News

Latest news about B2B cyber security >>> PR agencies: add us to your mailing list - see contact! >>> Book an exclusive PartnerChannel for your news!

Tag: exploit

Zero-days in Microsoft Windows and Chrome
June 26, 2021
| No comments
| Kaspersky, Short news
Kaspersky_news

As early as April, Kaspersky experts discovered a series of extremely targeted cyber attacks with exploits against several companies that were using previously undiscovered zero days for Google Chrome and Microsoft Windows. New threat actor PuzzleMaker is at work. Kaspersky has not yet been able to connect to known threat actors and therefore calls this new threat actor PuzzleMaker. One of the exploits was used to remotely execute code in the Chrome web browser, the other was used to elevate privilege and target the latest and most popular builds of Windows 10. The latter exploits two vulnerabilities in the Microsoft Windows operating system kernel: security vulnerability CVE-2021-31955 and the Elevation-of-Privilege security vulnerability ...

Read more

In the sights: Old, unpatched Internet Explorer
June 4, 2021
| No comments
| Bitdefender, Short news
Bitdefender_News

WastedLoader: Cyber ​​criminals target unpatched Internet Explorer with malvertising. With WastedLoader, Bitdefender has discovered a new variant of the dangerous ransomware malware "WastedLocker". It is part of a new RIG exploit kit campaign and attacks users via unpatched versions of Internet Explorer. The campaign uses VBScript vulnerabilities for this purpose when users visit a legitimate website and click on malicious advertising (malvertising). The variant is also able to deliver a ransomware component, but does not yet do so in its current version. Ransomware WastedLoader The new variant, which Bitdefender named WastedLoader, communicates with a Command & Control server, which is ...

Read more

Zero-day exploit in Desktop Window Manager
28 April 2021
| No comments
| Kaspersky, Short news
Kaspersky_news

In the course of analyzing the known exploit CVE-2021-1732 by the APT group BITTER, the Kaspersky experts discovered another zero-day exploit in the Desktop Window Manager. So far, this cannot be associated with a known threat actor. Any code execution by cyber criminals on the victim's computer would be possible. Zero-day vulnerabilities are previously unknown software bugs. Until they are discovered, attackers can use them unnoticed for harmful activities and cause serious damage. Exploit analysis reveals reinforcement When analyzing the CVE-2021-1732 exploit, the Kaspersky experts found another zero-day exploit and reported it in the ...

Read more

Attackers use Exchange vulnerability for crypto miners
20 April 2021
| No comments
| Short news, Sophos
SophosNews

Sophos Labs has identified an attacker using an Exchange vulnerability for cryptomining: “Admins should scan the Exchange server for web shells and monitor servers for unusual processes that appear to appear out of nowhere. High processor usage by an unknown program could be a sign of crypto mining activity or ransomware,” said Andrew Brandt, Principal Threat Researcher at Sophos. The well-known, recent problems relating to the Microsoft Exchange Server vulnerabilities are far from over: Even after the security patches of March 2nd and 9th, new attackers are still using the exploit for their attacks...

Read more

10 groups of hackers attack Exchange vulnerabilities
March 12, 2021
| No comments
| ESET, PR News
10 groups of hackers attack Exchange vulnerabilities

More than ten groups of hackers attack Microsoft Exchange security holes. ESET has already identified more than 5.000 infected email servers, mainly in Germany. The recently publicized vulnerabilities in Microsoft Exchange are making waves. The researchers at the IT security manufacturer ESET discovered more than ten different APT (Advanced Persistent Threats) groups that are currently increasingly exploiting the vulnerabilities to compromise e-mail servers and gain access to company data. So the threat is not limited to the Chinese hafnium group, as previously suspected. ESET identified around 5.000 corporate and government email servers that were compromised around the world. The…

Read more

Government malware is not “good” malware
29 October 2020
| No comments
| Bitdefender, Short news
Bitdefender_News

Many governments buy and develop malware to officially have tools against criminals. That's the only reason government malware isn't “good” malware, says Bob Botezatu, director of threat research and reporting at Bitdefender. “For years, cybersecurity companies and data protection officials have warned of the dangers of government intervention attempts and online surveillance solutions. The companies are currently pushing ahead with their digital transformation and the dangers of this so-called 'good malware' have never been as obvious as they are today. Unlike commercial malware, government malware is the product of highly skilled development teams, costing millions of dollars in ...

Read more

Kaspersky discovers zero-day exploits
August 25, 2020
| No comments
| Short news
Kaspersky_news

Targeted attacks: Kaspersky detects zero-day exploits in the Windows operating system and Internet Explorer. APT actor DarkHotel could be behind the exploits. In late spring 2020, Kaspersky's automated detection technology prevented a targeted attack on a South Korean company. When investigating the attack more closely, Kaspersky researchers found two previously unknown vulnerabilities: an exploit to execute third-party code in Internet Explorer 11 and an Elevation of Priviliges (EoP) exploit to obtain higher access rights in current versions of Windows 10. Patches for the both exploits have already been published. Zero-day vulnerabilities are previously unknown software bugs….

Read more

© 2024 MedPressIT GbR
Cookie Settings