malware

Vulnerabilities

Issued by: Security Week

The ESET discovery is the second real-world UEFI bootkit to be publicly documented in recent weeks, following Kaspersky’s report on a new Windows UEFI bootloader fitted into the FinSpy surveillance spyware product. According to ESET researchers Anton Cherepanov and Martin Smolar, the malware has evaded detection for almost a decade and was engineered to bypass…

Mobile Security

Issued by: Security Week

This is the 16th documented in-the-wild zero-day exploitation of security defects in Apple’s iOS and macOS platforms so far this year. “Apple is aware of reports that an exploit for this issue exists in the wild,” the company said without elaborating. No other details of IOCs (indicators of compromise) were provided. The Cupertino, Calif. software…

Malware & Threats

Issued by: Security Week

Microsoft’s guidance was published just as researchers noticed that one of the vulnerabilities is already being exploited in the wild. It appears that the Mirai botnet is attempting to compromise vulnerable systems and that it also closes port 5896 (OMI SSL port) to keep other attackers out. An open-source Web-Based Enterprise Management (WBEM) implementation, OMI…

Vulnerabilities

Issued by: Security Week

An attacker could exploit the vulnerability – tracked as CVE-2021-40346 (CVSS score of 8.6) – to bypass duplicate HTTP Content-Length header checks. Thus, the attacker could smuggle HTTP requests to the backend server without the proxy server noticing it, or launch a response-splitting attack. “Our analysis confirmed that the duplication is achieved by making use…

Malware & Threats

Issued by: Security Intelligence

The cybersecurity world is still feeling the effects of the 2017 WannaCry ransomware attack today. While the majority of the damage occurred in the weeks after May 12, 2017, WannaCry ransomware attacks actually increased 53% from January 2021 to March 2021. While researching my in-depth article WannaCry: How the Widespread Ransomware Changed Cybersecurity, I learned…

Network Security

Issued by: CyberArk Blog

U.S.-based education institutions continue to grapple with major challenges brought by the pandemic: the largest enrollment decline seen in a decade, swirling controversy over reopening physical classrooms, outmoded IT infrastructure that’s sagging under the pressure of digital teaching and learning, and near-crippling financial constraints. As the new school year begins, cyber attackers are expected to…

Malware & Threats

Issued by: Help Net Security

Abnormal Security released a report which examines the escalating adverse impact of socially-engineered and never-seen-before email attacks, and other advanced email threats—both financial and reputational—to organizations worldwide. The report surveyed advanced email attacks across eight major industry sectors, including retail and consumer goods; manufacturing; technology; energy and infrastructure services; medical; media and television; finance; and…

Malware & Threats

Issued by: Security Intelligence

Data breaches like ransomware can be catastrophic for some businesses. Not only do affected organizations lose revenue from the downtime that occurs during the incident, the post-breach costs can be significant. These costs can include everything from the time and resources it takes to detect how the compromise occurred and remediate the actual threat to…