Security News

18-year-old security flaw in Firefox and Chrome exploited in attacks

2024-08-08 16:28

A vulnerability disclosed 18 years ago, dubbed "0.0.0.0 Day", allows malicious websites to bypass security in Google Chrome, Mozilla Firefox, and Apple Safari and interact with services on a local...

#attack #chrome #firefox #security

Windows Downgrade Attack Risks Exposing Patched Systems to Old Vulnerabilities

2024-08-08 10:05

Microsoft said it is developing security updates to address two loopholes that it said could be abused to stage downgrade attacks against the Windows update architecture and replace current versions of the Windows files with older versions. The second vulnerability also concerns a case of privilege escalation in Windows systems that support VBS, effectively allowing an adversary to replace current versions of Windows system files with outdated versions.

#attack #systems #vulnerabilities #windows #CVE-2024-21302

“Perfect” Windows downgrade attack turns fixed vulnerabilities into zero-days

2024-08-08 09:53

A researcher has developed a downgrade attack that can make Windows machines covertly, persistently and irreversibly vulnerable, even if they were fully patched before that. A downgrade attack exploiting the Windows Update process.

#attack #vulnerabilities #windows #zeroday

Critical Security Flaw in WhatsUp Gold Under Active Attack - Patch Now

2024-08-08 05:13

A critical security flaw impacting Progress Software WhatsUp Gold is seeing active exploitation attempts, making it essential that users move quickly to apply the latest. The vulnerability in question is CVE-2024-4885, an unauthenticated remote code execution bug impacting versions of the network monitoring application released before 2023.1.3.

#attack #critical #patch #security #CVE-2024-4883 #CVE-2024-4884 #CVE-2024-4885

SEC ends probe into MOVEit attacks impacting 95 million people

2024-08-07 22:35

The SEC concludes its investigation into Progress Software's handling of the widespread exploitation of a MOVEit Transfer zero-day flaw that exposed data of over 95 million people. [...]

#attack #moveit #SEC

New CMoon USB worm targets Russians in data theft attacks

2024-08-07 21:23

A new self-spreading worm named 'CMoon,' capable of stealing account credentials and other data, has been distributed in Russia since early July 2024 via a compromised gas supply company website. [...]

#attack #russian #USB #worm

Windows Update downgrade attack "unpatches" fully-updated systems

2024-08-07 20:24

SafeBreach security researcher Alon Leviev discovered a Windows Update downgrade attack that can "unpatch" fully-updated Windows 10, Windows 11, and Windows Server systems to reintroduce old...

#attack #systems #update #windows

McLaren hospitals disruption linked to INC ransomware attack

2024-08-07 18:48

On Tuesday, IT and phone systems at McLaren Health Care hospitals were disrupted following an attack linked to the INC Ransom ransomware operation. [...]

#attack #hospital #mclaren #ransomware

UK health services call-handling vendor faces $7.7M fine over 2022 ransomware attack

2024-08-07 08:26

The UK's data protection watchdog says it plans to fine a managed software provider to the NHS £6.09 million for failings that led to a 2022 ransomware attack. Advanced pulled its systems offline on August 4, 2022, in an incident that was eventually attributed to LockBit, back in its heydey which has thankfully now ended.

#attack #ransomware #UK #vendor

INTERPOL recovers over $40 million stolen in a BEC attack

2024-08-06 18:38

A global stop-payment mechanism created by INTERPOL successfully recovered over $40 million stolen in a BEC attack on a company in Singapore. [...]

#attack

Security News {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Security News"}]}

Security News