Author Archives: Ravie Lakshmanan

Microsoft on Monday published guidance for a newly discovered zero-day security flaw in its Office productivity suite that could be exploited to achieve code execution on affected systems.
The weakness, now assigned the identifier CVE-2022-30190, is r… Continue reading Microsoft Releases Workarounds for Office Vulnerability Under Active Exploitation→

An “aggressive” advanced persistent threat (APT) group known as SideWinder has been linked to over 1,000 new attacks since April 2020.
“Some of the main characteristics of this threat actor that make it stand out among the others, are the sheer number… Continue reading SideWinder Hackers Launched Over a 1,000 Cyber Attacks Over the Past 2 Years→

Interpol on Monday announced the arrest of three suspected global scammers in Nigeria for using remote access trojans (RATs) such as Agent Tesla to facilitate malware-enabled cyber fraud.
“The men are thought to have used the RAT to reroute financial … Continue reading Interpol Nabs 3 Nigerian Scammers Behind Malware-based Attacks→

Cybersecurity researchers are calling attention to a zero-day flaw in Microsoft Office that could be abused to achieve arbitrary code execution on affected Windows systems.
The vulnerability came to light after an independent cybersecurity research te… Continue reading Watch Out! Researchers Spot New Microsoft Office Zero-Day Exploit in the Wild→

A nascent Linux-based botnet named Enemybot has expanded its capabilities to include recently disclosed security vulnerabilities in its arsenal to target web servers, Android devices, and content management systems (CMS).
“The malware is rapidly adopt… Continue reading EnemyBot Linux Botnet Now Exploits Web Server, Android and CMS Vulnerabilities→

Cybersecurity researchers have disclosed a new ransomware strain called GoodWill that compels victims into donating for social causes and provide financial assistance to people in need.
“The ransomware group propagates very unusual demands in exchange… Continue reading New ‘GoodWill’ Ransomware Forces Victims to Donate Money and Clothes to the Poor→

Network credentials and virtual private network (VPN) access for colleges and universities based in the U.S. are being advertised for sale on underground and public criminal marketplaces.
“This exposure of sensitive credential and network access infor… Continue reading FBI Warns About Hackers Selling VPN Credentials for U.S. College Networks→

A 37-year-old man from New York has been sentenced to four years in prison for buying stolen credit card information and working in cahoots with a cybercrime cartel known as the Infraud Organization.
John Telusma, who went by the alias “Peterelliot,” … Continue reading New York Man Sentenced to 4 Years in Transnational Cybercrime Scheme→

Four high severity vulnerabilities have been disclosed in a framework used by pre-installed Android System apps with millions of downloads.
The issues, now fixed by its Israeli developer MCE Systems, could have potentially allowed threat actors to sta… Continue reading Microsoft Finds Critical Bugs in Pre-Installed Apps on Millions of Android Devices→

Details have emerged about a recently patched critical remote code execution vulnerability in the V8 JavaScript and WebAssembly engine used in Google Chrome and Chromium-based browsers.
The issue relates to a case of use-after-free in the instruction … Continue reading Experts Detail New RCE Vulnerability Affecting Google Chrome Dev Channel→