Google pushes out major Chrome browser updates to fix multiple serious security defects.
The post Google Pays $55,000 for High-Severity Chrome Browser Bug appeared first on SecurityWeek.
New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools
A newly devised technique leverages a Windows accessibility framework called UI Automation (UIA) to perform a wide range of malicious activities without tipping off endpoint detection and response (EDR) solutions.
“To exploit this technique, a user must be convinced to run a program that uses UI Automation,” Akamai security researcher Tomer Peled said in a report shared with The Hacker News. “
“To exploit this technique, a user must be convinced to run a program that uses UI Automation,” Akamai security researcher Tomer Peled said in a report shared with The Hacker News. “
Krispy Kreme cyberattack impacts online orders and operations
US doughnut chain Krispy Kreme suffered a cyberattack in November that impacted portions of its business operations, including placing online orders. […]
Microsoft MFA AuthQuake Flaw Enabled Unlimited Brute-Force Attempts Without Alerts
Cybersecurity researchers have flagged a “critical” security vulnerability in Microsoft’s multi-factor authentication (MFA) implementation that allows an attacker to trivially sidestep the protection and gain unauthorized access to a victim’s account.
“The bypass was simple: it took around an hour to execute, required no user interaction and did not generate any notification or provide the
“The bypass was simple: it took around an hour to execute, required no user interaction and did not generate any notification or provide the
Now on Demand: Inside a Hacker’s Playbook – How Cybercriminals Use Deepfakes
This eye-opening session that pulls back the curtain on how bad actors exploit social engineering tactics, like deepfake technology and Business Email Compromise (BEC).
The post Now on Demand: Inside a Hacker’s Playbook – How Cybercriminals Use Deepfakes appeared first on SecurityWeek.
ZLoader Malware Returns With DNS Tunneling to Stealthily Mask C2 Comms
Cybersecurity researchers have discovered a new version of the ZLoader malware that employs a Domain Name System (DNS) tunnel for command-and-control (C2) communications, indicating that the threat actors are continuing to refine the tool after resurfacing a year ago.
“Zloader 2.9.4.0 adds notable improvements including a custom DNS tunnel protocol for C2 communications and an interactive shell
“Zloader 2.9.4.0 adds notable improvements including a custom DNS tunnel protocol for C2 communications and an interactive shell
Atlassian, Splunk Patch High-Severity Vulnerabilities
Atlassian and Splunk on Tuesday announced patches for over two dozen vulnerabilities, including high-severity flaws.
The post Atlassian, Splunk Patch High-Severity Vulnerabilities appeared first on SecurityWeek.
Cleo Vulnerability Exploitation Linked to Termite Ransomware Group
Exploitation of a vulnerability affecting Cleo file transfer tools has been linked to the new Termite ransomware group.
The post Cleo Vulnerability Exploitation Linked to Termite Ransomware Group appeared first on SecurityWeek.
Google’s Willow Chip Signals the Urgency of Post-Quantum Cryptography Migration
Google’s Willow quantum chip marks a transformative moment in quantum computing development.
The post Google’s Willow Chip Signals the Urgency of Post-Quantum Cryptography Migration appeared first on SecurityWeek.
446,000 Impacted by Center for Vein Restoration Data Breach
Center for Vein Restoration discloses data breach impacting the personal, medical, and financial information of 446,000 individuals.
The post 446,000 Impacted by Center for Vein Restoration Data Breach appeared first on SecurityWeek.