Lenovo fixed two high-severity flaws impacting various laptop models that could allow an attacker to deactivate UEFI Secure Boot. Lenovo has released security updates to address a couple of high-severity vulnerabilities impacting various ThinkBook, IdeaPad, and Yoga laptop models. An attacker can exploit the flaws to disable UEFI Secure Boot. Secure Boot is a security feature […]
Google Project Zero researchers reported that a surveillance vendor is using three Samsung phone zero-day exploits. Google Project Zero disclosed three Samsung phone vulnerabilities, tracked as CVE-2021-25337, CVE-2021-25369 and CVE-2021-25370, that have been exploited by a surveillance company. The three issues are: The researchers pointed out that the surveillance firm included in its spyware the […]
Experts noticed that the Amadey malware is being used to deploy LockBit 3.0 ransomware on compromised systems. Researchers from AhnLab Security Emergency Response Center (ASEC) reported that the Amadey malware is being used to deploy LockBit 3.0 ransomware on compromised systems, researchers have warned. Amadey Bot is a data-stealing malware that was first spotted in 2018, it also allows […]
Microsoft Patch Tuesday updates for November 2022 addressed 64 vulnerabilities, including six actively exploited zero-days. Microsoft Patch Tuesday updates for November 2022 addressed 64 new vulnerabilities in Microsoft Windows and Windows Components; Azure and Azure Real Time Operating System; Microsoft Dynamics; Exchange Server; Office and Office Components; SysInternals; Visual Studio; SharePoint Server; Network Policy Server […]
VMware address three critical bugs in the Workspace ONE Assist solution that allow remote attackers to bypass authentication and elevate privileges. VMware has released security updates to address three critical vulnerabilities impacting the Workspace ONE Assist product. Remote attackers can exploit the vulnerabilities to bypass authentication and elevate privileges to admin. Workspace ONE Assist allows […]
Citrix released security updates to address a critical authentication bypass vulnerability in Citrix ADC and Citrix Gateway. Citrix is urging customers to install security updates to address a critical authentication bypass issue, tracked as CVE-2022-27510, in Citrix ADC and Citrix Gateway. The company addressed the following three vulnerabilities: “Note that only appliances that are operating […]
Researchers observed a SmokeLoader campaign that is distributing a new clipper malware dubbed Laplas Clipper that targets cryptocurrency users. Cyble researchers uncovered a SmokeLoader campaign that is distributing community malware, such as SystemBC and Raccoon Stealer 2.0, along with a new clipper malware tracked as Laplas. The experts detected more than 180 different samples of the clipper […]
Australian health insurer Medibank confirmed that personal data belonging to around 9.7 million current and former customers were exposed as a result of a ransomware attack. Medibank announced that personal data belonging to around 9.7M of current and former customers were exposed as a result of a recent ransomware attack. Medibank is one of the […]
The U.S. Department of Justice condemned James Zhong, a hacker who stole 50,000 bitcoins from the Silk Road dark net marketplace. The US Department of Justice announced that a man from Georgia, James Zhong, has pleaded guilty to wire fraud after stealing more than 50,000 bitcoins from the Silk Road. Zhong pled guilty to money […]
Threats actors calling themselves “Justice Blade” published leaked data from an outsourcing IT vendor. The group of threat actors calling themselves ‘Justice Blade’ published leaked data from Smart Link BPO Solutions, an outsourcing IT vendor working with major enterprises and government agencies in the Kingdom of Saudi Arabia and other countries in the GCC. The […]