Times News Network
A newly discovered malware has been put to use in the wild at least since March 2021 to backdoor Microsoft Exchange servers belonging to a wide range of entities worldwide, with infections lingering in 20 organizations as of June 2022. Dubbed SessionManager, the malicious tool masquerades as a module for Internet Information Services (IIS), a … Read More “New ‘SessionManager’ Backdoor Targeting Microsoft IIS Servers in the Wild” »
Your smartphone is your daily companion. The chances are that most of our activities rely on them, from ordering food to booking medical appointments. However, the threat landscape always reminds us how vulnerable smartphones can be. Consider the recent discovery by Oversecured, a security startup. These experts observed the dynamic code loading and its potential … Read More “Overview of Top Mobile Security Threats in 2022” »
A security flaw in Apple Safari that was exploited in the wild earlier this year was originally fixed in 2013 and reintroduced in December 2016, according to a new report from Google Project Zero. The issue, tracked as CVE-2022-22620 (CVSS score: 8.8), concerns a case of a use-after-free vulnerability in the WebKit component that could … Read More “Google Researchers Detail 5-Year-Old Apple Safari Vulnerability Exploited in the Wild” »
A suspected state-like threat actor has been attributed a new set of attacks that exploit Microsoft Office “Follina” vulnerability to target state entities in Europe and the United States Enterprise security firm Proofpoint said it blocked attempts to exploit the error to remotely execute code, which is tracked as CVE-2022-30190 (CVSS score: 7.8). No fewer … Read More “State-aided hackers exploit Microsoft’s Follina ‘bugs to target devices in Europe and the US” »
Cybersecurity researchers draw attention to a zero-day error in Microsoft Office that can be exploited to obtain arbitrary code execution on affected Windows systems. The vulnerability came after an independent cybersecurity research team known as nao_sec unveiled a Word document (“05-2022-0438.doc”) that was uploaded to VirusTotal from an IP address in Belarus. “It uses Word’s … Read More “Beware! Scientists discover new Microsoft Office Zero-Day exploitation in nature” »
Cybersecurity researchers draw attention to a zero-day error in Microsoft Office that can be exploited to obtain arbitrary code execution on affected Windows systems. The vulnerability came after an independent cybersecurity research team known as nao_sec unveiled a Word document (“05-2022-0438.doc”) that was uploaded to VirusTotal from an IP address in Belarus. “It uses Word’s … Read More “Beware! Scientists discover new Microsoft Office Zero-Day exploitation in nature” »
Microsoft on Tuesday rolled out fixes for as many as 74 security vulnerabilities, including one for a zero-day bug that’s being actively exploited in the wild. Of the 74 issues, seven are rated Critical, 66 are rated Important, and one is rated low in severity. Two of the flaws are listed as publicly known at … Read More “Microsoft Releases Fix for New Zero-Day with May 2022 Patch Tuesday Updates” »
Log4Shell, ProxyShell, ProxyLogon, ZeroLogon, and flaws in Zoho ManageEngine AD SelfService Plus, Atlassian Confluence, and VMware vSphere Client emerged as some of the top exploited security vulnerabilities in 2021. That’s according to a “Top Routinely Exploited Vulnerabilities” report released by cybersecurity authorities from the Five Eyes nations Australia, Canada, New Zealand, the UK, and the … Read More “US Cybersecurity Agency Lists 2021’s Top 15 Most Exploited Software Vulnerabilities” »
The US Federal Bureau of Investigation (FBI) is sounding the alarm on the BlackCat ransomware-as-a-service (RaaS), which it said victimized at least 60 entities worldwide between as of March 2022 since its emergence last November. Also called ALPHV and Noberus, the ransomware is notable for being the first-ever malware written in the Rust programming language … Read More “FBI Warns Of BlackCat Ransomware That Breached Over 60 Organizations Worldwide” »
A security flaw in the Windows Print Spooler component that was patched by Microsoft in February is being actively exploited in the wild, the US Cybersecurity and Infrastructure Security Agency (CISA) has warned. To that end, the agency has added the shortcoming to its Known Exploited Vulnerabilities Catalog, requiring Federal Civilian Executive Branch (FCEB) agencies … Read More “Hackers Exploiting Recently Reported Windows Print Spooler Vulnerability in the Wild” »
