Office 365 to give detailed info on malicious email attachments
Microsoft will provide Office 365 Advanced Threat Protection (ATP) users with more details on malware samples and malicious URLs discovered following detonation. [...]
Author Archives: Sergiu Gatlan
Amtrak resets user passwords after Guest Rewards data breach
The National Railroad Passenger Corporation (Amtrak) disclosed a data breach that led to the exposure of personal information of some Guest Rewards members. [...]
Google Chrome 84 to hide abusive notifications starting July
Google will start blocking abusive sites from delivering web notifications to Chrome 84 users starting July by automatically enrolling them in the quieter notifications UI launched in January 2020. [...]
Microsoft mitigates Windows 10 2004 known issue impacting DISM
Microsoft acknowledged and mitigated a new Windows 10 known issue affecting the Deployment Image Servicing and Management (DISM) tool used to service Windows images prior to deployment. [...]
Cisco hacked by exploiting vulnerable SaltStack servers
Cisco said today that some of its Cisco Virtual Internet Routing Lab Personal Edition (VIRL-PE) backend servers were hacked by exploiting critical SaltStack vulnerabilities patched last month. [...]
200K sites with buggy WordPress plugin exposed to wipe attacks
Two high severity security vulnerabilities found in the PageLayer plugin can let attackers to potentially wipe the contents or take over WordPress sites using vulnerable plugin versions. [...]
NSA: Russian govt hackers exploiting critical Exim flaw since 2019
The U.S. National Security Agency (NSA) says that Russian military threat actors tracked as Sandworm Team have been exploiting a critical flaw in the Exim mail transfer agent (MTA) software since at least August 2019. [...]
New Octopus Scanner malware spreads via GitHub supply chain attack
Security researchers have found a new malware that finds and backdoors open-source NetBeans projects hosted on the GitHub web-based code hosting platform to spread to Windows, Linux, and macOS systems and deploy a Remote Administration Tool (RAT). [...]
Microsoft is investigating ten Windows 10 2004 known issues
Right after releasing the Windows 10 May 2020 Update to home customers, Microsoft has already added ten know issues under investigation to the Windows 10 2004 release health dashboard. [...]
Windows 10 2004 comes with Wi-Fi 6 and WPA3 support
Microsoft announced that Windows 10, version 2004 comes with Wi-Fi 6 and WPA3 support for gigabit speeds and better performance, as well as for more secure wireless network connectivity. [...]
German govt urges iOS users to patch critical Mail app flaws
Germany's federal cybersecurity agency today urged iOS users to immediately install the iOS and iPadOS security updates released by Apple on May 20 to patch two actively exploited zero-click security vulnerabilities impacting the default email app. [...]
Germany govt urges iOS users to patch critical Mail app flaws
Germany's federal cybersecurity agency today urged iOS users to immediately install the iOS and iPadOS security updates released by Apple on May 20 to patch two actively exploited zero-click security vulnerabilities impacting the default email app. [...]
$100 million in bounties paid by HackerOne to ethical hackers
Bug bounty platform HackerOne announced today that it has paid out $100,000,000 in rewards to white-hat hackers around the world as of May 26, 2020. [...]
Arbonne MLM data breach exposes user passwords, personal info
International multi-level marketing (MLM) firm Arbonne International exposed the personal information and credentials of thousands after its internal systems were breached by an unauthorized party last month. [...]
Critical Android bug lets malicious apps hide in plain sight
A critical Android security vulnerability disclosed today and dubbed StrandHogg 2.0 can allow malicious apps to camouflage as most legitimate applications and steal sensitive information from Android users. [...]
Hacking group builds new Ketrum malware from recycled backdoors
The Ke3chang hacking group historically believed to be operating out of China has developed new malware dubbed Ketrum by merging features and source code from their older Ketrican and Okrum backdoors. [...]
Russian cyberspies use Gmail to control updated ComRAT malware
ESET security researchers have discovered a new version of the ComRAT backdoor controlled using the Gmail web interface and used by the state-backed Russian hacker group Turla for harvesting and stealing in attacks against governmental institutions. [...]
New Microsoft Teams enhancements announced at Build 2020
Microsoft announced today the rollout of a series of new features and enhancements to the Microsoft Teams cloud collaboration platform including improvements to meetings and events, productivity, automation, and scheduling. [...]
WordPress malware finds WooCommerce sites for Magecart attacks
Researchers at website security firm Sucuri have discovered a new WordPress malware used by threat actors to scan for and identify WooCommerce online shops with a lot of customers. [...]
Critical WordPress plugin bug allows for automated takeovers
Attackers can exploit a critical vulnerability in the WP Product Review Lite plugin installed on over 40,000 WordPress sites to inject malicious code and potentially take over vulnerable websites. [...]
RATicate drops info stealing malware and RATs on industrial targets
Security researchers from Sophos have identified a hacking group that abused NSIS installers to deploy remote access tools (RATs) and information-stealing malware in attacks targeting industrial companies. [...]
Microsoft Office 365 ATP getting malware campaign analysis
Microsoft is in the process of expanding the Office 365 Advanced Threat Protection (ATP) capabilities with attack flow overviews of malware attacks targeting organizations. [...]
New COMpfun malware variant gets commands from HTTP error codes
A new COMpfun remote access trojan (RAT) variant controlled using uncommon HTTP status codes was used in attacks targeting European diplomatic entities. [...]
New Microsoft 365 sign-in pages already spoofed for phishing
Microsoft says that attackers have already adapted their phishing campaigns to use the newly updated design for Azure AD and Microsoft 365 sign-in pages. [...]