Windows 11 ‘ThemeBleed’ RCE bug gets proof-of-concept exploit
Proof-of-concept exploit code has been published for a Windows Themes vulnerability tracked as CVE-2023-38146 that allows remote attackers to execute code. The security issue is also…
Month: September 2023
A One-Two Punch for Security ROI
Traditionally, as an industry, we rely heavily on metrics like the cost of a data breach as a tool to discuss return on investment (ROI).…
Manchester Police officers’ data exposed in ransomware attack
United Kingdom’s Greater Manchester Police (GMP) said earlier today that some of its employees’ personal information was impacted by a ransomware attack that hit a…
Two Ransomware Attack Stories currently trending on Google
In a recent development, Greater Manchester Police (GMP) officers have fallen victim to a highly sophisticated cyberattack. This attack targeted a technology provider and resulted…
Attackers hit software firm Retool to get to crypto companies and assets
Retool, the company behind the popular development platform for building internal business software, has suffered a breach that allowed attackers to access and take over…
Microsoft Uncovers Flaws in ncurses Library Affecting Linux and macOS Systems
Sep 14, 2023THNEndpoint Security / Vulnerability A set of memory corruption flaws have been discovered in the ncurses (short for new curses) programming library that…
[tl;dr sec] #199 – Supply Chain Security Overview, Container Escapes, AI + Cybersecurity
I hope you’ve been doing well! I’ve got a few exciting announcements this week. Come join my buds Tanya Janca and Leif Dreizler for a…
Data on over 3,000 Airbus suppliers leaked after breach
A threat actor and alleged ransomware operator going by the alias USDoD has leaked data on over 3,000 suppliers of aviation giant Airbus after supposedly…
ICS Computers in Western Countries See Increasing Attacks: Report
Industrial control system (ICS) computers in the Western world have been increasingly attacked, but the percentages are still smaller compared to other parts of the…
Fake Cisco Webex Google Ads abuse tracking templates to push malware
Threat actors use Google Ads tracking templates as a loophole to create convincing Webex software search ads that redirect users to websites that distribute the…
Free Download Manager Site Compromised to Distribute Linux Malware to Users for 3+ Years
Sep 14, 2023THNSupply Chain / Malware A download manager site served Linux users malware that stealthily stole passwords and other sensitive information for more than…
Kubernetes Vulnerability Leads to Remote Code Execution
A high-severity vulnerability in Kubernetes can be exploited to achieve remote code execution (RCE) on all Windows endpoints within the cluster, Akamai’s security researchers warn.…