Security News

A new Windows malware has emerged that makes disks unusable by overwriting the master boot record. Overwriting the MBR is the same trick that the infamous NotPetya wiper malware used in 2017 in a campaign that caused widespread, global financial damage.

Researchers have published proof-of-concept exploits to demonstrate that the Windows vulnerability tracked as SMBGhost and CVE-2020-0796 can be exploited for local privilege escalation. The critical flaw, described as "Wormable" and related to the way SMB 3.1.1 handles certain requests, affects Windows 10 and Windows Server versions 1903 and 1909.

Windows users under attack via two new RCE zero-daysAttackers are exploiting two new zero-days in the Windows Adobe Type Manager Library to achieve remote code execution on targeted Windows systems. Widely available ICS attack tools lower the barrier for attackersThe general availability of ICS-specific intrusion and attack tools is widening the pool of attackers capable of targeting operational technology networks and industrial control systems.

Financially-motivated hackers believed to be operating out of Russia recently targeted companies in Western Europe, and the attacks apparently involved a combination of two Windows vulnerabilities that Microsoft did not expect to be exploited. According to Singapore-based cybersecurity firm Group-IB, the threat groups tracked as TA505 and Silence - the company previously found links between the two groups - targeted at least two pharmaceutical and manufacturing companies in Belgium and Germany in late January.

While we wait for Microsoft to provide fixes for the two new Windows RCE zero-days that are being exploited in "Limited targeted Windows 7 based attacks," ACROS Security has released micropatches that can prevent remote attackers from exploiting the flaws. In a blog post published on Thursday, ACROS Security CEO Mitja Kolsek explained which attack vectors can be used to exploit the vulnerabilities and why Windows 10 users are at a lower risk of attack.

ACROS Security's 0patch service has developed unofficial patches for two actively exploited Windows vulnerabilities for which Microsoft has yet to release fixes. Hackers can exploit the flaws by convincing users to open specially crafted documents or viewing them in the Windows preview pane.

The Remote Code Execution vulnerabilities affect Adobe Type Manager Library, the part of Windows that manages PostScript Type 1 fonts. Importantly the same danger would arise even if users viewed that document using the Windows File Explorer file manager preview features.

Apple has emitted a bundle of security fixes ranging across its product lines. For the flagship iOS, the 13.4 update includes fixes for 30 security holes.

Adobe has issued a patch for a critical flaw that can be exploited to delete files from Windows computers running the Creative Cloud client. "Successful exploitation could lead to arbitrary File Deletion in the context of the current user," Adobe said in its bulletin today.

Hackers are commandeering victims' Windows PCs by exploiting at least one remote-code-execution flaw in the Adobe Type Manager Library included with the Microsoft operating system. Redmond today warned of two flaws, not yet assigned CVE numbers, present in the font parser - and at least one has been exploited in a "Limited number of attacks" to hijack vulnerable computers.