Cybersleuths at Microsoft have found a link between the recent ‘Raspberry Robin’ USB-based worm attacks and EvilCorp, a notorious Russian ransomware operation sanctioned by the U.S. government.
Malicious Macro-Enabled Docs Delivered via Container Files to Bypass Microsoft Protections
Threat actors are embedding macro-enabled Office documents in container files such as archives and disk images to circumvent a recently rolled-out macro-blocking feature in Microsoft Office.
Calls Mount for US Gov Clampdown on Mercenary Spyware Merchants
Cybersecurity professionals from Google’s threat hunting unit and the University of Toronto’s Citizen Lab are upping the pressure on mercenary hacking firms selling high-end surveillance spyware with fresh calls for the U.S. government to urgently clamp down on these businesses.
Microsoft Catches Austrian Company Exploiting Windows, Adobe Zero-Days
Malware hunters at Microsoft have caught an Austrian hack-for-hire company exploiting zero-day flaws in Windows and Adobe software products in “limited and targeted attacks” against European and Central American computer users.
IBM Security: Cost of Data Breach Hitting All-Time Highs
A study commissioned by IBM Security says the global average cost of a data breach reached an all-time high of $4.35 million and warned that the absence of zero trust principles at studied organizations are pushing those costs even higher.
European Lawmaker Targeted With Cytrox Predator Surveillance Spyware
A security audit by the European Parliament has unearthed attempts to plant high-end surveillance software on the phone of a Greek lawmaker and there are fresh reports linking the hack attempt to a known North Macedonia spyware vendor.
Chinese UEFI Rootkit Found on Gigabyte and Asus Motherboards
Security researchers with Kaspersky have analyzed a UEFI firmware rootkit that appears to target specific motherboard models from Gigabyte and Asus.
PrestaShop Confirms Zero Day Attacks Hitting eCommerce Servers
The team behind the open source PrestaShop ecommerce platform has issued a public advisory to warn of zero day SQL injection attacks hitting merchant servers and planting code capable of stealing customer payment information.
SonicWall Warns of Critical GMS SQL Injection Vulnerability
Network security appliance vendor SonicWall late Thursday shipped urgent patches for a critical flaw in its Global Management System (GMS) software, warning that the issue exposes businesses to remote hacker attacks.
Chrome Flaw Exploited by Israeli Spyware Firm Also Impacts Edge, Safari
A recently patched Chrome vulnerability that appears to have been exploited by an Israeli spyware company also impacts Microsoft’s Edge and Apple’s Safari web browsers.
