Search Results for: AI
Critical Progress WhatsUp RCE flaw now under active exploitation
Threat actors are actively attempting to exploit a recently fixed Progress WhatsUp Gold remote code execution vulnerability on exposed servers for initial access to corporate networks. The vulnerability leveraged in these attacks is CVE-2024-4885, a critical-severity (CVSS v3 score: 9.8) unauthenticated remote code execution flaw impacting Progress WhatsUp Gold 23.1.2 and older. Proof-of-concept (PoC) exploits for CVE-2024-4885 are […]
Microsoft 365 anti-phishing feature can be bypassed with CSS
Researchers have demonstrated a method to bypass an anti-phishing measure in Microsoft 365 (formerly Office 365), elevating the risk of users opening malicious emails. Specifically, the anti-phishing measure that can be hidden is the ‘First Contact Safety Tip,’ which warns email recipients on Outlook when they receive a message from an unfamiliar address. Certitude analysts who discovered […]
INTERPOL recovers over $40 million stolen in a BEC attack
A global stop-payment mechanism created by INTERPOL successfully recovered over $40 million stolen in a BEC attack on a company in Singapore. INTERPOL says this is the largest recovery of funds stolen through a business email compromise (BEC) scam. BEC scams are a type of cyberattack in which cybercriminals attempt to redirect legitimate corporate payments to an […]
Samsung to pay $1,000,000 for RCEs on Galaxy’s secure vault
Samsung has launched a new bug bounty program for its mobile devices with rewards of up to $1,000,000 for reports demonstrating critical attack scenarios. The new ‘Important Scenario Vulnerability Program (ISVP)’ program focuses on vulnerabilities related to arbitrary code execution, the unlocking of devices, data extraction, arbitrary application installation, and bypassing device protections. Highlighted payouts […]
New LianSpy malware hides by blocking Android security feature
A previously undocumented Android malware named ‘LightSpy’ has been discovered targeting Russian users, posing on phones as an Alipay app or a system service to evade detection. Analysis shows that LianSpy has been actively targeting Android users since July 2021, but its extensive stealth capabilities helped it remain undetected for over three years. Kaspersky researchers […]
Intel Will Provide 2-Year Extended Warranty on OEMs & Tray 14th/13th Gen CPUs Too
Intel recently extended the warranty of its boxed 14th & 13th Gen CPUs by 2 years but we have just learned that they will also include OEMs & Tray CPUs to the list too. Intel Won’t Limit 2-Year Warranty Extension To Just Boxed 14th & 13th Gen CPUs, Also Coming To OEMs & Tray Chips […]
Gaming mini-PC looks like a laptop without a screen — AtomMan G7 Ti packs Core i9-14900HX CPU, RTX 4070 Mobile GPU, and up to 96GB RAM
This week, Minisforum launched another AtomMan-branded mini-PC for pre-orders: the AtomMan G7 Ti and its G7 Ti SE counterpart. This mini-PC is so slim that it has also been compared to a laptop without a screen. Internally, the machine has the mobile versions of Intel’s 14th Generation Core i9-14900HX or Core i7-14650HX CPUs and an RTX 4070 […]
Valve is working on Project White Sands; everybody thinks it’s Half-Life 3
The latest round of Half-Life 3 rumors seem to have started with a voice actor spilling the beans accidentally, followed by corroboration via data mining. However, it actually was the other way around, so we’ll start chronologically. According to data miner Tyler McVicker, work on the next Half-Life game started just after the release of […]
Google fixes Android kernel zero-day exploited in targeted attacks
Android security updates this month patch 46 vulnerabilities, including a high-severity remote code execution (RCE) exploited in targeted attacks. The zero-day, tracked as CVE-2024-36971, is a use after free (UAF) weakness in the Linux kernel’s network route management. It requires System execution privileges for successful exploitation and allows altering the behavior of certain network connections. Google says that “there […]
Ransomware gang targets IT workers with new SharpRhino malware
The Hunters International ransomware group is targeting IT workers with a new C# remote access trojan (RAT) called SharpRhino to breach corporate networks. The malware helps Hunters International achieve initial infection, elevate their privileges on compromised systems, execute PowerShell commands, and eventually deploy the ransomware payload. Quorum Cyber researchers who discovered the new malware report that it […]