Microsoft Warns of Kremlin-Backed APT28 Exploiting Critical Outlook Vulnerability

Dec 05, 2023NewsroomEmail Security / Vulnerability Microsoft on Monday said it detected Kremlin-backed nation-state activity exploiting a critical security flaw in its Outlook email service to gain unauthorized access to victims’ accounts within Exchange servers. The tech giant attributed the intrusions to a threat actor it called Forest Blizzard (formerly Strontium), which is also widely […]

Continue Reading

Uber shares pop as company is slated to join S&P 500

Uber CEO, Dara Khosrowshahi speaks during the “Intentional Equity in Sustainability” conversation at the Asia-Pacific Economic Cooperation (APEC) Leaders’ Week in San Francisco, California, on November 15, 2023. Andrew Caballero-Reynolds | AFP | Getty Images Shares of Uber rose more than 5% on Monday after S&P Dow Jones Indices announced Friday that the ride-hailing company […]

Continue Reading

New BLUFFS Bluetooth Attack Expose Devices to Adversary-in-the-Middle Attacks

Dec 04, 2023NewsroomEncryption / Technology New research has unearthed multiple novel attacks that break Bluetooth Classic’s forward secrecy and future secrecy guarantees, resulting in adversary-in-the-middle (AitM) scenarios between two already connected peers. The issues, collectively named BLUFFS, impact Bluetooth Core Specification 4.2 through 5.4. They are tracked under the identifier CVE-2023-24023 (CVSS score: 6.8) and […]

Continue Reading

New P2PInfect Botnet MIPS Variant Targeting Routers and IoT Devices

Dec 04, 2023NewsroomMalware / Botnet Cybersecurity researchers have discovered a new variant of an emerging botnet called P2PInfect that’s capable of targeting routers and IoT devices. The latest version, per Cado Security Labs, is compiled for Microprocessor without Interlocked Pipelined Stages (MIPS) architecture, broadening its capabilities and reach. “It’s highly likely that by targeting MIPS, […]

Continue Reading

LogoFAIL: UEFI Vulnerabilities Expose Devices to Stealth Malware Attacks

Dec 04, 2023NewsroomTechnology / Firmware Security The Unified Extensible Firmware Interface (UEFI) code from various independent firmware/BIOS vendors (IBVs) has been found vulnerable to potential attacks through high-impact flaws in image parsing libraries embedded into the firmware. The shortcomings, collectively labeled LogoFAIL by Binarly, “can be used by threat actors to deliver a malicious payload […]

Continue Reading

Microsoft Warns of Malvertising Scheme Spreading CACTUS Ransomware

Dec 04, 2023NewsroomRansomware / Cyber Attack Microsoft has warned of a new wave of CACTUS ransomware attacks that leverage malvertising lures to deploy DanaBot as an initial access vector. The DanaBot infections led to “hands-on-keyboard activity by ransomware operator Storm-0216 (Twisted Spider, UNC2198), culminating in the deployment of CACTUS ransomware,” the Microsoft Threat Intelligence team […]

Continue Reading