYOVD) technique. This malware exploits a legitimate Avast Anti-Rootkit driver to disable security measures and gain kernel-level access, terminating 142 processes. The initial access vector and the scale of these attacks remain unknown. **Meeting Takeaways: Cybersecurity … Read more
November 13, 2024 at 04:37PM Suspected Russian hackers exploited a recently patched Windows vulnerability (CVE-2024-43451) targeting Ukrainian entities. This NTLM Hash Disclosure flaw allows attackers to steal user login credentials via phishing emails. Microsoft confirmed the vulnerability’s exploitation requires minimal user interaction and has affected all supported Windows versions, prompting CISA to issue a security … Read more