From thehackernews.com
In yet another instance of software supply chain attack, unidentified hackers breached the website of MonPass, one of Mongolia’s major certificate authorities, to backdoor its installer software with Cobalt Strike binaries.
The trojanized client was available for download between February 8, 2021, and March 3, 2021, said Czech cybersecurity software company Avast in a report published Thursday.
From securityaffairs.co
Researchers from Fortinet reported that a new ransomware family, tracked as Diavol, might have been developed by Wizard Spider, the cybercrime gang behind the TrickBot botnet.
The Trickbot botnet was used by threat actors to spread the Ryuk and Conti ransomware families, experts noticed similarities between Diavol and Conti threats. Unlike Conti, Diavol doesn’t avoid infecting Russian victims.
At the beginning of June, FortiEDR detected and halted a ransomware attack against one of the customers of the security firm. The security firm detected two suspicious files, locker.exe and locker64.dll, that at the time were not found on VirusTotal. locker64.dll was detected as a Conti (v3) ransomware sample, while locker.exe appeared to be completely different and dubbed it Diavol.
From latesthackingnews.com
Two security researchers, Vansh Devgan and Shivam Kumar Singh, discovered a severe Universal XSS vulnerability in the Microsoft Edge. Specifically, this bug typically affected the automatic translation feature of the browser. Sharing the details in a post, the researchers revealed that they found this vulnerability when they visited a website in another language via the Edge browser and attempted to translate the page. The immediate appearance of popups led them to the discovery of the XSS. Briefly, the bug existed in the startPageTranslation function. The vulnerable code of the auto-translation feature improperly processed the “>” in HTML tags. As stated in the post,
Read more…
From 2-spyware.com
Easy 2 Convert 4 Me is a browser hijacker that manipulates browser settings to cause various mischiefs. It could change your default search engine, which would consequently modify the new tab and homepage preferences. Generally, these potentially unwanted programs are created to generate revenue for their developers by redirecting internet traffic to affiliated websites.
Browser hijackers are also capable of collecting your browsing-related information, such as search inquiries, clicked links, visited sites, device/browser details, IP addresses, etc. Advertisers use the gathered data to customize various adverts specifically for you, making them irresistible.
From zdnet.com
What you think you know as PrintNightmare, might not be what Microsoft refers to, or then again it might.
During the week, PrintNightware, a critical Windows print spooler vulnerability that allowed for remote code execution was known as CVE-2021-1675.
Exploits were publicly available after Microsoft’s patches failed to fix the issue completely and the security researchers had already published their code, said they deleted it, but it was already branched on GitHub.
From tripwire.com
Scammers are increasingly resourceful when coming up with scam techniques. But they often rely on long-standing persuasion techniques for the scam to work. So, you may hear about a new scam that uses a novel narrative, but there is a good chance that the scam relies on proven scam techniques once the narrative is stripped away. These scam techniques often exploit our characteristics and heuristics, or things that make us human and fallible.
In this blog post, I will cover some of the most common scam techniques and explain how they work.
From itproportal.com
Covid-19 has changed many things. The rise in remote work significantly increased and companies were forced to test a new business model. At first, corporations were somewhat reluctant, but working from home yielded higher productivity. This is the effect of being close at home, with family, and less stress of commuting to and from work.