Actively exploited Firefox zero-day fixed, update ASAP! (CVE-2024-9680)

Mozilla has pushed out an emergency update for its Firefox and Firefox ESR browsers to fix a vulnerability (CVE-2024-9680) that is being exploited in the wild. About CVE-2024-9680 Reported by ESET malware researcher Damien Schaeffer, CVE-2024-9680 is a… Continue reading Actively exploited Firefox zero-day fixed, update ASAP! (CVE-2024-9680)

GoldenJackal APT group breaches air-gapped systems in Europe

ESET researchers have discovered a series of attacks that took place in Europe from May 2022 to March 2024, where the attackers used a toolset capable of targeting air-gapped systems, in a governmental organization of a European Union country. Cyberesp… Continue reading GoldenJackal APT group breaches air-gapped systems in Europe

ESET Patches Privilege Escalation Vulnerabilities in Windows, macOS Products

ESET has released patches for two local privilege escalation vulnerabilities in security products for Windows and macOS.
The post ESET Patches Privilege Escalation Vulnerabilities in Windows, macOS Products appeared first on SecurityWeek.
Continue reading ESET Patches Privilege Escalation Vulnerabilities in Windows, macOS Products

APT group exploits WPS Office for Windows RCE vulnerability (CVE-2024-7262)

ESET researchers discovered a remote code execution vulnerability in WPS Office for Windows (CVE-2024-7262). APT-C-60, a South Korea-aligned cyberespionage group, was exploiting it to target East Asian countries. When examining the root cause, ESET dis… Continue reading APT group exploits WPS Office for Windows RCE vulnerability (CVE-2024-7262)

Cybercriminals Deploy New Malware to Steal Data via Android’s Near Field Communication (NFC)

A new malware called NGate allows cybercriminals to steal near field communication data from Android phones via sophisticated social engineering. The data is relayed to the fraudsters before being used to steal cash. Continue reading Cybercriminals Deploy New Malware to Steal Data via Android’s Near Field Communication (NFC)

New phishing method targets Android and iPhone users

ESET researchers discovered an uncommon type of phishing campaign targeting Android and iPhone users. They analyzed a case observed in the wild that targeted clients of a prominent Czech bank. PWA phishing flow (Source: ESET) This technique is notewort… Continue reading New phishing method targets Android and iPhone users

Chinese hackers compromised an ISP to deliver malicious software updates

APT StormBamboo compromised a undisclosed internet service provider (ISP) to poison DNS queries and thus deliver malware to target organizations, Volexity researchers have shared. Malware delivery via automatic software updates StormBamboo (aka Evasive… Continue reading Chinese hackers compromised an ISP to deliver malicious software updates