RSS Dashboard

The Hackers News

Microsoft Security Response Centre

The National Cyber Security Centre

Zero Day Initiative: Published

NHS High CareCerts

ThreatPost

Penetration Testing or Vulnerability Scanning? What's the Difference?

Pentesting and vulnerability scanning are often confused for the same service. The problem is, business owners often use one when they really need the other. Let's dive in and explain… [...]

Hackers Using Bumblebee Loader to Compromise Active Directory Services

The malware loader known as Bumblebee is being increasingly co-opted by threat actors associated with BazarLoader, TrickBot, and IcedID in their campaigns to breach target networks for post-exploitation activities. "Bumblebee… [...]

North Korea Hackers Spotted Targeting Job Seekers with macOS Malware

The North Korea-backed Lazarus Group has been observed targeting job seekers with malware capable of executing on Apple Macs with Intel and M1 chipsets. Slovak cybersecurity firm ESET linked it… [...]

Apple Releases Security Updates to Patch Two New Zero-Day Vulnerabilities

Apple on Wednesday released security updates for iOS, iPadOS, and macOS platforms to remediate two zero-day vulnerabilities previously exploited by threat actors to compromise its devices. The list of issues is below -… [...]

Cybercriminals Developing BugDrop Malware to Bypass Android Security Features

In a sign that malicious actors continue to find ways to work around Google Play Store security protections, researchers have spotted a previously undocumented Android dropper trojan that's currently in… [...]

The Microsoft Bug Bounty Programs and partnerships with the global security research community are important parts of Microsoft’s holistic approach to defending customers against security threats. Our bounty programs incentivize… [...]

Sharing information through the Security Update Guide (SUG) is an important part of our ongoing effort to help customers manage security risks and keep systems protected. In January 2022 we… [...]

The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure.  Today, we… [...]

We are excited to announce that Microsoft Office will begin publishing Office symbols for Windows via the Microsoft Public Symbol Server on August 9th 2022. The publication of Office symbols… [...]

Our security teams around the world focus on identifying and mitigating security issues as soon as possible while minimizing customer disruption. One of the challenges of a traditional security update… [...]

The NCSC's threat report is drawn from recent open source reporting. [...]

The NCSC's threat report is drawn from recent open source reporting. [...]

The NCSC's threat report is drawn from recent open source reporting. [...]

The NCSC's threat report is drawn from recent open source reporting. [...]

The NCSC's threat report is drawn from recent open source reporting. [...]

This vulnerability allows local attackers to disclose sensitive information on affected installations of NetBSD Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system… [...]

This vulnerability allows remote attackers to escape the sandbox on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system… [...]

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Authentication is not required to exploit this vulnerability. [...]

This vulnerability allows remote attackers to disclose sensitive information on affected installations of OPC Foundation UA .NET Standard. Authentication is not required to exploit this vulnerability. [...]

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit… [...]

Severity: Information only Security update addresses CVE-2022-0028, a reflected amplification denial-of-service vulnerability in URL filtering Security update addresses CVE-2022-0028, a reflected amplification denial-of-service vulnerability in URL filtering Updated: 15 Aug… [...]

Severity: Information only Scheduled update addresses one High and one Medium vulnerability Scheduled update addresses one High and one Medium vulnerability Updated: 11 Aug 2022 [...]

Severity: Information only Security update addresses a vulnerability affecting Citrix Hypervisor Security update addresses a vulnerability affecting Citrix Hypervisor Updated: 11 Aug 2022 [...]

Severity: Information only SAP has released security updates to address vulnerabilities affecting multiple products SAP has released security updates to address vulnerabilities affecting multiple products Updated: 11 Aug 2022 [...]

Severity: Information only Scheduled updates for Microsoft products Scheduled updates for Microsoft products Updated: 10 Aug 2022 [...]

Severity: Information only Security update addresses multiple vulnerabilities affecting vRealize Operations Security update addresses multiple vulnerabilities affecting vRealize Operations Updated: 10 Aug 2022 [...]

Severity: Information only Adobe has released security updates to address vulnerabilities in Adobe Commerce, Acrobat and Reader, Illustrator, FrameMaker and Premiere Elements Adobe has released security updates to address vulnerabilities… [...]

Severity: High VMware has released a critical security update to address ten vulnerabilities in multiple VMware products, including Workspace ONE Access Manager and Identity Manager (vIDM) VMware has released a… [...]

Severity: Information only Security updates address a vulnerability with a CVSSv3 score of 10.0 that allows unauthenticated RCE Security updates address a vulnerability with a CVSSv3 score of 10.0 that… [...]

Severity: Information only Scheduled quarterly updates for F5 address 21 vulnerabilities Scheduled quarterly updates for F5 address 21 vulnerabilities Updated: 08 Aug 2022 [...]

APT Lazarus Targets Engineers with macOS Malware
The North Korean APT is using a fake job posting for Coinbase in a cyberespionage campaign targeting users of both Apple and Intel-based systems.
U.K. Water Supplier Hit with Clop Ransomware Attack
The incident disrupted corporate IT systems at one company while attackers misidentified the victim in a post on its website that leaked stolen data.
Xiaomi Phone Bug Allowed Payment Forgery
Mobile transactions could’ve been disabled, created and signed by attackers.
Black Hat and DEF CON Roundup
‘Summer Camp’ for hackers features a compromised satellite, a homecoming for hackers and cyberwarfare warnings.
Feds: Zeppelin Ransomware Resurfaces with New Compromise, Encryption Tactics
The CISA has seen a resurgence of the malware targeting a range of verticals and critical infrastructure organizations by exploiting RDP, firewall vulnerabilities.