Collaborate Disseminate
A new unpatched vulnerability in Windows has been disclosed along with proof-of-concept exploit code. It could allow hackers to more easily install malware on computers, but it requires user interaction. The vulnerability was discovered by a security … Continue reading Windows VCF Zero-Day Exploit Allows Remote Code Execution
According to reports from several cybersecurity firms, the Ryuk ransomware that reportedly recently disrupted operations at several U.S.-based newspapers is run by cybercriminals, not state-sponsored actors. Some online sources have attributed the Ryu… Continue reading Ryuk Ransomware That Hit U.S. Newspapers Not State-Sponsored
Attackers have a new phishing tool in their arsenal, and it’s a powerful one. A penetration tester released an open source toolkit that can be used to easily set up phishing attacks that can bypass two-factor authentication (2FA). Dubbed Modlish… Continue reading New Phishing Kit Allows Bypassing Two-Factor Authentication with Ease
Researchers have found another batch of malicious Android applications on Google Play that spam users with annoying full-screen ads and make using their phones difficult. Trend Micro calls the adware AndroidOS_HidenAd and found it inside 85 apps that … Continue reading 85 Android Adware Apps Downloaded 9 Million Times
Researchers have come across several games in the iOS app store that sent information to and communicated with a known malicious server. Finding malware in the iOS app store is rare because Apple has a highly stringent policy for app store admission a… Continue reading Rogue iOS Apps Sent Data to Malicious Server
Adobe Systems released new security patches for Adobe Reader and Acrobat to fix two critical vulnerabilities that could allow hackers to execute malicious code on computers. Both flaws were reported privately by external researchers through Trend Micr… Continue reading Adobe Reader and Acrobat Get Patches for Two Critical Flaws
A pair of hackers has launched a campaign that displays rogue messages on people’s smart TVs encouraging them to subscribe to a popular YouTube channel. The attack doesn’t seem to be malicious and is part of a larger campaign to promote Pe… Continue reading Hackers Hijack Chromecast Devices and Smart TVs via Exposed UPnP
A security researcher released exploit code for an unpatched bug in Windows that could allow an attacker with limited privileges to delete system files. Exploiting the bug requires winning a race condition on the machine, so a successful exploit can t… Continue reading New Windows Zero-day Bug Allows Deleting Arbitrary Files
Following the indictment of two alleged members of a Chinese cyberespionage group by the U.S. Department of Justice Dec. 20, the governments of Canada, Australia, New Zealand and the U.K. have publicly attributed the group’s activities to China&… Continue reading ‘Five Eyes’ Countries Attribute APT10 Attacks to Chinese Intelligence Service
A security researcher who uses the online handle SandboxEscaper has published proof-of-concept exploit code for an unpatched vulnerability in Windows. The flaw is located in the “MsiAdvertiseProduct” function, which, according to Microsoft… Continue reading Researcher Drops Third Windows Zero-Day Exploit in Four Months