Apr 04, 2024NewsroomNetwork Security / Vulnerability Ivanti has released security updates to address four security flaws impacting Connect Secure and Policy Secure Gateways that could result in code execution and denial-of-service (DoS). The list of flaws is as follows – CVE-2024-21894 (CVSS score: 8.2) – A heap overflow vulnerability in the IPSec component of Ivanti […]
Last updated 3 April, 2024 On our podcast recently, one of our students, Sam, asked about the sync button in DJing. He said: “Please help me to understand something. I started DJing in later life, now aged 52. I love the technology. I rip samples, I use stems, I loop on three decks, and so […]
Apr 03, 2024NewsroomMobile Security / Zero Day Google has disclosed that two Android security flaws impacting its Pixel smartphones have been exploited in the wild by forensic companies. The high-severity zero-day vulnerabilities are as follows – CVE-2024-29745 – An information disclosure flaw in the bootloader component CVE-2024-29748 – A privilege escalation flaw in the firmware […]
Apr 03, 2024NewsroomData Breach / Incident Response The U.S. Cyber Safety Review Board (CSRB) has criticized Microsoft for a series of security lapses that led to the breach of nearly two dozen companies across Europe and the U.S. by a China-based nation-state group called Storm-0558 last year. The findings, released by the Department of Homeland […]
Enlarge / Downtown Kansas City, Missouri, which is part of Jackson County. Eric Rogers Jackson County, Missouri, has declared a state of emergency and closed key offices indefinitely as it responds to what officials believe is a ransomware attack that has made some of its IT systems inoperable. “Jackson County has identified significant disruptions within […]
Highly sensitive files mysteriously disappeared from EUROPOL headquarters Pierluigi Paganini April 03, 2024 A batch of highly sensitive files containing the personal information of top Europol executives mysteriously disappeared last summer The website Politico reported that the Europol has suffered a serious security breach, a batch of sensitive files of top law enforcement officials, including […]
Apr 03, 2024NewsroomBrowser Security / Session Hijacking Google on Tuesday said it’s piloting a new feature in Chrome called Device Bound Session Credentials (DBSC) to help protect users against session cookie theft by malware. The prototype – currently tested against “some” Google Account users running Chrome Beta – is built with an aim to make […]
First cc.bat for reconnaissance Once the scheduled task is triggered, a previously deployed batch file, %System%cc.bat, is executed in the remote machine. Based on our telemetry, this batch file launches commands to gather system information. Among the commands executed are: powershell.exe -command “Get-NetAdapter |select InterfaceGuid” arp -a ipconfig /all fsutil fsinfo drives query user net […]
Key takeaways Proofpoint identified multiple YouTube channels distributing malware by promoting cracked and pirated video games and related content. The video descriptions include links leading to the download of information stealers. The activity likely targets consumer users who do not have the benefits of enterprise-grade security on their home computers. Overview Threat actors often target […]
- 1
- 2