Security News

Windows 11, Tesla, and Ubuntu Linux hacked at Pwn2Own Vancouver
2024-03-21 07:07

On the first day of Pwn2Own Vancouver 2024, contestants demoed Windows 11, Tesla, and Ubuntu Linux zero-day vulnerabilities and exploit chains to win $732,500 and a Tesla Model 3 car. Synacktiv won the Tesla Model 3 and $200,000 after hacking the Tesla ECU with Vehicle CAN BUS Control in under 30 seconds using an integer overflow.

It's 2024 and North Korea's Kimsuky gang is exploiting Windows Help files
2024-03-21 05:30

North Korea's notorious Kimsuky cyber crime gang has commenced a campaign using fresh tactics, according to infosec tools vendor Rapid7. Rapid7 isn't sure how the gang distributes its latest attack, but is confident the payload includes poisoned Microsoft Compiled HTML Help files along with ISO, VHD, ZIP and RAR files.

New Windows Server updates cause domain controller crashes, reboots
2024-03-20 20:40

The March 2024 Windows Server updates are causing some domain controllers to crash and restart, according to widespread reports from Windows administrators. Affected servers are freezing and rebooting because of a Local Security Authority Subsystem Service process memory leak introduced with the March 2024 cumulative updates for Windows Server 2016 and Windows Server 2022.

Microsoft announces deprecation of 1024-bit RSA keys in Windows
2024-03-18 19:51

Microsoft has announced that RSA keys shorter than 2048 bits will soon be deprecated in Windows Transport Layer Security to provide increased security. 1024-bit RSA keys have approximately 80 bits of strength, while the 2048-bit key has approximately 112 bits, making the latter four billion times longer to factor.

New DEEP#GOSU Malware Campaign Targets Windows Users with Advanced Tactics
2024-03-18 17:56

A new elaborate attack campaign has been observed employing PowerShell and VBScript malware to infect Windows systems and harvest sensitive information. Cybersecurity company Securonix, which...

Microsoft again bothers Chrome users with Bing popup ads in Windows
2024-03-17 17:08

Microsoft is once again harassing Google Chrome users on Windows 10 and Windows 11 with popup desktop advertisements promoting Bing and its GPT-4 Bing Chat platform. The unsolicited ads are believed to be shown when users have Google Chrome open and configured to use Google as the default search engine.

Researchers Detail Kubernetes Vulnerability That Enables Windows Node Takeover
2024-03-14 11:59

Details have been made public about a now-patched high-severity flaw in Kubernetes that could allow a malicious attacker to achieve remote code execution with elevated privileges under specific...

RedCurl Cybercrime Group Abuses Windows PCA Tool for Corporate Espionage
2024-03-14 10:23

The Russian-speaking cybercrime group called RedCurl is leveraging a legitimate Microsoft Windows component called the Program Compatibility Assistant (PCA) to execute malicious commands. “The...

Windows 11 gets single Teams app for work and personal accounts
2024-03-13 21:56

Microsoft will soon provide a single Teams Windows and macOS app for all account types, allowing users to switch between work, school, or personal profiles with just a couple of mouse clicks. A preview version is already gradually rolling out to Windows Insiders in the Canary and Dev channels using Microsoft Teams version 24057.

Hackers exploit Windows SmartScreen flaw to drop DarkGate malware
2024-03-13 21:26

A new wave of attacks by the DarkGate malware operation exploits a now-fixed Windows Defender SmartScreen vulnerability to bypass security checks and automatically install fake software installers. The flaw tracked as CVE-2024-21412 is a Windows Defender SmartScreen flaw that allows specially crafted downloaded files to bypass these security warnings.