Credit to Author: Paul Ducklin| Date: Mon, 24 Apr 2023 16:59:17 +0000
Wouldn’t it be handy if there were a single version number to check for in every Chromium-based browser, on every supported platform?
Read more
Credit to Author: BrianKrebs| Date: Fri, 21 Apr 2023 01:05:44 +0000
We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX, a complex, lengthy intrusion that has the makings of a cyberpunk spy novel: North Korean hackers using legions of fake executive accounts on LinkedIn to lure people into opening malware disguised as a job offer; malware targeting Mac and Linux users working at defense and cryptocurrency firms; and software supply-chain attacks nested within earlier supply chain attacks.
Read moreCredit to Author: Microsoft Security Threat Intelligence| Date: Tue, 18 Apr 2023 15:00:00 +0000
Today, Microsoft is reporting on a distinct subset of Mint Sandstorm (formerly known as PHOSPHORUS), an Iranian threat actor that specializes in hacking into and stealing sensitive information from high-value targets. This subset is technically and operationally mature, capable of developing bespoke tooling and quickly weaponizing recently disclosed vulnerabilities.
The post Nation-state threat actor Mint Sandstorm refines tradecraft to attack high-value targets appeared first on Microsoft Security Blog.
Read more
Microsoft has addressed 97 existing vulnerabilities this April Patch Tuesday, with a further eight previously released patches updated and re-released. There have been reports of a vulnerability (CVE-2023-28252) exploited in the wild, making it a “Patch Now” release.
This update cycle affects Windows desktops, Microsoft Office, and Adobe Reader. No updates for Microsoft Exchange this month. The team at Application Readiness has provided a helpful infographic that outlines the risks associated with each of the updates for this April update cycle.
Credit to Author: Paul Ducklin| Date: Thu, 13 Apr 2023 16:54:01 +0000
I’m sorry, Dave. I’m afraid I can’t… errr, no, hang on a minute, I can do that easily! Worldwide! Right now!
Read more
Credit to Author: Paul Ducklin| Date: Wed, 12 Apr 2023 18:57:23 +0000
Is Secure Boot without the Secure just “Boot”?
Read moreCategories: Exploits and vulnerabilities Categories: News Tags: Microsoft Tags: Apple Tags: Google Tags: Adobe Tags: Cisco Tags: SAP Tags: Mozilla Tags: CVE-2023-28252 Tags: CVE-2023-28231 Tags: CVE-2023-21554 Tags: Word Tags: Publisher Tags: Office One fixed vulnerability is being actively exploited by a ransomware gang and many others were fixed in this month’s Patch Tuesday updates. |
The post Update now! April’s Patch Tuesday includes a fix for one zero-day appeared first on Malwarebytes Labs.
Read more
Credit to Author: Paul Ducklin| Date: Wed, 12 Apr 2023 12:57:23 +0000
Is Secure Boot without the Secure just “Boot”?
Read moreCredit to Author: Microsoft Security Threat Intelligence| Date: Tue, 11 Apr 2023 16:00:00 +0000
Microsoft analyzes a threat group tracked as DEV-0196, the actor’s iOS malware “KingsPawn”, and their link to an Israel-based private sector offensive actor (PSOA) known as QuaDream, which reportedly sells a suite of exploits, malware, and infrastructure called REIGN, that’s designed to exfiltrate data from mobile devices.
The post DEV-0196: QuaDream’s “KingsPawn” malware used to target civil society in Europe, North America, the Middle East, and Southeast Asia appeared first on Microsoft Security Blog.
Read more
More than 1,100 technology luminaries, leaders, and scientists have issued a warning against labs performing large-scale experiments with artificial intelligence (AI) more powerful than ChatGPT, saying the technology poses a grave threat to humanity.
In an open letter published by Future of Life Institute, a nonprofit organization with the mission to reduce global catastrophic and existential risks to humanity, Apple co-founder Steve Wozniak and SpaceX and Tesla CEO Elon Musk joined other signatories in agreeing AI poses “profound risks to society and humanity, as shown by extensive research and acknowledged by top AI labs.”