A new business email compromise (BEC) campaign is targeting accounts payable personnel at Fortune 500 companies in an attempt to trick victims into initiating fraudulent wire transactions to attacker-controlled accounts, IBM warns. As part of BEC scams, attackers take over or impersonate a trusted user’s email account to target other companies and divert funds to […]
The number of reported vulnerabilities in Microsoft software has mounted from 325 in 2013 to 685 last year, a rise of 111 percent, according to new research. Moreover, there has also been a 54 percent increase in critical Microsoft vulnerabilities since 2016, researchers at Avecto said in their report, which is based on data from […]
In the wake of the Spectre and Meltdown bugs, Intel has rolled out a significant expansion of its bug bounty program. Intel first launched the program in March 2017. The big changes include a shift from an invitation-only format to one that is open to all security researchers. One key addition is a program for […]
Apple said it is working on a fix for the latest text bomb bug that crashes a number of iOS and Mac apps that display specific Telugu language characters. The bug, first reported by Italian Blog Mobile World, impacts a wide range of Apple apps running on iOS and macOS. While some iPhone users are […]
Typically, inbox-based attacks that include malicious Microsoft Office attachments require adversaries to trick users into enabling macros. But researchers say they have identified a new malicious email campaign that uses booby-trapped Office attachments that are macro-free. The attacks do not generate the same type of default warning from Microsoft associated with macro-based attacks, according to […]
Nearly two-thirds of businesses worldwide have experienced significant delays in sales due to customer data privacy concerns, according to Cisco’s 2018 Privacy Maturity Benchmark Study. The study, based on the responses of roughly 3,000 cybersecurity professionals from 25 countries, shows that 65% of businesses reported sales cycle delays due to concerns over data privacy, with […]
Microsoft has been forced to issue an out-of-band patch to fix problems caused by a buggy Intel update for one of the Spectre vulnerabilities disclosed earlier this month. The Redmond fix (KB4078130) was issued over the weekend and disables the mitigation for branch target injection vulnerability CVE-2017-5715. The fix covers Windows 7 (SP1), Windows 8.1 […]
Researchers have released a proof-of-concept framework for a new covert channel for data exchange using the Transport Layer Security (TLS) protocol. The method exploits the public key certificate standard X.509 and could allow for post-intrusion C2 communication and data exfiltration to go unnoticed despite network perimeter protections. According to Fidelis researchers, the covert data exchange […]
A researcher that goes by the handle “Siguza” released details of a local privilege escalation attack against macOS that dates back to 2002. A successful attack could give adversaries complete root access to targeted systems. Siguza released details of the attack on Dec. 31 via Twitter, wishing followers a “Happy New Year” and linked to […]
Apple has sought to play down fears over the security of its operating system after a portion of iOS source code was leaked on GitHub this week, claiming it’s from several years ago. News outlets were awash with speculation on the potential implications of the leak, which apparently focused around the iBoot process that runs […]
