Security News > 2020 > March > Week in review: Python backdoor attacks, Windows zero-days under attack, crowdsourced pentesting
Windows users under attack via two new RCE zero-daysAttackers are exploiting two new zero-days in the Windows Adobe Type Manager Library to achieve remote code execution on targeted Windows systems.
Widely available ICS attack tools lower the barrier for attackersThe general availability of ICS-specific intrusion and attack tools is widening the pool of attackers capable of targeting operational technology networks and industrial control systems.
Python backdoor attacks and how to prevent themPython backdoor attacks are increasingly common.
Scripting attacks are nearly as common as malware-based attacks in the United States and, according to the most recent Crowdstrike Global Threat Report, scripting is the most common attack vector in the EMEA region.
Crowdsourced pentesting is not without its issuesCrowdsourced security isn't new anymore, having existed in one form or another as a consumable enterprise service since 2013 with the launch of the main crowdsourced platforms.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/3rxzDN8M32o/
Related news
- New Windows Server 2012 zero-day gets free, unofficial patches (source)
- Japan warns of IO-Data zero-day router flaws exploited in attacks (source)
- New Windows zero-day exposes NTLM credentials, gets unofficial patch (source)
- Fully patched Cleo products under renewed 'zero-day-ish' mass attack (source)
- New Cleo zero-day RCE flaw exploited in data theft attacks (source)
- Cleo patches critical zero-day exploited in data theft attacks (source)
- Windows kernel bug now exploited in attacks to gain SYSTEM privileges (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)
- Ivanti warns of new Connect Secure flaw used in zero-day attacks (source)
- Ivanti zero-day attacks infected devices with custom malware (source)