Author Archives: Ravie Lakshmanan

Microsoft on Wednesday shed light on a now patched security vulnerability affecting Apple’s operating systems that, if successfully exploited, could allow attackers to escalate device privileges and deploy malware.
“An attacker could take advantage of… Continue reading Microsoft Details App Sandbox Escape Bug Impacting Apple iOS, iPadOS, macOS Devices→

The advanced persistent threat (APT) group known as Transparent Tribe has been attributed to a new ongoing phishing campaign targeting students at various educational institutions in India at least since December 2021.
“This new campaign also suggests… Continue reading Pakistani Hackers Targeting Indian Students in Latest Malware Campaign→

Microsoft on Tuesday disclosed that a large-scale phishing campaign targeted over 10,000 organizations since September 2021 by hijacking Office 365’s authentication process even on accounts secured with multi-factor authentication (MFA).
“The attacker… Continue reading Microsoft Warns of Large-Scale AiTM Phishing Attacks Against Over 10,000 Organizations→

Security researchers have uncovered yet another vulnerability affecting numerous older AMD and Intel microprocessors that could bypass current defenses and result in Spectre-based speculative-execution attacks.
Dubbed Retbleed by ETH Zurich researcher… Continue reading New ‘Retbleed’ Speculative Execution Attack Affects AMD and Intel CPUs→

The U.S. Federal Trade Commission (FTC) warned this week that it will crack down on tech companies’ illegal use and sharing of highly sensitive data and false claims about data anonymization.
“While many consumers may happily offer their location data… Continue reading U.S. FTC Vows to Crack Down on illegal Use and Sharing of Citizens’ Sensitive Data→

Consumer electronics maker Lenovo on Tuesday rolled out fixes to contain three security flaws in its UEFI firmware affecting over 70 product models.
“The vulnerabilities can be exploited to achieve arbitrary code execution in the early phases of the p… Continue reading New UEFI Firmware Vulnerabilities Impact Several Lenovo Notebook Models→

Cybersecurity researchers have uncovered new variants of the ChromeLoader information-stealing malware, highlighting its evolving feature set in a short span of time.
Primarily used for hijacking victims’ browser searches and presenting advertisements… Continue reading Researchers Uncover New Variants of the ChromeLoader Browser Hijacking Malware→

The operators behind the Qakbot malware are transforming their delivery vectors in an attempt to sidestep detection.
“Most recently, threat actors have transformed their techniques to evade detection by using ZIP file extensions, enticing file names w… Continue reading Researchers Uncover New Attempts by Qakbot Malware to Evade Detection→

Microsoft released its monthly round of Patch Tuesday updates to address 84 new security flaws spanning multiple product categories, counting a zero-day vulnerability that’s under active attack in the wild.
Of the 84 shortcomings, four are rated Criti… Continue reading Microsoft Releases Fix for Zero-Day Flaw in July 2022 Security Patch Rollout→

Popular video-sharing platform TikTok on Tuesday agreed to pause a controversial privacy policy update that could have allowed it to serve targeted ads based on users’ activity on the social video platform without their permission to do so.
The revers… Continue reading TikTok Postpones Privacy Policy Update in Europe After Italy Warns of GDPR Breach→