Subscribe
Subscribe to Newsletter

Threats

Stay informed on the latest cybersecurity threats and news to better protect your data, networks, applications, and devices. Our coverage includes emerging vulnerabilities, evolving attack techniques, and the latest security breaches to help you understand and mitigate risks.

  • Microsoft Patch Tuesday Leaves ProxyNotShell Exposed

    Microsoft’s October 2022 Patch Tuesday includes security updates that fix well over 80 vulnerabilities in more than 50 different parts of its product range – but the ProxyNotShell flaws in Exchange Server that were reported last month are not on the list. Key vulnerabilities patched include CVE-2022-41033, a zero-day flaw in the Windows COM+ Event…

  • Vulnerable API Exposes Private npm Packages

    Aqua Nautilus security researchers have revealed that threat actors could perform a timing attack on npm’s API to uncover private packages. The timing attack on the JavaScript package manager can work even if npm returns a 404 error to unauthorized or unauthenticated users who try to request the following endpoint (generic pattern): https://registry.npmjs.org/@<scope_name>/<secret_package_name> A malicious…

  • Ransomware Group Uses Vulnerability to Bypass EDR Products

    The BlackByte ransomware group is actively exploiting a vulnerability in RTCore32.sys and RTCore64.sys, the drivers of a widely used graphic card utility called Micro-Star MSI AfterBurner (version 4.6.2.15658). Recorded as CVE-2019-16098, the flaw allows any authenticated user to read and write to arbitrary memory, I/O ports and model-specific registers (MSRs). Cybercriminals can abuse it to…

  • Russia-linked Hackers Launch DDoS Attacks on U.S. Airport Websites

    A series of distributed denial of service (DDoS) attacks today briefly took down the websites of over a dozen U.S. airports, including those for Atlanta and Los Angeles International Airports. The attacks followed a recent Telegram post by the pro-Kremlin hacker group Killnet listing 46 websites to be targeted. Still, as NBC News noted, some…

  • New MSSQL Backdoor ‘Maggie’ Infects Hundreds of Servers Worldwide

    DCSO CyTec researchers Johann Aydinbas and Axel Wauer are warning of new backdoor malware they’re calling “Maggie,” which targets Microsoft SQL servers. Maggie, the researchers say, has already affected at least 285 servers in 42 countries, with a particular focus on South Korea, India, Vietnam, China, and Taiwan. The malware offers a wide range of…

  • Microsoft’s Fix Fails to Patch ProxyNotShell RCE Flaws

    After Microsoft published guidance on mitigating the two remote code execution flaws uncovered last week by Vietnamese security firm GTSC, it seems the mitigations Microsoft suggested weren’t as effective as the company had hoped. Over the weekend, Vietnamese security researcher Jang warned, “The URL pattern to detect/prevent the Exchange 0day provided in MSRC’s blog post…

  • ZINC Hackers Leverage Open-source Software to Lure IT Pros

    ZINC, a sub-group of the notorious North Korean Lazarus hacking group, has implanted malicious payloads in open-source software to infiltrate corporate networks, Microsoft’s threat hunting team has reported. PuTTY, KiTTY, TightVNC, Sumatra PDF Reader, and the muPDF/Subliminal Recording software installer have been backdoored to perform a wide range of social engineering campaigns that started in…

  • Symantec, GTSC Warn of Active Microsoft Exploits

    Vietnamese security firm GTSC published a blog post this week warning of a new zero-day remote code execution (RCE) flaw in Microsoft Exchange Server, which it said has been actively exploited at least since early August. GTSC submitted the vulnerability to the Zero Day Initiative, which verified two flaws on September 8 and 9: ZDI-CAN-18333…

  • Unpatched Python Library Affects More Than 300,000 Open Source Projects

    Trellix security researchers have revealed a major vulnerability in the Python tarfile library that could be exploited in software supply chain attacks. The researchers believe it could be used against organizations at scale, which could lead to attacks as serious as the one that hit SolarWinds two years ago. Perhaps more troubling is that the…

  • Ransomware Groups Turn to Intermittent Encryption to Speed Attack Times

    During a cyberattack, time is of the essence for both attackers and defenders. To accelerate the ransomware encryption process and make it harder to detect, cybercriminal groups have begun using a new technique: intermittent encryption. Intermittent encryption allows the ransomware encryption malware to encrypt files partially or only encrypt parts of the files. The features…

Get the free newsletter

Subscribe to Cybersecurity Insider for top news, trends & analysis

This field is required This field is required

IT Security Resources

Top Cybersecurity Companies

See Full List