Security News

New Critical Security Flaws Expose Exim Mail Servers to Remote Attacks
2023-09-30 04:14

Multiple security vulnerabilities have been disclosed in the Exim mail transfer agent that, if successfully exploited, could result in information disclosure and remote code execution. The list of...

The Week in Ransomware - September 29th 2023 - Dark Angels
2023-09-29 21:50

This week has been a busy ransomware week, with ransomware attacks having a massive impact on organizations and the fallout of the MOVEit breaches to be disclosed. Kettering logistics firm enters administration with 730 jobs lost September 27th 2023 Building automation giant Johnson Controls hit by ransomware attack.

Friday Squid Blogging: Protecting Cephalopods in Medical Research
2023-09-29 21:07

Cephalopods such as octopuses and squid could soon receive the same legal protection as mice and monkeys do when they are used in research. On 7 September, the US National Institutes of Health asked for feedback on proposed guidelines that, for the first time in the United States, would require research projects involving cephalopods to be approved by an ethics board before receiving federal funding.

Microsoft Bing Chat pushes malware via bad ads
2023-09-29 20:54

Microsoft introduced its Bing Chat AI search assistant in February and a month later began serving ads alongside it to help cover costs. Security outfit Malwarebytes said on Thursday it has identified malvertising - harmful ads - distributed via Bing Chat conversations.

Millions of Exim mail servers exposed to zero-day RCE attacks
2023-09-29 20:11

A critical zero-day vulnerability in all versions of Exim mail transfer agent software can let unauthenticated attackers gain remote code execution on Internet-exposed servers. MTA servers like Exim are highly vulnerable targets, primarily because they are often accessible via the Internet, serving as easy entry points for attackers into a target's network.

PhD student guilty of 3D-printing 'kamikaze' drone for Islamic State terrorists
2023-09-29 19:31

A PhD student has been found guilty of building a potentially deadly drone for Islamic State terrorists, in part using his home 3D printer. The prosecution said he had designed the single-use, video-transmitting "Kamikaze" drone "Somewhat inspired by the design of the Tomahawk missile," and used a 3D printer to build the wings.

Video Encoding Library Leaves Chrome, Firefox and More Open to Zero-Day Attack
2023-09-29 19:12

Google and Mozilla have patched a zero-day exploit in Chrome and Firefox, respectively. The zero-day exploit could leave users open to a heap buffer overflow, through which attackers could inject malicious code.

Exploit released for Microsoft SharePoint Server auth bypass flaw
2023-09-29 18:06

Proof-of-concept exploit code has surfaced on GitHub for a critical authentication bypass vulnerability in Microsoft SharePoint Server, allowing privilege escalation. Janggggg successfully achieved RCE on a Microsoft SharePoint Server using this exploit chain during the March 2023 Pwn2Own contest in Vancouver, earning a $100,000 reward.

Cybercriminals Using New ASMCrypt Malware Loader to Fly Under the Radar
2023-09-29 16:43

Threat actors are selling a new crypter and loader called ASMCrypt, which has been described as an "evolved version" of another loader malware known as DoubleFinger. "The idea behind this type of...

ShinyHunters member pleads guilty to $6 million in data theft damages
2023-09-29 14:59

Sebastien Raoult, a 22-year-old from France, has pleaded guilty in the U.S. District Court of Seattle to conspiracy to commit wire fraud and aggravated identity theft as part of his activities in the ShinyHunters hacking group. "After Raoult and his co-conspirators hacked companies, a user going by the name ShinyHunters posted hacked data from many of those companies for sale on dark web forums, including RaidForums, EmpireMarket, and Exploit."