Internet Explorer and Windows zero-day exploits used in Operation PowerFall
Executive summary
In May 2020, Kaspersky technologies prevented an attack on a South Korean company by a malicious script for Internet Explorer. Closer analysis revealed that the attack used a previously unknown...
Agent Tesla Spyware Adds Fresh Tricks to Its Arsenal
The RAT is surging in 2020, becoming more prevalent than even the infamous TrickBot or Emotet malware.
Source: Threadpost
Two 0-Days Under Active Attack, Among 120 Bugs Patched by Microsoft
One of the two zero-day bugs is rated ‘critical’ and is classified as a remote code-execution bug impacting Microsoft’s Internet Explorer.
Source: Threadpost
Critical Intel Flaw Afflicts Several Motherboards, Server Systems, Compute Modules
A critical privilege-escalation flaw affects several popular Intel motherboards, server systems and compute modules.
Source: Threadpost
Critical Adobe Acrobat and Reader Bugs Allow RCE
Adobe patched critical and important-severity flaws tied to 26 CVEs in Acrobat and Reader.
Source: Threadpost
Cybersecurity Skills Gap Worsens, Fueled by Lack of Career Development
The fundamental causes for the skill gap are myriad, starting with a lack of training and career-development opportunities.
Source: Threadpost
Samsung Quietly Fixed Critical Galaxy Flaws Allowing Spying, Data Wiping
Four critical-severity flaws were recently disclosed in the Find My Mobile feature of Samsung Galaxy smartphones, which if exploited could allow attackers to force a factory reset on the phones or...
Researcher Publishes Bypass for Patch for vBulletin 0-Day Flaw
Three separate proof-of-concepts on Bash, Python and Ruby posted to outsmart fix issued last year to remedy pre-auth RCE bug.
Source: Threadpost
Google Fixes Mysterious Audio Recording Blip in Smart Speakers
Google Home devices reportedly recorded noises even without the "Hey Google" prompt due to the inadvertent rollout of a home security system feature.
Source: Threadpost
Google Chrome Browser Bug Exposes Billions of Users to Data Theft
The vulnerability allows attackers to bypass Content Security Policy (CSP) protections and steal data from website visitors.
Source: Threadpost