Windows users under attack via two new RCE zero-days Attackers are exploiting two new zero-days in the Windows Adobe Type Manager Library to achieve remote code execution on targeted Windows systems. While waiting for Microsoft to provides fixes, ACROS Security has released micropatches that can prevent remote attackers from exploiting the flaws.
On Dec. 1, 2019, a patient in Wuhan, China, started showing symptoms of what doctors determined was a new coronavirus. Since then, the virus has spread across the world. Here’s how the virus grew to a global pandemic. Photo: Alberto Pizzoli/AFP.
This tool is designed, developed and supported by evait security. In order to give something back to the security community, we publish our internally used and developed, state of the art network visualization and vulnerability reporting tool, ‘envizon’. We hope your feedback will help to improve and hone it even further.
The FBI is warning of a new wave of attacks carried out by the FIN7 APT group that is sending to the victims devices acting as a keyboard (HID Emulator USB) when plugged into a computer.
“Recently, the cybercriminal group FIN7,1 known for targeting such businesses through phishing emails, deployed an additional tactic of mailing USB devices via the United States Postal Service (USPS).” reads the alert issued by the FBI. “The mailed packages sometimes include items like teddy bears or gift cards to employees of target companies working in the Human Resources (HR), Information Technology (IT), or Executive Management (EM) roles,”
The spread of malware through apps being downloaded by users in the name of ‘the latest information and instructions about COVID-19’ is amongst one of the most prevalent threats that have been observed since the outbreak of the novel Coronavirus. As a result, users were forced to download apps such as COVID19Tracker or Covid Lock from a website, the app locked victims outside their smartphones and asked for a ransom of $100 in Bitcoin for the release of their data. Consequently, attackers threatened them to leak all their contacts, media, and social media accounts online in case they failed to pay the ransom in due time.