Security
Stay informed with the latest developments in cybersecurity through our Security category. Discover in-depth news, analysis, and updates on emerging cyber threats, malware incidents, and major data breaches. Whether you’re a cybersecurity professional or just keen on protecting your digital footprint, find insights and trends that are shaping the future of online security here.
Malware force-installs Chrome extensions on 300,000 browsers, patches DLLs
An ongoing and widespread malware campaign force-installed malicious Google Chrome and Microsoft Edge browser extensions in over 300,000 browsers, modifying the browser’s executables to hijack homepages and steal browsing history. The installer and extensions, which are usually undetected by antivirus tools, are designed to steal data and execute commands on infected devices. The campaign was discovered by […]
Microsoft discloses unpatched Office flaw that exposes NTLM hashes
Microsoft has disclosed a high-severity vulnerability affecting Office 2016 that could expose NTLM hashes to a remote attacker. Tracked as CVE-2024-38200, this security flaw is caused by an information disclosure weakness that enables unauthorized actors to access protected information. It impacts multiple 32-bit and 64-bit Office versions, including Office 2016, Office 2019, Office LTSC 2021, and […]
New AMD SinkClose flaw helps install nearly undetectable malware
AMD is warning about a high-severity CPU vulnerability named SinkClose that impacts multiple generations of its EPYC, Ryzen, and Threadripper processors. The vulnerability allows attackers with Kernel-level (Ring 0) privileges to gain Ring -2 privileges and install malware that becomes nearly undetectable. Ring -2 is one of the highest privilege levels on a computer, running […]
Good Security Tips For Protecting Your Laptop from Theft
Protecting your laptop from theft is important. Strong passwords, encrypted data, and never leaving your laptop unattended in public are key. Use physical security measures, software protection, and stay vigilant to reduce the risk of theft. Prevention is key, so take simple steps like using a laptop lock in public, installing tracking software, and backing […]
CSC ServiceWorks discloses data breach after 2023 cyberattack
CSC ServiceWorks, a leading provider of commercial laundry services and air vending solutions, has disclosed a data breach after the personal information of an undisclosed number of individuals was exposed in a 2023 cyberattack. The company discovered the incident on February 4, 2024, after detecting unusual activity on its network. Subsequently, external cybersecurity experts hired […]
Russia blocks Signal for ‘violating’ anti-terrorism laws
Russia’s telecommunications watchdog Roskomnadzor has restricted access to the Signal encrypted messaging service for what it describes as violations of Russian anti-terrorism and anti-extremism legislation. “User access to the messenger Signal is restricted due to violations of the requirements of the Russian legislation whose fulfillment is necessary to prevent the use of the messenger for […]
US dismantles laptop farm used by undercover North Korean IT workers
The U.S. Justice Department arrested a Nashville man charged with helping North Korean IT workers obtain remote work at companies across the United States and operating a laptop farm they used to pose as U.S.-based individuals. Matthew Isaac Knoot, 38, helped North Koreans use a stolen identity to pose as Andrew M., a U.S. citizen, […]
Cisco warns of critical RCE zero-days in IP phones
Cisco is warning of multiple critical remote code execution zero-days in the web-based management interface of the end-of-life Small Business SPA 300 and SPA 500 series IP phones. The vendor has not made fixes available for these devices and shared no mitigation tips, so users of those products will have to move to newer and […]
CISA warns about actively exploited Apache OFBiz RCE flaw
The U.S. Cybersecurity & Infrastructure Security Agency is warning of two vulnerabilities exploited in attacks, including a path traversal impacting Apache OFBiz. Apache OFBiz (Open For Business) is a popular open-source enterprise resource planning (ERP) system that provides a suite of business applications to manage various aspects of an organization. Due to its versatility and […]
Exploit released for Cisco SSM bug allowing admin password changes
Cisco warns that exploit code is now available for a maximum severity vulnerability that lets attackers change any user password on unpatched Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers. As a Cisco Smart Licensing component, Cisco SSM On-Prem helps manage accounts and product licenses on an organization’s environment using a dedicated dashboard […]