Security News

The GrapheneOS team behind the privacy and security-focused Android-based operating system with the same name is suggesting that Android should introduce an auto-reboot feature to make exploitation of firmware flaws more difficult. The project revealed that it recently reported firmware vulnerabilities in the Android operating system that impact Google Pixel and Samsung Galaxy phones, which could be exploited to steal data and spy on users when the device is not at rest.

Criminals are exploiting a Windows Defender SmartScreen bypass vulnerability to infect PCs with Phemedrone Stealer, a malware strain that scans machines for sensitive information - passwords, cookies, authentication tokens, you name it - to grab and leak. That file exploits CVE-2023-36025 to evade the Windows SmartScreen as it downloads and opens a.cpl file, which is a Windows control panel item.

Security experts claim ransomware criminals have got their hands on a functional exploit for a nearly year-old critical Microsoft SharePoint vulnerability that was this week added to the US's must-patch list. Without specifically identifying the gang, researcher Kevin Beaumont said that at least one ransomware group has a working exploit for the critical vulnerability, which can potentially achieve remote code execution although the US Cybersecurity and Infrastructure Security Agency said its use in ransomware campaigns is currently "Unknown."

Security experts believe Chinese nation-state attackers are actively exploiting two zero-day vulnerabilities in security products made by Ivanti. Ivanti believes fewer than ten victims have been successfully attacked thus far, but according to a Shodan scan by Beaumont, the number of vulnerable gateways exposed to the internet is just north of 15,000.

Cybersecurity researchers have developed a proof-of-concept (PoC) code that exploits a recently disclosed critical flaw in the Apache OfBiz open-source Enterprise Resource Planning (ERP) system to...

A pair of zero-day flaws identified in Ivanti Connect Secure (ICS) and Policy Secure have been chained by suspected China-linked nation-state actors to breach less than 10 customers. Cybersecurity...

SonicWall says it has observed thousands of daily attempts to exploit an Apache OFBiz zero-day for nearly a fortnight. If you use the Apache Software Foundation framework, which includes business process automation apps and other enterprise-friendly functions, you should upgrade to OFBiz version 18.12.11 immediately to patch both this and a second, equally serious hole.

Kaspersky researchers are detailing "An attack that over four years backdoored dozens if not thousands of iPhones, many of which belonged to employees of Moscow-based security firm Kaspersky." It's a zero-click exploit that makes use of four iPhone zero-days. It uses return/jump oriented programming and multiple stages written in the NSExpression/NSPredicate query language, patching the JavaScriptCore library environment to execute a privilege escalation exploit written in JavaScript.

Information stealing malware are actively taking advantage of an undocumented Google OAuth endpoint named MultiLogin to hijack user sessions and allow continuous access to Google services even...

Researchers have created a decryptor that exploits a flaw in Black Basta ransomware, allowing victims to recover their files for free. The decryptor allows Black Basta victims from November 2022 to this month to potentially recover their files for free.