June 24, 2024 at 03:06PM A novel command execution technique, ‘GrimResource,’ leverages an unpatched Windows XSS flaw and specially crafted MSC files to deploy malware. This technique successfully evades detection and current antivirus engines. The attack begins with a malicious MSC file exploiting a known XSS vulnerability, ultimately leading to the deployment of Cobalt Strike … Read more
June 20, 2024 at 12:01PM A widespread campaign is targeting cryptocurrency users through fake virtual meeting software, Vortax, delivering infostealing malware such as Rhadamanthys, Stealc, and Atomic. The threat actor “Markopolo” is linked to this campaign, posing as a legitimate software company but actually engaging in credential harvesting. This campaign highlights an increased focus on … Read more
June 12, 2024 at 05:15AM Cybersecurity researchers have uncovered an ongoing phishing campaign using job-themed lures to distribute a backdoor named WARMCOOKIE. The backdoor, deployed via email, is capable of capturing information, executing commands, and downloading additional malicious programs. Additionally, another phishing campaign was detailed, utilizing invoice-related decoys to deploy malware through the Windows search … Read more
May 24, 2024 at 11:01AM ShrinkLocker is a new ransomware strain that utilizes Windows BitLocker to encrypt systems by creating new boot volumes. It employs previously unreported features to maximize the attack’s damage and targets specific Windows versions. The malware modifies registry entries and denies recovery options, indicating a destructive intent rather than financial gain. … Read more
May 14, 2024 at 03:43PM Microsoft released security updates addressing 60 vulnerabilities, including an actively exploited zero-day bug called CVE-2024-30051 with a severity score of 7.8/10. They also warned of CVE-2024-30040 allowing attackers to execute code in Microsoft 365, and CVE-2024-30044 for remote code execution in Microsoft Sharepoint, urging admins to take immediate action. From … Read more
May 1, 2024 at 10:12AM Microsoft confirms that the April 2024 Windows security updates disrupt VPN connections across various Windows platforms. Affected versions include Windows 11, Windows 10, and Windows Server 2008 onwards. Microsoft is investigating the issue and advises users to seek help through specific support channels. While no immediate fix is available, users … Read more
April 19, 2024 at 05:47AM A security researcher at SafeBreach, Or Yair, outlined vulnerabilities associated with the DOS-to-NT path conversion process in Windows, dubbed “MagicDot,” during a Black Hat Asia 2024 session. The issues enable attackers to conceal and impersonate files, directories, and processes, leading to potentially dangerous post-exploitation capabilities. Yair detailed four related vulnerabilities, … Read more
April 9, 2024 at 02:08PM Microsoft has released the KB5036893 cumulative update for Windows 11 23H3, containing 29 changes, fixes, and security updates. It is mandatory and enables Moment 5 features for all users. Users can install it via Windows Update or the Microsoft Update Catalog. The update also includes fixes and improvements and enables … Read more
April 9, 2024 at 02:00PM Microsoft has released the KB5036893 cumulative update for Windows 11 23H3, featuring 29 changes and enabling Moment 5 features for all users. It’s mandatory for April 2024 security updates fixing sixty vulnerabilities. The update can be installed via Windows Update or Microsoft Update Catalog and includes multiple enhancements and fixes. … Read more
April 9, 2024 at 01:39PM Summary: Numerous security vulnerabilities affecting various Microsoft products, Azure services, Intel, and Lenovo have been identified, ranging from remote code execution and elevation of privilege to information disclosure and denial of service. Severity levels vary from critical to low, highlighting the widespread impact on the affected systems. After reviewing the … Read more