Cybersecurity

Ivanti Rushes Patches for 4 New Flaws in Connect Secure and Policy Secure

Apr 04, 2024NewsroomNetwork Security / Vulnerability Ivanti has released security updates to address four security flaws impacting Connect Secure and Policy Secure Gateways that could result in code execution and denial-of-service (DoS). The list of flaws is as follows – CVE-2024-21894 (CVSS score: 8.2) – A heap overflow vulnerability in the IPSec component of Ivanti […]

Cybersecurity

Google Warns: Android Zero-Day Flaws in Pixel Phones Exploited by Forensic Companies

Apr 03, 2024NewsroomMobile Security / Zero Day Google has disclosed that two Android security flaws impacting its Pixel smartphones have been exploited in the wild by forensic companies. The high-severity zero-day vulnerabilities are as follows – CVE-2024-29745 – An information disclosure flaw in the bootloader component CVE-2024-29748 – A privilege escalation flaw in the firmware […]

Cybersecurity

Missouri county declares state of emergency amid suspected ransomware attack

Enlarge / Downtown Kansas City, Missouri, which is part of Jackson County. Eric Rogers Jackson County, Missouri, has declared a state of emergency and closed key offices indefinitely as it responds to what officials believe is a ransomware attack that has made some of its IT systems inoperable. “Jackson County has identified significant disruptions within […]

Cybersecurity

Highly sensitive files mysteriously disappeared from EUROPOL headquarters

Highly sensitive files mysteriously disappeared from EUROPOL headquarters Pierluigi Paganini April 03, 2024 A batch of highly sensitive files containing the personal information of top Europol executives mysteriously disappeared last summer The website Politico reported that the Europol has suffered a serious security breach, a batch of sensitive files of top law enforcement officials, including […]

Cybersecurity

Google Chrome Beta Tests New DBSC Protection Against Cookie-Stealing Attacks

Apr 03, 2024NewsroomBrowser Security / Session Hijacking Google on Tuesday said it’s piloting a new feature in Chrome called Device Bound Session Credentials (DBSC) to help protect users against session cookie theft by malware. The prototype – currently tested against “some” Google Account users running Chrome Beta – is built with an aim to make […]

Cybersecurity

Earth Freybug Uses UNAPIMON for Unhooking Critical APIs

First cc.bat for reconnaissance Once the scheduled task is triggered, a previously deployed batch file, %System%cc.bat, is executed in the remote machine. Based on our telemetry, this batch file launches commands to gather system information. Among the commands executed are: powershell.exe  -command “Get-NetAdapter |select InterfaceGuid” arp  -a ipconfig  /all fsutil  fsinfo drives query  user net  […]

Cybersecurity

Threat Actors Deliver Malware via YouTube Video Game Cracks  | Proofpoint US

Key takeaways  Proofpoint identified multiple YouTube channels distributing malware by promoting cracked and pirated video games and related content.  The video descriptions include links leading to the download of information stealers.  The activity likely targets consumer users who do not have the benefits of enterprise-grade security on their home computers.  Overview  Threat actors often target […]

  • 1
  • 2