Hackers can abuse Microsoft Office executables to download malware
The list of LOLBAS files – legitimate binaries and scripts present in Windows that can be abused for malicious purposes, will soon include the main…
Category: Bleeping Computer
Fake FlipperZero sites promise free devices after completing offer
A site impersonating Flipper Devices promises a free Flipper Zero after completing an offer but only leads to shady browser extensions and scam sites. Flipper…
Ivanti discloses new critical auth bypass bug in MobileIron Core
IT software company Ivanti disclosed today a new critical security vulnerability in its MobileIron Core mobile device management software. Tracked as CVE-2023-35082, the flaw is…
Russian hackers target govt orgs in Microsoft Teams phishing attacks
Microsoft says a hacking group tracked as APT29 and linked to Russia’s Foreign Intelligence Service (SVR) targeted dozens of organizations worldwide, including government agencies, in…
Over 640 Citrix servers backdoored with web shells in ongoing attacks
Hundreds of Citrix Netscaler ADC and Gateway servers have already been breached and backdoored in a series of attacks targeting a critical remote code execution…
New Collide+Power side-channel attack impacts almost all CPUs
A new software-based power side-channel attack called ‘Collide+Power’ was discovered, impacting almost all CPUs and potentially allowing data to leak. However, the researchers warn that…
Outage causing connection errors, blurry images
Slack is investigating an ongoing incident preventing users from accessing the instant messaging platform and making shared images blurry for those already logged in. Users…
Amazon’s AWS SSM agent can be used as post-exploitation RAT malware
Researchers have discovered a new post-exploitation technique in Amazon Web Services (AWS) that allows hackers to use the platform’s System Manager (SSM) agent as an…
Hackers exploited Salesforce zero-day in Facebook phishing attack
Hackers exploited a zero-day vulnerability in Salesforce’s email services and SMTP servers to launch a sophisticated phishing campaign targeting valuable Facebook accounts. The attackers chained…
Why Every Security Practitioner Should Attend mWISE
What’s in store for mWISE 2023? 80+ curated sessions. 90+ hand-picked speakers. 7 session tracks. All the hottest topics in security. It’s taking place September…
Threat actors abuse Google AMP for evasive phishing attacks
Security researchers are warning of increased phishing activity that abuses Google Accelerated Mobile Pages (AMP) to bypass email security measures and get to inboxes of…
Hackers use new malware to breach air-gapped devices in Eastern Europe
Chinese state-sponsored hackers have been targeting industrial organizations with new malware that can steal data from air-gapped systems. Air-gapped systems typically fulfill critical roles and…