Windows Update downgrade attack “unpatches” fully-updated systems
SafeBreach security researcher Alon Leviev revealed at Black Hat 2024 that two zero-days could be exploited in downgrade attacks to “unpatch” fully updated Windows 10, Windows 11, and Windows Server systems and reintroduce old vulnerabilities. Microsoft issued advisories on the two unpatched zero-days (tracked as CVE-2024-38202 and CVE-2024-21302) in coordination with the Black Hat talk, […]
macOS Sequoia brings better Gatekeeper, stalkerware protections
Apple’s macOS Sequoia, now in beta testing, will make it harder to bypass Gatekeeper warnings and add system alerts for potential stalkerware threats. Gatekeeper is a security feature that checks all apps downloaded from the Internet to see if they’re developer-signed (approved by Apple) and notarized by checking an extended attribute named com.apple.quarantine that is […]
Critical Progress WhatsUp RCE flaw now under active exploitation
Threat actors are actively attempting to exploit a recently fixed Progress WhatsUp Gold remote code execution vulnerability on exposed servers for initial access to corporate networks. The vulnerability leveraged in these attacks is CVE-2024-4885, a critical-severity (CVSS v3 score: 9.8) unauthenticated remote code execution flaw impacting Progress WhatsUp Gold 23.1.2 and older. Proof-of-concept (PoC) exploits for CVE-2024-4885 are […]
Microsoft 365 anti-phishing feature can be bypassed with CSS
Researchers have demonstrated a method to bypass an anti-phishing measure in Microsoft 365 (formerly Office 365), elevating the risk of users opening malicious emails. Specifically, the anti-phishing measure that can be hidden is the ‘First Contact Safety Tip,’ which warns email recipients on Outlook when they receive a message from an unfamiliar address. Certitude analysts who discovered […]
INTERPOL recovers over $40 million stolen in a BEC attack
A global stop-payment mechanism created by INTERPOL successfully recovered over $40 million stolen in a BEC attack on a company in Singapore. INTERPOL says this is the largest recovery of funds stolen through a business email compromise (BEC) scam. BEC scams are a type of cyberattack in which cybercriminals attempt to redirect legitimate corporate payments to an […]
Samsung to pay $1,000,000 for RCEs on Galaxy’s secure vault
Samsung has launched a new bug bounty program for its mobile devices with rewards of up to $1,000,000 for reports demonstrating critical attack scenarios. The new ‘Important Scenario Vulnerability Program (ISVP)’ program focuses on vulnerabilities related to arbitrary code execution, the unlocking of devices, data extraction, arbitrary application installation, and bypassing device protections. Highlighted payouts […]
New LianSpy malware hides by blocking Android security feature
A previously undocumented Android malware named ‘LightSpy’ has been discovered targeting Russian users, posing on phones as an Alipay app or a system service to evade detection. Analysis shows that LianSpy has been actively targeting Android users since July 2021, but its extensive stealth capabilities helped it remain undetected for over three years. Kaspersky researchers […]
Intel Will Provide 2-Year Extended Warranty on OEMs & Tray 14th/13th Gen CPUs Too
Intel recently extended the warranty of its boxed 14th & 13th Gen CPUs by 2 years but we have just learned that they will also include OEMs & Tray CPUs to the list too. Intel Won’t Limit 2-Year Warranty Extension To Just Boxed 14th & 13th Gen CPUs, Also Coming To OEMs & Tray Chips […]
Gaming mini-PC looks like a laptop without a screen — AtomMan G7 Ti packs Core i9-14900HX CPU, RTX 4070 Mobile GPU, and up to 96GB RAM
This week, Minisforum launched another AtomMan-branded mini-PC for pre-orders: the AtomMan G7 Ti and its G7 Ti SE counterpart. This mini-PC is so slim that it has also been compared to a laptop without a screen. Internally, the machine has the mobile versions of Intel’s 14th Generation Core i9-14900HX or Core i7-14650HX CPUs and an RTX 4070 […]
Valve is working on Project White Sands; everybody thinks it’s Half-Life 3
The latest round of Half-Life 3 rumors seem to have started with a voice actor spilling the beans accidentally, followed by corroboration via data mining. However, it actually was the other way around, so we’ll start chronologically. According to data miner Tyler McVicker, work on the next Half-Life game started just after the release of […]