Tag: windows
-
Lazarus Hackers Exploits macOS Extended Attributes To Evade Detection
by
in SecurityNewsThe xattr command in Unix-like systems allows for the embedding of hidden metadata within files, similar to Windows ADS, known as Rustyattr, which is being exploited by threat actors like Lazarus Group to stealthily conceal malicious payloads within seemingly benign files. The Lazarus Group is covertly embedding malicious data within system files using xattr, a…
-
Microsoft Finally Releases Recall as Part of Windows Insider Preview
by
in SecurityNewsThe preview version now includes multiple security-focused additions Microsoft had promised to include, such as SecureBoot, BitLocker, and Windows Hello. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/microsoft-releases-recall-windows-insider-preview
-
Kein Klick nötig: Russische Hacker attackieren Windows-Nutzer via Firefox
by
in SecurityNewsFür einen erfolgreichen Angriff reicht der bloße Besuch einer speziell präparierten Webseite. Deutschland ist bei den Zielregionen ganz vorne mit dabei. First seen on golem.de Jump to article: www.golem.de/news/kein-klick-noetig-russische-hacker-attackieren-windows-nutzer-via-firefox-2411-191188.html
-
Hackers Exploit Firefox and Windows Flaws: RomCom’s Advanced Attack Unveiled
by
in SecurityNewsA Russia-aligned hacking group, known as RomCom (also identified as Storm-0978, Tropical Scorpius, or UNC2596), has successfully exploited two zero-day vulnerabilities”, one in Mozilla Firefox and another in Microsoft Windows Task Scheduler. These vulnerabilities, identified as CVE-2024-9680 and CVE-2024-49039, were chained together to allow the group to execute arbitrary code and install malicious backdoors on…
-
Russian RomCom APT Group Leverages Zero-Day Flaws in Firefox and Windows
by
in SecurityNewsRussia-backed hackers, known as RomCom, have exploited critical zero-day vulnerabilities in Mozilla Firefox and Windows to launch targeted attacks First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/romcom-apt-zeroday-flaws-firefox/
-
Russian APT Chained Firefox and Windows Zero-Days Against US and European Targets
The Russia-linked RomCom APT has been observed chaining two zero-days in Firefox and Windows for backdoor delivery. The post Russian APT Chained Firefox and Windows Zero-Days Against US and European Targets appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/russian-apt-chained-firefox-and-windows-zero-days-against-us-and-european-targets/
-
Hotpatching kommt auch in Windows 11
by
in SecurityNewsWindows 11 kommt auch in den Genuss von Neustart-losen Updates. Microsoft beginnt den Probebetrieb für verwaltetes Windows 11 24H2 Enterprise. First seen on heise.de Jump to article: www.heise.de/news/Microsoft-Hotpatching-kommt-auch-in-Windows-11-10177968.html
-
RomCom Exploits Zero-Days in Firefox (CVE-2024-9680) Windows (CVE-2024-49039) with No User Interaction
by
in SecurityNews
Tags: attack, browser, cybersecurity, exploit, microsoft, russia, threat, vulnerability, windows, zero-dayIn a recent cybersecurity report, ESET researchers have unveiled a coordinated attack by the Russia-aligned threat actor RomCom, exploiting zero-day vulnerabilities in both Mozilla Firefox and Microsoft Windows. These vulnerabilities”, previously... First seen on securityonline.info Jump to article: securityonline.info/romcom-exploits-zero-days-in-firefox-cve-2024-9680-windows-cve-2024-49039-with-no-user-interaction/
-
Russian Hackers Target Mozilla, Windows in New Exploit Chain
by
in SecurityNewsESET Discovers Two Major Vulnerabilities Exploited by Russian RomCom Hacking Group. Two vulnerabilities in Mozilla products and Windows are actively exploited by RomCom, a Kremlin-linked cybercriminal group known for targeting businesses and conducting espionage, warn security researchers from Eset. Exploiting the two flaws together enables attackers to execute arbitrary code. First seen on govinfosecurity.com Jump…
-
‘RomCom’ APT Mounts Zero-Day, Zero-Click Browser Escapes in Firefox, Tor
by
in SecurityNewsThe innocuously named Russian-sponsored cyber threat actor has combined critical and serious vulnerabilities in Windows and Firefox products in a zero-click code execution exploit. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/romcom-apt-zero-day-zero-click-browser-escapes-firefox-tor
-
Russian hackers exploit Firefox, Windows zero-days in wild
by
in SecurityNewsRomCom threat actors chain two Firefox and Windows zero-day vulnerabilities together in order to execute arbitrary code in vulnerable Mozilla browsers. First seen on Jump to article: /www.techtarget.com/searchsecurity/news/366616460/Russian-hackers-exploit-Firefox-Windows-zero-days-in-wild
-
Russia-linked hackers exploited Firefox and Windows bugs in ‘widespread’ hacking campaign
by
in SecurityNewsThe Russia-aligned RomCom gang exploited the vulnerabilities to target hundreds of Firefox users across Europe and North America. First seen on techcrunch.com Jump to article: techcrunch.com/2024/11/26/russia-linked-hackers-exploited-firefox-and-windows-zero-day-bugs-in-widespread-hacking-campaign/
-
RomCom Hackers Exploits Windows Firefox Zero-Day in Advanced Cyberattacks
by
in SecurityNewsIn a new wave of cyberattacks, the Russia-aligned hacking group >>RomCom>The compromise chain is composed of a […] The post RomCom Hackers Exploits Windows & Firefox Zero-Day in Advanced Cyberattacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform. First seen on gbhackers.com Jump to article: gbhackers.com/romcom-hackers-exploits-windows-firefox-zero-day/
-
Bing Wallpaper app, now in Windows Store, accused of cookie shenanigans
by
in SecurityNewsMicrosoft free tool snooping on users? Surely not! First seen on theregister.com Jump to article: www.theregister.com/2024/11/26/bing_wallpaper_app/
-
Firefox and Windows zero-days exploited by Russian RomCom hackers
by
in SecurityNewsRussian-based RomCom cybercrime group chained two zero-day vulnerabilities in recent attacks targeting Firefox and Tor Browser users across Europe and North America. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/firefox-and-windows-zero-days-exploited-by-russian-romcom-hackers/
-
RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks
by
in SecurityNewsThe Russia-aligned threat actor known as RomCom has been linked to the zero-day exploitation of two security flaws, one in Mozilla Firefox and the other in Microsoft Windows, as part of attacks designed to deliver the eponymous backdoor on victim systems.”In a successful attack, if a victim browses a web page containing the exploit, an…
-
RomCom hackers chained Firefox and Windows zero-days to deliver backdoor
by
in SecurityNewsRussia-aligned APT group RomCom was behind attacks that leveraged CVE-2024-9680, a remote code execution flaw in Firefox, and CVE-2024-49039, an elevation of privilege … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/26/romcom-backdoor-cve-2024-9680-cve-2024-49039/
-
Windows Themes zero-day bug exposes users to NTLM credential theft
by
in SecurityNewsFirst seen on theregister.com Jump to article: www.theregister.com/2024/10/30/zeroday_windows_themes/
-
LockBit-Ransomware bereitet Angriffe auf Apple vor
by
in SecurityNewsÜber Ransomware mussten sich die Nutzer von Apple-Geräten bislang weit weniger Gedanken machen als Windows-Nutzer. Mit einer neuen Variante von LockBi… First seen on 8com.de Jump to article: www.8com.de/cyber-security-blog/lockbit-ransomware-bereitet-angriffe-auf-apple-vor
-
Mysterious Elephant Using Hajj-Themed Bait in Attacks
Group Deploys Upgraded Malware Disguised as Microsoft File on Pilgrimage Goers. A South Asian threat actor identified as Mysterious Elephant or APT-K-47 by Knownsec 404 researchers is using a Hajj-themed lure to trick victims into malicious payload disguised as a Windows file. The hacker is using upgraded Asyncshell malware disguised as a Microsoft Compiled HTML…
-
New Windows 10 0x80073CFA fix requires installing WinAppSDK 3 times
by
in SecurityNewsMicrosoft has shared a new method to fix a bug preventing app uninstalls or updates on Windows 10 for those unwilling to deploy this month’s preview update. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/new-windows-10-0x80073cfa-fix-requires-installing-winappsdk-3-times/
-
17 hottest IT security certs for higher pay today
by
in SecurityNews
Tags: access, ai, attack, automation, blockchain, business, ceo, cisa, ciso, cloud, communications, conference, container, control, credentials, cryptography, cyber, cybersecurity, data, defense, detection, encryption, exploit, finance, fortinet, google, governance, group, guide, hacker, incident response, infosec, infrastructure, intelligence, Internet, jobs, monitoring, network, penetration-testing, privacy, reverse-engineering, risk, risk-management, skills, software, technology, threat, tool, training, windowsWith the New Year on the horizon, many IT professionals may be looking to improve their careers in 2025 but need direction on the best way. The latest data from Foote Partners may provide helpful signposts.Analyzing more than 638 certifications as part of its 3Q 2024 “IT Skills Demand and Pay Trends Report,” Foote Partners…
-
Act fast to snuff out employee curiosity over ‘free’ AI apps
by
in SecurityNewsThe word “free” has always tempted employees who are looking for an app or template to make their work easier. These days, combine “free” with “AI” and the lure is almost irresistible.Since the release of ChatGPT in late 2022, free AI-themed apps have exploded. Unfortunately, some are created by threat actors. One of the latest…
-
Weaponized pen testers are becoming a new hacker staple
by
in SecurityNews
Tags: access, attack, cloud, credentials, defense, google, hacker, iam, intelligence, linux, macOS, malicious, malware, microsoft, open-source, password, penetration-testing, RedTeam, software, strategy, threat, tool, vulnerability, windowsMalicious adaptations of popular red teaming tools like Cobalt Strike and Metasploit are causing substantial disruption, emerging as a dominant strategy in malware campaigns.According to research by threat-hunting firm Elastic, known for its search-powered solutions, these two conventional penetration testing tools were weaponized to account for almost half of all malware activities in 2024.”The most…
-
Analysis: Microsoft Won’t Evict Security Vendors From The Windows Kernel Anytime Soon
by
in SecurityNewsMicrosoft is taking steps to provide an alternative way for endpoint security vendors to operate in Windows following the massive July outage, but there are no signs this new option will become compulsory in the near future. First seen on crn.com Jump to article: www.crn.com/news/security/2024/analysis-microsoft-won-t-evict-security-vendors-from-the-windows-kernel-anytime-soon
-
November 2024 Patch Tuesday Fixes Actively Exploited Flaws (CVE-2024-49039)
by
in SecurityNewsIn its November 2024 Patch Tuesday update, Microsoft addressed 90 security vulnerabilities, including two critical zero-day exploits currently being actively exploited in the wild (CVE-2024-49039 and CVE-2024-49039). This also update includes fixes for issues impacting Windows NT LAN Manager (NTLM)… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/november-2024-patch-tuesday-cve-2024-49039/
-
Microsoft blocks Windows 11 24H2 on some PCs with USB scanners
Microsoft now blocks the Windows 11 24H2 update on computers with standalone scanners, multi-function printers, fax machines, modems, and other network devices with eSCL protocol support. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-blocks-windows-11-24h2-on-some-pcs-with-usb-scanners/
-
Finding vulnerabilities in ClipSp, the driver at the core of Windows’ Client License Platform
by
in SecurityNewsBy Philippe LaulheretClipSP (clipsp.sys) is a Windows driver used to implement client licensing and system policies on Windows 10 and 11 systems.Cisco Talos researchers have discovered eight vulnerabilities related to clipsp.sys ranging from signature bypass to elevation of privileges and sandbox escape:TALOS-2024-1964 (CVE-2024-38184)TALOS-2024-1965 (CVE-2024-38185) First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/finding-vulnerabilities-in-clipsp-the-driver-at-the-core-of-windows-client-license-platform/