Microsoft has fixed a bug that could allow a threat actor to create specially crafted downloads that crash Windows 10 simply by opening the folder where they are downloaded. Microsoft has classified this bug as a DDoS vulnerability and is tracking it as CVE-2021-28312 with the title ‘Windows NTFS Denial of Service Vulnerability.’
Nato holds Locked Shields 2021 – cyber war games with hackers targeting fictional island nation. The drills involving 30 countries are meant to test Nato’s defences during a global pandemic that is making the world more dependent on virtual systems. Hackers targeted vaccine developers during the Covid-19 crisis and the US government was the target of a major cyber attack, which was discovered last year.
A joint advisory from the U.S. National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) warn that the Russian Foreign Intelligence Service (SVR) is exploiting five vulnerabilities in attacks against U.S.
Security researchers from Intel 471 told about EtterSilent, a flexible malicious document builder used by hackers to implement their criminal schemes. First advertised on a well-known Russian cybercrime forum, the seller offered two types of weaponized Microsoft Office documents (maldocs) to users: one that exploits a known vulnerability in Microsoft Office (CVE-2017-8570) and another that uses a malicious macro.
Microsoft Exchange Server attacks: a significant number of cyberattacks targeting vulnerable Microsoft Exchange servers are attempted every single day, warn researchers at F-Secure – who say it is critical to apply the patches immediately.
Popular npm library netmask has a critical networking vulnerability. Netmask is frequently used by hundreds of thousands of applications to parse IPv4 addresses and CIDR blocks or compare them. The component gets over 3 million weekly downloads, and as of today, has scored over 238 million total downloads over its lifetime.
Cornell University specialists have introduced the first microarchitectural side channel attacks that leverage contention on the CPU ring interconnect. They demonstrated our attack by extracting key bits from vulnerable EdDSA and RSA implementations, as well as inferring the precise timing of keystrokes typed by a victim user.
PingSafe AI, a security company that monitors multiple breaches in real-time, has uncovered a critical vulnerability in the iPhone automatic call recorder application that exposed thousands of users’ recorded calls. The Call Recorder app-enabled third-parties to access a user’s entire library of recordings, just by knowing their phone number.
Masslogger Trojan reinvented in quest to steal Outlook, Chrome credentials. The operators have also been linked to the use of AgentTesla, Formbook, and AsyncRAT. Cybersecurity researchers from Cisco Talos said the campaign is currently focused on victims in Turkey, Latvia, and Italy, expanding activities documented in late 2020 which targeted users in Spain, Bulgaria, Lithuania, Hungary, Estonia, and Romania.
The GreatHorn Threat Intelligence Team has identified a new email attack trend, where cybercriminals are able to bypass traditional URL defenses to attack end users. The URLs are malformed, not utilizing the normal URL protocols, such as http:// or https://. Instead, they use http:/\ in their URL prefix.
