ITCurated, Author at Cyber Security Minute

Qualcomm Releases Patch for 3 new Zero-Days Under Active Exploitation

Issued by: The Hacker News

Chipmaker Qualcomm has released security updates to address 17 vulnerabilities in various components, while warning that three other zero-days have come under active exploitation. Of the 17 flaws, three are rated Critical, 13 are rated High, and one is rated Medium in severity. “There are indications from Google Threat Analysis Group and Google Project Zero…

Malware & Threats

Fast-Growing Dropbox Campaign Steals Microsoft SharePoint Credentials

Issued by: Dark Reading

Threat actors are using messages sent from Dropbox to steal Microsoft user credentials in a fast-growing business email compromise (BEC) campaign. The effort evades natural language processing (NLP)-based security scans, and demonstrates the rapid evolution of these types of attacks. Researchers at Check Point Harmony observed more than 5,000 of the attacks — in which…

Malware & Threats

KillNet Claims DDoS Attack Against Royal Family Website

Issued by: Dark Reading

The official website of the UK royal family was subject to a distributed denial-of-service (DDoS) attack on the morning of Sunday, Oct. 1, thanks to pro-Russian hacktivists. The resulting downtime for royal.uk began around 10 a.m. BST, and only lasted for around 90 minutes. As of this writing, though, visitors to the site are still…

Network Security

Addressing AI and Security Challenges With Red Teams: A Google Perspective

Issued by: Dark Reading

In our digital world, the security landscape is in a constant state of flux. Advances in artificial intelligence (AI) will trigger a profound shift in this landscape, and we must be prepared to address the security challenges associated with new frontiers of AI innovation in a responsible way. At Google, we’re acutely aware of these…

Malware & Threats

Cybercriminals Using New ASMCrypt Malware Loader Flying Under the Radar

Issued by: The Hacker News

Threat actors are selling a new crypter and loader called ASMCrypt, which has been described as an “evolved version” of another loader malware known as DoubleFinger. “The idea behind this type of malware is to load the final payload without the loading process or the payload itself being detected by AV/EDR, etc.,” Kaspersky said in…

Malware & Threats

Breach Roundup: Johnson Controls Suffers Ransomware Attack

Issued by: DataBreach Today

Johnson Controls Suffers Ransomware Attack Global smart building and security systems maker Johnson Controls faces a major cybersecurity incident, it disclosed in a regulatory filing. “The incident has caused, and is expected to continue to cause, disruption to parts of the Company’s business operations,” it told the U.S. Securities and Exchange Commission. Bleeping Computer reports…

Vulnerabilities

Progress Software Patches Critical Pre-Auth Flaws in WS_FTP Server Product

Issued by: SecurityWeek

An urgent bulletin from the Burlington, Mass. company documented at least eight security defects that could be exploited remotely and urged business customers to immediately upgrade to WS_FTP Server 2020.0.4 (8.7.4) and WS_FTP Server 2022.0.2 (8.8.2). Progress Software said two of the vulnerabilities — CVE-2023-40044 and CVE-2023-40045 — are rated critical because of the risk…

Malware & Threats

Chinese Hackers Target Routers in IP Theft Campaign

Issued by: DataBreach Today

A Chinese hacking group linked to state authorities in Beijing has upgraded its espionage capabilities to target companies with headquarters in the United States and East Asia, warned an alert from Japanese and American cyber agencies. The latest campaign from BlackTech has targeted networks of regional subsidiaries across government, industrial, technology and defense industrial base…

Application Security

Microsoft Adds Passkeys to Windows 11

Issued by: Dark Reading

In a major update to its Windows 11 operating system this week, Microsoft has integrated Passkeys alongside Windows Hello, its biometric authentication tool. Passkeys creates a unique credential that allows users to authenticate with their face, fingerprint, or a PIN in a more secure process than the traditional password. Microsoft’s passkeys will be available on…