Collaborate Disseminate
Microsoft has released an unscheduled patch for a remote code execution vulnerability in Internet Explorer that is actively exploited by attackers. Microsoft releases security updates on the second Tuesday of every month—known in the industry as Patch… Continue reading Emergency Patch for Zero-Day Vulnerability in Internet Explorer
After an Italian company recently confirmed that its infrastructure was attacked with a new version of a destructive malware program called Shamoon, security companies discovered additional infections in the Middle East and Europe. “During the p… Continue reading More Shamoon 3 Attacks Detected in the Middle East and Europe
Only a week has passed since the release of WordPress 5.0—a new major version codenamed “Bebo”—and the WordPress team has already pushed out a security update for it. WordPress 5.0.1, released Dec. 13, fixes seven vulnerabilities, some of … Continue reading WordPress 5.0 Gets Security Patch a Week After Release
Hackers hit the IT infrastructure of an Italian oil and gas company with a new version of a destructive malware program called Shamoon. Shamoon, also known as Disttrack, was first used in 2012 in attacks against Saudi Aramco, Saudi Arabia’s nati… Continue reading Destructive Shamoon Malware Hits Italian Oil and Gas Firm
Microsoft released security updates for its products Dec. 11, fixing 38 vulnerabilities including a privilege escalation flaw in the Windows kernel that has been exploited by cyberespionage groups since October. The zero-day vulnerability, tracked as … Continue reading Microsoft Patches Another Actively Exploited Zero-Day Vulnerability
For the past year, attackers have been using an exploit kit that changes the DNS settings of home and small-business routers through users’ browsers. The tool, dubbed Novidade, was first used in Brazil in August 2017, but researchers from antivir… Continue reading Attack Kit Hijacks DNS of Home and Business Routers
Attackers managed to pass Google’s defenses and place 22 Android apps on Google Play that engaged in sophisticated advertising click fraud when installed on users’ phones. The majority of the apps were created after June 2018 and were coll… Continue reading Two Dozen Click Fraud Apps Found in Google Play
A cybercriminal group has launched a malware campaign via personalized spear-phishing emails against large retail, restaurant and grocery chains in the United States, as well as against other organizations from the food and beverage industries. The sp… Continue reading Email Spam Campaign Targets U.S. Retail, Restaurant Sectors
Security researchers have uncovered an APT group with possible ties to North Korea that has targeted academic institutions since May. The group, dubbed Stolen Pencil by researchers from Netscout, send spear-phishing emails which direct users to a webs… Continue reading North Korean APT Group Targets Academia via Malicious Chrome Extensions
A Nigerian gang with members based in the U.K. is perpetrating a business email compromise operation aimed squarely at executives at companies with locations worldwide. The gang has compiled a target list of 50,000 email addresses belonging to company… Continue reading Business Email Compromise Gang Targeted 50,000 Company Executives