Hackers spread malware via URLs in GitHub comments
Cybercriminals are spreading malware-linked URLs of ostensibly Microsoft repositories through the comments of GitHub projects. The method of malware distribution is very dangerous and persistent.
According to research, cybercriminals are actively trying to spread malware through URLs posted in t... Read more
Bug bounty in practice: the final layer of security
What does a bug bounty program look like, and what does it deliver? We talk to Visma about its usefulness for security professionals and the ultimate benefit for the user of the software.
"With the bug bounty program, we have extra eyes looking at our products," explains Chief Information Securi... Read more
Vulnerability in Windows Defender leads to data loss
Attacks on Windows Defender and Kaspersky EDR allow remote file deletion. Even after patches, hackers can still exploit these tools' vulnerabilities.
In a presentation at Black Hat Asia, security firm SafeBreach revealed that Windows Defender and Kaspersky EDR are vulnerable to remote-access att... Read more
Large-scale attack on Ray framework exposes AI security risks
For seven months, attackers had free reign to wreak havoc inside the AI infrastructure of major tech companies. An exploitation of vulnerability CVE-2023-48022 in the widely used open-source Ray framework has led to manipulated models, stolen hardware cycles and compromised data. Its developer Anys... Read more
Number of exploited zero-days up more than 50%
Figures from Google show that last year there were 97 actively exploited zero-day vulnerabilities. In 2022, the number was still 62 vulnerabilities.
With this, the upward trend has returned. A year ago, the figures still showed a positive trend downward. According to Google data, the year 2021 m... Read more
FBI implores developers to finally eradicate SQL injections
The FBI and the U.S. Cybersecurity and Infrastructure Agency (CISA) argue that SQL injections should be a thing of the past. Despite developers' knowledge for two decades of how to prevent this type of attack, it continues to cause widespread exploits.
SQL injections insert malicious code into S... Read more
Fortinet warns vulnerability in FortiClientEMS is exploited in the wild
Fortinet is warning users of the Fortinet FortiClient Enterprise Management Server (EMS) about the active misuse of a critical vulnerability in the product. The vulnerability allows hackers to run code through the system without having physical access to the device.
The vulnerability was reporte... Read more
Researchers IBM and VU Amsterdam discover major CPU vulnerability
A new CPU vulnerability affects all known computer architectures. The so-called GhostRace exploit makes it possible to steal data from the system memory of PCs with chips from Intel, AMD, Arm and IBM.
VUSec, the Systems & Network Security Group at the Dutch university VU Amsterdam, shares a ... Read more
Malware scanner jeopardizes more than 10,000 WordPress sites
Two critical vulnerabilities in WordPress plugins from miniOrange will never receive a patch. More than 10,000 websites use the Malware Scanner plugin to detect attackers. However, the tool itself is exploitable by malicious actors.
The vulnerability in Malware Scanner was found by WordPress res... Read more
Microsoft patches two critical vulnerabilities in Hyper-V
Microsoft addressed two critical vulnerabilities in the virtualization software Hyper-V during this month's Patch Tuesday update. The company said exploits of both vulnerabilities are not likely, but patching is important.
The vulnerabilities in question are CVE-2024-21407 and CVE-2024-21408. Th... Read more