AMD has disclosed a significant security vulnerability that could allow attackers with administrative privileges to load unauthorized microcode patches into the company’s processors. Identified as CVE-2024-36347 with a CVSS score of 6.4 (Medium), this flaw affects a wide range of…
Category: EN
SpyNote, BadBazaar, MOONSHINE Malware Target Android and iOS Users via Fake Apps
Cybersecurity researchers have found that threat actors are setting up deceptive websites hosted on newly registered domains to deliver a known Android malware called SpyNote. These bogus websites masquerade as Google Play Store install pages for apps like the Chrome…
Palo Alto Networks Warns of Brute-Force Attempts Targeting PAN-OS GlobalProtect Gateways
Palo Alto Networks has revealed that it’s observing brute-force login attempts against PAN-OS GlobalProtect gateways, days after threat actors warned of a surge in suspicious login scanning activity targeting its appliances. “Our teams are observing evidence of activity consistent with…
Microsoft Boosts Exchange and SharePoint Security with Updated Antimalware Scan
Microsoft has fortified its Exchange Server and SharePoint Server security by integrating advanced Antimalware Scan Interface (AMSI) capabilities. This measure, aimed at countering sophisticated attack vectors, represents a crucial step to safeguard on-premises infrastructure that serves as the backbone of…
Calix Devices Vulnerable to Pre-Auth RCE on Port 6998, Root Access Possible
A severe security flaw enabling unauthenticated remote code execution (RCE) with root privileges has been uncovered in select Calix networking devices, raising alarms for organizations using legacy hardware. The vulnerability resides in TCP port 6998 and impacts end-of-life (EOL) devices…
Chinese eCrime Group Targets Users in 120+ Countries to Steal Banking Credentials
Smishing Triad, a Chinese eCrime group, has launched an extensive operation targeting users across more than 121 countries. This campaign, primarily focused on stealing banking credentials, has evolved to include diverse industries, from postal and logistics to finance and retail…
Ransomware crims hammering UK more than ever as British techies complain the board just doesn’t get it
Issues at the very top continue to worsen The UK government’s latest annual data breach survey shows the number of ransomware attacks on the isles is on the increase – and many techies are forced to constantly informally request company directors…
Windows Defender Antivirus Bypassed Using Direct Syscalls & XOR Encryption
A new sophisticated method to bypass Microsoft’s Windows Defender antivirus protection by combining direct syscalls with XOR encryption techniques. The research, published this week, reveals critical vulnerabilities in one of the most widely deployed security solutions that ships with every…
Cybercrime Group Changes Plans: Drops Ransomware, Focuses on Data Theft
A cybercriminal group known for ransomware attacks has decided to stop using those methods and instead focus only on stealing information and demanding money in return. The group, called Hunters International, has rebranded and is now running a new…
New WhatsApp Feature Allows Users to Control Media Auto-Saving
As part of WhatsApp’s ongoing efforts to ensure the safety of its users, a new feature will strengthen the confidential nature of chat histories. The enhancement is part of the platform’s overall initiative aimed at increasing privacy safeguards and…
AMD CPU Signature Verification Vulnerability Enables Unauthorized Microcode Execution
A vulnerability in AMD CPUs has been uncovered, enabling attackers with administrative privileges to bypass microcode signature verification and execute malicious code. Designated as CVE-2024-36347 (CVSS score: 6.4, Medium), the flaw impacts multiple generations of AMD EPYC™ server processors and select consumer…
Cyble Urges Critical Vulnerability Fixes Affecting Industrial Systems
Rockwell Automation, Hitachi Energy and Inaba Denki Sangyo have products affected by critical vulnerabilities carrying severity ratings as high as 9.9 This article has been indexed from www.infosecurity-magazine.com Read the original article: Cyble Urges Critical Vulnerability Fixes Affecting Industrial Systems
March Madness: Don’t Let Cyber Scammers Attack Your Bracket Blind Spot
Now that the March Madness tournament has concluded with thrilling games and memorable moments, fans are reflecting on their brackets and the champions crowned. While the excitement of the tournament may have subsided, the cybersecurity risks tied to major events…
Gamaredon targeted the military mission of a Western country based in Ukraine
Gamaredon targeted a foreign military mission in Ukraine with updated GammaSteel malware on Feb 26, 2025, per Symantec. Symantec Threat Hunter researchers reported that the Russia-linked APT group Gamaredon (a.k.a. Shuckworm, Armageddon, Primitive Bear, ACTINIUM, Callisto) targeted a foreign military mission based in…
President fires Krebs, Nissan Leaf hack, Typhoon tariff warning
President orders probe of former CISA Director Chris Krebs Nissan Leaf cars can be hacked for remote spying and physical takeover Infosec experts warn of China Typhoon retaliation against tariffs Thanks to our episode sponsor, Nudge Security Are you struggling…
Maryland Community Colleges to Host Ribbon Cutting Events as Maryland’s Cyber Workforce Accelerator Program Ramps Up
Seven Schools Have Confirmed Event Dates for April and May BCR Cyber, a leading provider of comprehensive cybersecurity training and job placement services, and the Maryland Association of Community Colleges (MACC), the advocate and unified voice for Maryland’s 16 community…
Smart TVs and security risks: What you need to know
Smart TVs sit at the heart of many home entertainment systems. Offering internet connectivity, streaming services, and advanced features like voice commands, these TVs allow… The post Smart TVs and security risks: What you need to know appeared first on…
Ivanti 0-Day RCE Flaw Exploitation Details Revealed
A critical unauthenticated Remote Code Execution (RCE) vulnerability, CVE-2025-22457, has been disclosed by Ivanti, sparking concerns across the cybersecurity industry. The flaw, which affects several Ivanti products, allows attackers to execute arbitrary code remotely, potentially compromising sensitive enterprise environments. Researchers, including the Rapid7…
Researchers Exploit Windows Defender with XOR and System Calls
A recent cybersecurity revelation has demonstrated how researchers successfully bypassed Windows Defender antivirus mechanisms using advanced techniques involving XOR encryption and direct system calls. This breakthrough has sparked discussions about the effectiveness of traditional antivirus measures against increasingly sophisticated attack…
Microsoft Issues Urgent Patch to Resolve Office Update Crashes
Microsoft has issued an emergency patch addressing widespread crashes in Office 2016 applications following a problematic update. The fix, identified as KB5002623 and released on April 10, 2025, resolves critical issues that caused Microsoft Word, Excel, and Outlook to stop…