Security News > 2023 > September
Google and Mozilla have patched a zero-day exploit in Chrome and Firefox, respectively. The zero-day exploit could leave users open to a heap buffer overflow, through which attackers could inject malicious code.
Proof-of-concept exploit code has surfaced on GitHub for a critical authentication bypass vulnerability in Microsoft SharePoint Server, allowing privilege escalation. Janggggg successfully achieved RCE on a Microsoft SharePoint Server using this exploit chain during the March 2023 Pwn2Own contest in Vancouver, earning a $100,000 reward.
Threat actors are selling a new crypter and loader called ASMCrypt, which has been described as an "evolved version" of another loader malware known as DoubleFinger. "The idea behind this type of...
Sebastien Raoult, a 22-year-old from France, has pleaded guilty in the U.S. District Court of Seattle to conspiracy to commit wire fraud and aggravated identity theft as part of his activities in the ShinyHunters hacking group. "After Raoult and his co-conspirators hacked companies, a user going by the name ShinyHunters posted hacked data from many of those companies for sale on dark web forums, including RaidForums, EmpireMarket, and Exploit."
Windows operating systems are the target of new malware dubbed ZenRAT by U.S.-based cybersecurity company Proofpoint. The attackers built a website that impersonates the popular Bitwarden password manager; if accessed via Windows, the fake site delivers the ZenRAT malware disguised as Bitwarden software.
Norway has told the European Data Protection Board it believes a countrywide ban on Meta harvesting user data to serve up advertising on Facebook and Instagram should be made permanent and extended across Europe. The Scandinavian country's Data Protection Authority, Datatilsynet, had been holding back Facebook parent Meta from scooping up data on its citizens with the threat of fines of one million Kroner per day if it didn't comply.
Users of Bing Chat, the GPT-4-powered search engine Microsoft introduced earlier this year, are being targeted with ads leading to malware. Malwarebytes researchers tested Bing Chat with a simple query: "Download advanced IP scanner".
Many Discord users attempting to access the popular instant messaging and VoIP social platform today have been met with a scary "Sorry, you have been blocked" message. A spike in reports about users' inability to access Discord has also been recorded on Downdetector, with the issues starting around two hours ago based on the data provided there.
The North Korea-linked Lazarus Group has been linked to a cyber espionage attack targeting an unnamed aerospace company in Spain in which employees of the firm were approached by the threat actor...
Most people are barely thinking about basic cybersecurity, let alone post-quantum cryptography. But the impact of a post-quantum world is coming for them regardless of whether or not it's keeping...