BlackLotus UEFI Bootkit Source Code Leaked on GitHub
The source code for the BlackLotus UEFI bootkit has been shared publicly on GitHub, albeit with several modifications compared to the original malware. Designed specifically…
Author: Cybernoz
Source code for BlackLotus Windows UEFI malware leaked on GitHub
The source code for the BlackLotus UEFI bootkit has leaked online, allowing greater insight into a malware that has caused great concern among the enterprise,…
One month after MOVEit: New vulnerabilities found as more victims are named
Although much of the initial panic surrounding the late-May breach of Progress Software’s MOVEit file transfer tool has subsided, Clop – the ransomware operation behind…
[tl;dr sec] #190 – Securely Build on AI, CISA Pen Test repo, Joining Google’s Red Team
I hope you’ve been doing well! 🏋️ Our Gym If you’ve been wanting to improve your fitness but haven’t been sure where to start, I…
Popular WordPress Security Plugin Caught Logging Plaintext Passwords
The All-In-One Security (AIOS) WordPress plugin was found to be logging plaintext passwords from login attempts. Installed on more than one million WordPress sites, the…
Malicious Chrome Extensions Steals Businesses Ads Manager
Cybercriminals are using malicious Chrome extensions to steal Facebook login information in a recent operation. The reports shared by Malwarebytes Labs also stated that sponsored…
Civil society groups call on EU to put human rights at centre of AI Act
Human Rights Watch and 149 other civil society organisaitons are urging European Union (EU) institutions to enhance the protections for people’s fundamental rights in its…
3 Tax Prep Firms Shared ‘Extraordinarily Sensitive’ Data About Taxpayers With Meta, Lawmakers Say
Three large tax preparation firms sent “extraordinarily sensitive” information on tens of millions of taxpayers to Facebook parent company Meta over the course of at…
Armis and Honeywell vulnerability disclosure
Today, Armis and Honeywell have jointly disclosed Crit.IX, 9 new vulnerabilities that Armis researchers found in the Honeywell Experion® DCS platforms (7 of which are…
Apple WebKit Zero-Day Patch Re-Released to Fix Broken Webpages
Apple zero-day vulnerability has been identified that was actively exploited by the threat actors in the wild to break the browsing on some websites and…
White House publishes National Cybersecurity Strategy Implementation Plan
The Biden-Harris Administration’s recently released National Cybersecurity Strategy calls for two fundamental shifts in how the United States allocates roles, responsibilities, and resources in cyberspace:…
Microsoft Zero-Day Vulnerability Exploited For Espionage
A zero-day vulnerability in Microsoft was found being exploited for cyber espionage. CVE-2023-36884 was marked as important for its severity as it could result in…