Cybersecurity

Microsoft Edge Bug Could Have Allowed Attackers to Silently Install Malicious Extensions

Mar 27, 2024NewsroomVulnerability / API Security A now-patched security flaw in the Microsoft Edge web browser could have been abused to install arbitrary extensions on users’ systems and carry out malicious actions. “This flaw could have allowed an attacker to exploit a private API, initially intended for marketing purposes, to covertly install additional browser extensions […]

Cybersecurity

Researchers Detail Kubernetes Vulnerability That Enables Windows Node Takeover

Mar 14, 2024NewsroomContainer Security / Vulnerability Details have been made public about a now-patched high-severity flaw in Kubernetes that could allow a malicious attacker to achieve remote code execution with elevated privileges under specific circumstances. “The vulnerability allows remote code execution with SYSTEM privileges on all Windows endpoints within a Kubernetes cluster,” Akamai security researcher […]

Cybersecurity

Researchers Detail Apple’s Recent Zero-Click Shortcuts Vulnerability

Feb 23, 2024NewsroomData Privacy / iOS Security Details have emerged about a now-patched high-severity security flaw in Apple’s Shortcuts app that could permit a shortcut to access sensitive information on the device without users’ consent. The vulnerability, tracked as CVE-2024-23204 (CVSS score: 7.5), was addressed by Apple on January 22, 2024, with the release of […]

Cybersecurity

Researchers Uncover How Outlook Vulnerability Could Leak Your NTLM Passwords

Jan 29, 2024NewsroomVulnerability / NTML Security A now-patched security flaw in Microsoft Outlook could be exploited by threat actors to access NT LAN Manager (NTLM) v2 hashed passwords when opening a specially crafted file. The issue, tracked as CVE-2023-35636 (CVSS score: 6.5), was addressed by the tech giant as part of its Patch Tuesday updates […]

Cybersecurity

Windows SmartScreen Bug Abused to Deploy Phemedrone Stealer | Cyware Hacker News

Trend Micro discovered a new attack campaign exploiting the now-patched security bypass bug (CVE-2023-36035) in Windows SmartScreen to spread a new strain of the Phemedrone Stealer. The malware targets cryptocurrency wallets and messaging apps, including Telegram, Steam, and Discord.  Diving into details The Phemedrone Stealer infection begins with the attacker placing a set of malicious […]

Cybersecurity

Hackers Weaponize Windows Flaw to Deploy Crypto-Siphoning Phemedrone Stealer

Jan 16, 2024NewsroomCryptocurrency / Windows Security Threat actors have been observed leveraging a now-patched security flaw in Microsoft Windows to deploy an open-source information stealer called Phemedrone Stealer. “Phemedrone targets web browsers and data from cryptocurrency wallets and messaging apps such as Telegram, Steam, and Discord,” Trend Micro researchers Peter Girnus, Aliakbar Zahravi, and Simon […]

Cybersecurity

Beware: Experts Reveal New Details on Zero-Click Outlook RCE Exploits

Dec 18, 2023NewsroomEmail Security / Vulnerability Technical details have emerged about two now-patched security flaws in Microsoft Windows that could be chained by threat actors to achieve remote code execution on the Outlook email service sans any user interaction. “An attacker on the internet can chain the vulnerabilities together to create a full, zero-click remote […]

Cybersecurity

Researchers Detail 8 Vulnerabilities in Azure HDInsight Analytics Service

Sep 13, 2023THNVulnerability / Data Security More details have emerged about a set of now-patched cross-site scripting (XSS) flaws in the Microsoft Azure HDInsight open-source analytics service that could be weaponized by a threat actor to carry out malicious activities. “The identified vulnerabilities consisted of six stored XSS and two reflected XSS vulnerabilities, each of […]