Lifeboat Foundation

A relatively new malware called Latrodectus is believed to be an evolution of the IcedID loader, seen in malicious email campaigns since November 2023.

The malware was spotted by researchers at Proofpoint and Team Cymru, who worked together to document its capabilities, which are still unstable and experimental.

IcedID is a malware family first identified in 2017 that was originally classified as a modular banking trojan designed to steal financial information from infected computers. Over time, it became more sophisticated, adding evasion and command execution capabilities.

Recent high-profile malware attacks teach us lessons on limiting malware risks at organizations. Learn more from Blink Ops about what these attacks taught us.

Newly discovered HTTP/2 protocol vulnerabilities called “CONTINUATION Flood” can lead to denial of service (DoS) attacks, crashing web servers with a single TCP connection in some implementations.

HTTP/2 is an update to the HTTP protocol standardized in 2015, designed to improve web performance by introducing binary framing for efficient data transmission, multiplexing to allow multiple requests and responses over a single connection, and header compression to reduce overhead.

The new CONTINUATION Flood vulnerabilities were discovered by researcher Barket Nowotarski, who says that it relates to the use of HTTP/2 CONTINUATION frames, which are not properly limited or checked in many implementations of the protocol.

The U.S. Department of Homeland Security’s Cyber Safety Review Board (CSRB) has released a scathing report on how Microsoft handled its 2023 Exchange Online attack, warning that the company needs to do better at securing data and be more truthful about how threat actors stole an Azure signing key.

Microsoft believes that last May’s Exchange Online hack is linked to a threat actor known as ‘Storm-0558’ stealing an Azure signing key from an engineer’s laptop that was previously compromised by the hackers at an acquired company.

Storm-0558 is a cyberespionage actor affiliated with China that has been active for more than two decades targeting a wide range of organizations.

A premium WordPress plugin named LayerSlider, used in over one million sites, is vulnerable to unauthenticated SQL injection, requiring admins to prioritize applying security updates for the plugin.

LayerSlider is a versatile tool for creating responsive sliders, image galleries, and animations on WordPress sites, allowing users to build visually appealing elements with dynamic content on online platforms.

Researcher AmrAwad discovered the critical (CVSS score: 9.8) flaw, tracked as CVE-2024–2879, on March 25, 2024, and reported it to WordPress security firm Wordfence via its bug bounty program. For his responsible reporting, AmrAwad received a bounty of $5,500.

Google has fixed another zero-day vulnerability in the Chrome browser, which was exploited by security researchers during the Pwn2Own hacking contest last month.

Tracked as CVE-2024–3159, this high-severity security flaw is caused by an out-of-bounds read weakness in the Chrome V8 JavaScript engine.

Remote attackers can exploit the vulnerability using crafted HTML pages to gain access to data beyond the memory buffer via heap corruption, which can provide them with sensitive information or trigger a crash.

Microsoft has fixed an issue that triggers erroneous Outlook security alerts when opening. ICS calendar files after installing the December 2023 Outlook Desktop security updates.

The December Patch Tuesday security updates behind these inaccurate warnings patch the CVE-2023–35636 Microsoft Outlook information disclosure vulnerability, which attackers can exploit to steal NTLM hashes via maliciously crafted files.

These credentials are used to authenticate as the compromised Windows user in pass-the-hash attacks, to gain access to sensitive data or spread laterally on their network.

Does Google’s app really need to constantly reset all Windows network interfaces?

Companies are trying to make the “AI PC” happen with new silicon and software.