Microsoft warned today in an updated security advisory that a critical vulnerability in Exchange Server was exploited as a zero-day before being fixed during this month’s Patch Tuesday. […]
LockBit claims ransomware attack on Fulton County, Georgia
The LockBit ransomware gang claims to be behind the recent cyberattack on Fulton County, Georgia, and is threatening to publish “confidential” documents if a ransom is not paid. […]
Zoom patches critical privilege elevation flaw in Windows apps
The Zoom desktop and VDI clients and the Meeting SDK for Windows are vulnerable to an improper input validation flaw that could allow an unauthenticated attacker to conduct privilege escalation on the target system over the network. […]
New critical Microsoft Outlook RCE bug is trivial to exploit
Microsoft says remote unauthenticated attackers can trivially exploit a critical Outlook security vulnerability that also lets them bypass the Office Protected View. […]
Microsoft Exchange update enables Extended Protection by default
Microsoft is automatically enabling Windows Extended Protection on Exchange servers after installing this month’s 2024 H1 Cumulative Update (aka CU14). […]
German battery maker Varta halts production after cyberattack
Battery maker VARTA AG announced yesterday that it was targeted by a cyberattack that forced it to shut down IT systems, causing production to stop at its plants. […]
Ubuntu ‘command-not-found’ tool can be abused to spread malware
A logic flaw between Ubuntu’s ‘command-not-found’ package suggestion system and the snap package repository could enable attackers to promote malicious Linux packages to unsuspecting users. […]
Trans-Northern Pipelines investigating ALPHV ransomware attack claims
Trans-Northern Pipelines (TNPI) has confirmed its internal network was breached in November 2023 and that it’s now investigating claims of data theft made by the ALPHV/BlackCat ransomware gang. […]
Microsoft, OpenAI Warn of Nation-State Hackers Weaponizing AI for Cyberattacks
Nation-state actors associated with Russia, North Korea, Iran, and China are experimenting with artificial intelligence (AI) and large language models (LLMs) to complement their ongoing cyber attack operations.
The findings come from a report published by Microsoft in collaboration with OpenAI, both of which said they disrupted efforts made by five state-affiliated actors that used its
The findings come from a report published by Microsoft in collaboration with OpenAI, both of which said they disrupted efforts made by five state-affiliated actors that used its
Ubuntu ‘command-not-found’ Tool Could Trick Users into Installing Rogue Packages
Cybersecurity researchers have found that it’s possible for threat actors to exploit a well-known utility called command-not-found to recommend their own rogue packages and compromise systems running Ubuntu operating system.
“While ‘command-not-found’ serves as a convenient tool for suggesting installations for uninstalled commands, it can be inadvertently manipulated by attackers through the
“While ‘command-not-found’ serves as a convenient tool for suggesting installations for uninstalled commands, it can be inadvertently manipulated by attackers through the