Security News

A malvertising operation observed last year by advertising cybersecurity company Confiant exploited what turned out to be a zero-day vulnerability in the WebKit browser engine. Confiant researchers discovered the security hole while analyzing a campaign carried out by a threat actor they call ScamClub.

The ScamClub malvertising group used a zero-day vulnerability in the WebKit web browser engine to push payloads that redirected to gift card scams. During their campaigns over the past three months, the number of malicious ad impressions served in a day recorded spikes as high as 16 million.

Slovenia-based cybersecurity research company ACROS Security last week announced the release of an unofficial micro-patch for a zero-day vulnerability in Microsoft Internet Explorer that North Korean hackers are believed to have exploited in a campaign targeting security researchers. South Korean security vendor ENKI published a report on the IE zero-day in early February, claiming that North Korean hackers leveraged it to target its researchers with malicious MHTML files leading to drive-by downloads of malicious payloads.

The statement coincided with Accellion's own public acknowledgment that an ongoing vulnerability in FTA eventually led to an information compromise with Singtel and other customer systems. "The Accellion file transfer product used by Singtel is 20 years old, and continues to be used by many organizations in the financial, governmental and commercial sector to transfer large files, despite Accellion's offering of newer and more secure file-sharing solutions," Chloé Messdaghi, chief strategist, Point3 Security, said via email.

An Internet Explorer 11 zero-day vulnerability used against security researchers, not yet fixed by Microsoft, today received a micropatch that prevents exploitation. An MHT file, or MIME HTML, is a special file format used by Internet Explorer to store a web page and its resources in a single archive file.

An Internet Explorer 11 zero-day vulnerability used against security researchers, not yet fixed by Microsoft, today received a micropatch that prevents exploitation. An MHT file, or MIME HTML, is a special file format used by Internet Explorer to store a web page and its resources in a single archive file.

We delve into Google's tight-lipped Chrome bugfix, explain how a Belgian researcher awarded himself 111,848 cups of coffee, and discuss the audacious but thankfully temporary theft of the Perl.com domain. WHERE TO FIND THE PODCAST ONLINE. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher, Overcast and anywhere that good podcasts are found.

Microsoft has plugged 56 security holes, including one actively exploited privilege escalation flaw. Adobe has released security updates for Acrobat and Reader, Dreamweaver, Photoshop, Illustrator, Animate, and the Magento CMS. Out of all of those, the Acrobat and Reader updates should be tested and deployed as soon as possible, as they fix a bucketload of critical and important issues in widely used solutions, including one bug that is being exploited in "Limited" attacks on Reader for Windows.

Today is Microsoft's February 2021 Patch Tuesday, so please be buy your Windows administrators some snacks to keep their energy up throughout the day. With today's update, Microsoft has fixed for 56 vulnerabilities, with eleven classified as Critical, two as Moderate, and 43 as Important.

The more complex a system and the more predictable the response in general the more fragile it is to unintended input or exceptions at it's outputs. The undeniable issue is humans realy "Learn by doing" or more politely "Experience".