Windows, Ubuntu, Zoom, Safari, MS Exchange Hacked at Pwn2Own 2021 – Tempemail

The 2021 spring edition of Pwn2Own hacking contest concluded last week on April 8 with a three-way tie between Team Devcore, OV, and Computest researchers Daan Keuper and Thijs Alkemade. A total of $1.2 million was awarded for 16 high-profile exploits over the course of the three-day virtual event organized Continue Reading

Hackers Using a Windows OS Feature to Evade Firewall and Gain Persistence – Tempemail

A novel technique adopted by attackers finds ways to use Microsoft’s Background Intelligent Transfer Service (BITS) so as to deploy malicious payloads on Windows machines stealthily. In 2020, hospitals, retirement communities, and medical centers bore the brunt of an ever-shifting phishing campaign that distributed custom backdoors such as KEGTAP, which Continue Reading

Purple Fox Rootkit Can Now Spread Itself to Other Windows Computers – Tempemail

Purple Fox, a Windows malware previously known for infecting machines by using exploit kits and phishing emails, has now added a new technique to its arsenal that gives it worm-like propagation capabilities. The ongoing campaign makes use of a “novel spreading technique via indiscriminate port scanning and exploitation of exposed Continue Reading

LodaRAT Windows Malware Now Also Targets Android Devices – Tempemail

A previously known Windows remote access Trojan (RAT) with credential-stealing capabilities has now expanded its scope to set its sights on users of Android devices to further the attacker’s espionage motives. “The developers of LodaRAT have added Android as a targeted platform,” Cisco Talos researchers said in a Tuesday analysis. Continue Reading

Microsoft Issues Patches for In-the-Wild 0-day and 55 Others Windows Bugs – Tempemail

Microsoft on Tuesday issued fixes for 56 flaws, including a critical vulnerability that’s known to be actively exploited in the wild. In all, 11 are listed as Critical, 43 are listed as Important, and two are listed as Moderate in severity — six of which are previously disclosed vulnerabilities. The Continue Reading

Experts Detail A Recent Remotely Exploitable Windows Vulnerability – Tempemail

More details have emerged about a security feature bypass vulnerability in Windows NT LAN Manager (NTLM) that was addressed by Microsoft as part of its monthly Patch Tuesday updates earlier this month. The flaw, tracked as CVE-2021-1678 (CVSS score 4.3), was described as a “remotely exploitable” flaw found in a Continue Reading

Microsoft Issues Patches for Defender Zero-Day and 82 Other Windows Flaws – Tempemail

For the first patch Tuesday of 2021, Microsoft released security updates addressing a total of 83 flaws spanning as many as 11 products and services, including an actively exploited zero-day vulnerability. The latest security patches cover Microsoft Windows, Edge browser, ChakraCore, Office and Microsoft Office Services, and Web Apps, Visual Continue Reading

Google Discloses Poorly-Patched, Now Unpatched, Windows 0-Day Bug – Tempemail

Google’s Project Zero team has made public details of an improperly patched zero-day security vulnerability in Windows print spooler API that could be leveraged by a bad actor to execute arbitrary code. Details of the unpatched flaw were revealed publicly after Microsoft failed to patch it within 90 days of Continue Reading

Microsoft Releases Windows Update (Dec 2020) to Fix 58 Security Flaws – Tempemail

Microsoft on Tuesday released fixes for 58 newly discovered security flaws spanning as many as 11 products and services as part of its final Patch Tuesday of 2020, effectively bringing their CVE total to 1,250 for the year. Of these 58 patches, nine are rated as Critical, 46 are rated Continue Reading

Microsoft Releases Windows Security Updates For Critical Flaws – Tempemail

Microsoft formally released fixes for 87 newly discovered security vulnerabilities as part of its November 2020 Patch Tuesday, including an actively exploited zero-day flaw disclosed by Google’s security team last week. The rollout addresses a total of 112 vulnerabilities, 17 of which are rated critical, once again bringing the patch Continue Reading