File this away under "good news, bad news." The bad news is that there's a new, critical zero-day threat to be concerned about. The threat has been dubbed 'Follina.' It is being tracked as CVE-2022-30190 and is being described by Microsoft as an MSDT (Microsoft Windows Support Diagnostic Tool) remote code execution flaw that impacts all version of windows still...
Are you planning on setting up an Exchange server soon or are you running one now? If so, be aware that Microsoft is changing their guidance when it comes to the technology and specifically running a server on-premises. Two years ago, the Redmond giant announced that the next versions of their Skype for Business Server, Project Server, SharePoint Server, and...
Unless you're an IT Security Professional, you may never have heard of EnemyBot. It is a bit like the Frankenstein of malware threats, a botnet that has borrowed code from multiple different sources. While that's not terribly original, it does make it dangerous. The hackers behind the code are actively adding new exploits as newly disclosed critical vulnerabilities come to...
If you're deeply involved in IT security, you may already be familiar with the ERMAC Android banking trojan. If this is the first time you're hearing of it, be aware that the hackers who authored the malicious code have recently released ERMAC 2.0, which represents a significant upgrade in capabilities from the previous iteration. ERMAC's main purpose is to steal...
Are you one of the legions of users making use of the Screencastify Chrome extension? It's a fantastic Chrome extension that allows you to almost effortlessly create screencasts for a variety of purposes. Unfortunately, the web extension also suffers from a critical security vulnerability that allows attackers to take control of a user's webcam and steal recorded videos. The cross-site...
Are you a Google Chrome user? If so, be aware that the company recently released a stable version of Chrome 102 and is urging all users of its browser to update right away. The latest release contains a total of 32 security fixes on Windows, Mac and Linux. Of the 32 flaws addressed, eight are high-severity, nine are medium, seven...
Do you own a Chevrolet, Buick, GMC, or Cadillac? If so, be aware that GM recently acknowledged that they fell victim to a credential stuffing attack a little over a month ago. The attack exposed some customer information to the attackers and allowed them to redeem an undisclosed number of rewards points for gift cards. The company said that they...
Are you a Windows 11 early adopter? If so, you'll want to grab the latest update KB5014019. It contains several important bug fixes including fixes for Direct3D app crashing issues, slow file copying issues, and an issue with the TPM (Trusted Platform Module) driver. Some users have reported the TPM driver was dramatically increasing system startup time. In addition to...
A browser hijacker called "ChromeLoader" has had a large uptick in detections this month, which is raising eyebrows among security professionals. ChromeLoader can modify a victim's web browser settings to show search results that promote unwanted (and usually spammy) software, annoying pop-up ads, fake giveaways, adult games, dating sites, surveys, and the like. As malware goes, there are far worse...
HTML attachments as an attack vector may seem a little old school. However, according to statistics compiled by Kaspersky Lab indicates that in 2022, that form of attack is not just simply still being employed, but hackers are making surprisingly regular use of it. The security company detected more than two million emails of this kind targeting Kaspersky customers in...
