News

News (2850)

As we hear more about Supply Chain attacks and the need for Software Build of Materials we are now hearing of an attack on the popular game, Minecraft. It seems that attackers are leveraging popular Modding platforms to push out…
As if the internet needed something else bad floating around it seems that groups that engage in extortion schemes involving the threat of releasing images of a sexual nature are now getting help from AI image creation tools. Sextortion emails…
It is Wednesday, so it is about time to talk about a new strain of malware. In this case one that leverages Microsoft’s PowerShell to do its dirty work. Primarily a post-exploitation tool, PowerDrop is leveraged after access is obtained…
Anyone that does not think that cybercrime is now a bug business has been living under a rock. The news related to different cybercrime-as-a-service groups, especially ransomware, has never been more frequent. We have seen groups offer larger profit sharing,…
So, there you are, you have found the one thing in all the internet that will make your object drive life complete. You put the fabulous object into your cart, giddily fumble out your credit card and enter those embossed…
Spring, the time of renewal, the time when nature wakes up. It is also a time when Zero-Day flaws hit the web. This year has been no different with many Zero-Day flaws identified in April and May 2023. The reasons…
The news that a feature in Gmail that shows a verification check mark for a sender is being abused by attackers should come as a surprise to no one. After all attackers have coopted, code singing certificates, legitimate web sites,…
There is a new bit of malware targeting iOS users via iMessage from what appears to be a new APT (Advanced Persistent Threat) group. The campaign appears to have been in play since some time in 2019. The malware, according…
Google’s Chrome (and derivatives) is one of the more popular browsers on the market. It reached the height of popularity via a well-orchestrated marketing push, dissatisfaction with Microsoft, and being one of the faster and more secure browsers (at the…
The group behind BlackCat ransomware seem to be following some good business practices as they have launched a new variant with improved performance (faster encryption) and detection evasion. First identified in February of 2023 the new variant has been given…
A couple of days ago an email was sent to me about a new tool kit being sold on the darker side of the internet. The claim what that this new tool could kill the processes behind “any” AV, EDR,…
This one goes in both the “failure of imagination” and “this is why we can’t have nice things” category. It seems that Gigabyte, for some reason, decided to embed an insecure update function into the UEFI BIOS of their motherboards,…
The RomCom backdoor malware appears to have a new campaign running. The new campaign is using impersonation attacks for different software packages (some real, some not). The goal is to trick the unwary into downloading, and hopefully launching malicious payloads.…
On May 19th 2023 Barracuda disclosed that there was a critical vulnerability in their Email Security Gateway appliances. This vulnerability is tracked under CVE-2023-2868 and is listed as a remote command injection vulnerability. The flaw is present in software versions…
Apple’s System Integrity Protocol (SIP) has been something of a mix bag when it comes to security. It is a great feature from a raw and basic security viewpoint, but the same feature also has created challenges for the installation…
Google has been very interested in pushing new standards for messaging, Rich Communication Services. RCS started in 2007 as a new way to make “texting” more functional and complete. This included things like read receipts, response indictors (typing icon) and…
Page 3 of 179