ZDI details a zero-day named Copy2Pwn and tracked as CVE-2024-38213, which cybercriminals exploited to bypass MotW protections in Windows.
The post Copy2Pwn Zero-Day Exploited to Bypass Windows Protections appeared first on SecurityWeek.
New Banshee Stealer Targets 100+ Browser Extensions on Apple macOS Systems
Cybersecurity researchers have uncovered new stealer malware that’s designed to specifically target Apple macOS systems.
Dubbed Banshee Stealer, it’s offered for sale in the cybercrime underground for a steep price of $3,000 a month and works across both x86_64 and ARM64 architectures.
“Banshee Stealer targets a wide range of browsers, cryptocurrency wallets, and around 100 browser
Dubbed Banshee Stealer, it’s offered for sale in the cybercrime underground for a steep price of $3,000 a month and works across both x86_64 and ARM64 architectures.
“Banshee Stealer targets a wide range of browsers, cryptocurrency wallets, and around 100 browser
Google Pixel Devices Shipped with Vulnerable App, Leaving Millions at Risk
A large percentage of Google’s own Pixel devices shipped globally since September 2017 included dormant software that could be used to stage nefarious attacks and deliver various kinds of malware.
The issue manifests in the form of a pre-installed Android app called “Showcase.apk” that comes with excessive system privileges, including the ability to remotely execute code and install arbitrary
The issue manifests in the form of a pre-installed Android app called “Showcase.apk” that comes with excessive system privileges, including the ability to remotely execute code and install arbitrary
Microsoft removes FAT32 partition size limit in Windows 11
Microsoft removed today an arbitrary 32GB size limit for FAT32 partitions in the latest Windows 11 Canary build, now allowing for a maximum size of 2TB. […]
Ransomware gang deploys new malware to kill security software
RansomHub ransomware operators have been spotted deploying new malware to disable Endpoint Detection and Response (EDR) security software in Bring Your Own Vulnerable Driver (BYOVD) attacks […]
Zero-Click Exploit Concerns Drive Urgent Patching of Windows TCP/IP Flaw
Security experts are ratcheting up the urgency for Windows admins to patch a wormable, pre-auth remote code execution vulnerability in the Windows TCP/IP stack.
The post Zero-Click Exploit Concerns Drive Urgent Patching of Windows TCP/IP Flaw appeared first on SecurityWeek.
Microsoft disables BitLocker security fix, advises manual mitigation
Microsoft has disabled a fix for a BitLocker security feature bypass vulnerability due to firmware incompatibility issues that were causing patched Windows devices to go into BitLocker recovery mode. […]
Microsoft shares temp fix for Outlook, Word crashes when typing
Microsoft has shared a temporary fix for a known issue that causes Microsoft 365 apps like Outlook, Word, and OneNote to unexpectedly crash while typing or spell-checking a text. […]
Ransomware Attacks on Industrial Firms Surged in Q2 2024
Dragos has seen a significant increase in ransomware attacks on industrial organizations in Q2 2024 compared to the previous quarter.
The post Ransomware Attacks on Industrial Firms Surged in Q2 2024 appeared first on SecurityWeek.
SolarWinds Releases Patch for Critical Flaw in Web Help Desk Software
SolarWinds has released patches to address a critical security vulnerability in its Web Help Desk software that could be exploited to execute arbitrary code on susceptible instances.
The flaw, tracked as CVE-2024-28986 (CVSS score: 9.8), has been described as a deserialization bug.
“SolarWinds Web Help Desk was found to be susceptible to a Java deserialization remote code execution vulnerability
The flaw, tracked as CVE-2024-28986 (CVSS score: 9.8), has been described as a deserialization bug.
“SolarWinds Web Help Desk was found to be susceptible to a Java deserialization remote code execution vulnerability