Microsoft, FireEye Link New Go-based Sunshuttle Malware to SolarWinds Attack

Microsoft, who is now tracking this hacker group as Nobelium, said it discovered three new samples of malware apparently active in some compromised customer networks between August and September 2020.

Several Cisco Products Exposed to DoS Attacks Due to Snort Vulnerability

The flaw, tracked as CVE-2021-1285 and rated high severity, can be exploited by an unauthenticated, adjacent attacker to cause a DoS condition by sending it specially crafted Ethernet frames.

Bug bounty hunter awarded $50,000 for a Microsoft account hijack flaw

The vulnerability is related to the possibility to launch a brute-force attack to guess the seven-digit security code that is sent via email or SMS as a method of verification to reset the password.

Supermicro, Pulse Secure release fixes for 'TrickBoot' attacks

Supermicro and Pulse Secure have released advisories warning that some of their motherboards are vulnerable to the TrickBot malware's UEFI firmware-infecting module, known as TrickBoot.

Windows DNS SIGRed bug gets first public RCE PoC exploit

The flaw was classified by Microsoft as wormable, indicating that malware exploiting it might be able to spread automatically between vulnerable machines on the network with no user interaction.

VMware Patches Remote Code Execution Vulnerability in View Planner

With the release of View Planner 4.6 Security Patch 1 on March 2, VMware fixes CVE-2021-21978, an issue that could allow an attacker to execute code remotely. The bug features a CVSS score of 8.6.

Unpatched Bug in WiFi Mouse App Opens PCs to Attack

The mobile application called WiFi Mouse has an unpatched bug allowing adversaries to hijack desktop computers, according to researcher Christopher Le Roux who found the flaw.

Now-fixed Linux kernel vulnerabilities enabled local privilege escalation (CVE-2021-26708)

Security researcher Alexander Popov has discovered and fixed five similar issues, tracked together as CVE-2021-26708 in the virtual socket implementation of the Linux kernel.

GRUB2 boot loader reveals multiple high severity vulnerabilities

Flaws like these in boot loaders allow circumvention of UEFI Secure Boot, a verification mechanism for ensuring that code executed by a computer's UEFI firmware is trusted and not malicious.

Hackers Using Tricky SEO Technique to Deliver Malware Payloads

Hackers Using Tricky SEO Technique to Deliver Malware Payloads - Cybersecurity news - Malware and Vulnerabilities
Gootloader appears to have expanded its payloads further as it now uses SEO poisoning to deliver an array of malware payloads against users in South Korea, Germany, France, and the U.S.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags