Security News

DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack
2024-03-14 04:57

A DarkGate malware campaign observed in mid-January 2024 leveraged a recently patched security flaw in Microsoft Windows as a zero-day using bogus software installers. “During this campaign, users...

AnyCubic fixes exploited 3D printer zero day flaw with new firmware
2024-03-07 16:10

AnyCubic has released new Kobra 2 firmware to fix a zero-day vulnerability exploited last month to print security warnings on 3D printers worldwide. At the end of February, AnyCubic printer users began reporting that their Kobra 3D printers were hacked with a print job that warned their devices were vulnerable to a critical vulnerability.

Apple's trademark tight lips extend to new iPhone, iPad zero-days
2024-03-06 17:01

Apple's latest security patches address four vulnerabilities affecting iOS and iPadOS, including two zero-days that intel suggests attackers have already exploited. Affecting RTKit, Apple's real-time operating system that runs on various devices like AirPods, Apple Watch, and more, its description closely mirrors that of CVE-2024-23225.

Apple fixes two actively exploited iOS zero-days (CVE-2024-23225, CVE-2024-23296)
2024-03-06 09:34

Apple has fixed two iOS zero-day vulnerabilities exploited by attackers in the wild. "Additional CVE entries [are] coming soon," Apple noted for both updates.

Urgent: Apple Issues Critical Updates for Actively Exploited Zero-Day Flaws
2024-03-06 05:54

Apple has released security updates to address several security flaws, including two vulnerabilities that it said have been actively exploited in the wild. The shortcomings are listed below -...

Apple fixes two new iOS zero-days exploited in attacks on iPhones
2024-03-05 21:34

Apple released emergency security updates to fix two iOS zero-day vulnerabilities that were exploited in attacks on iPhones. The company says it addressed the security flaws for devices running iOS 17.4, iPadOS 17.4, iOS 16.76, and iPad 16.7.6 with improved input validation.

Windows Kernel bug fixed last month exploited as zero-day since August
2024-03-02 15:09

Microsoft patched a high-severity Windows Kernel privilege escalation vulnerability in February, six months after being informed that the flaw was being exploited as a zero-day. Sys Windows AppLocker driver and reported to Microsoft last August as an actively exploited zero-day.

Lazarus Hackers Exploited Windows Kernel Flaw as Zero-Day in Recent Attacks
2024-02-29 11:19

The notorious Lazarus Group actors exploited a recently patched privilege escalation flaw in the Windows Kernel as a zero-day to obtain kernel-level access and disable security software on...

Lazarus hackers exploited Windows zero-day to gain Kernel privileges
2024-02-28 17:24

North Korean threat actors known as the Lazarus Group exploited a flaw in the Windows AppLocker driver as a zero-day to gain kernel-level access and turn off security tools, allowing them to bypass noisy BYOVD techniques. Avast reports that Lazarus exploited CVE-2024-21338 to create a read/write kernel primitive in an updated version of its FudModule rootkit, which ESET first documented in late 2022.

Week in review: AnyDesk phishing campaign targets employees, Microsoft fixes exploited zero-days
2024-02-18 09:00

The future of cybersecurity: Anticipating changes with data analytics and automationIn this Help Net Security interview, Mick Baccio, Staff Security Strategist at Splunk SURGe, discusses the future of cybersecurity, emphasizing the importance of data analytics and automation in addressing evolving threats. Rise in cyberwarfare tactics fueled by geopolitical tensionsIn this Help Net Security interview, Matt Shelton, Head of Threat Research and Analysis at Google Cloud, discusses the latest Threat Horizons Report, which provides intelligence-derived trends, expertise, and recommendations on threat actors to help inform cloud customer security strategies in 2024.