Security Bulletin

Integrated within UULoader was an archive file with two main executables that did not have their file headers, with the first being a binary enabling DLL file side-loading of the final-stage payloads.

Typosquatted domains mimicking legitimate sites have been leveraged to host the MSIX installers, which not only spoof Zoom, KeePass, Steam, and other popular software but also facilitate script execution prior to app deployment.

Attacks exploiting a Windows Ancillary Function Driver for WinSock zero-day vulnerability, tracked as CVE-2024-38193, have been deployed by North Korean hacking collective Lazarus Group to facilitate stealthy systems compromise with the FUDModule...

Intrusions with the novel Firmachagent malware and known Spectr spyware were reported by Ukraine's Computer Emergency Response Team to have been launched by pro-Russia and Luhansk People's Republic-associated threat operation Vermin as part of a new...

More than two dozen IP addresses assigned to Stark Industries Solutions have been leveraged by Russian hacking group FIN7 for domains used in its operations.

Feds confirmed Iran's involvement in the email attack against Roger Stone after Microsoft, Google reported Iranian APT action against both presidential campaigns.

Charming Kitten goes retro and consolidates its backdoor into a tighter package, abandoning the malware framework trend.

While the combined gross domestic product (GDP) of African nations grew fivefold in two decades, a lack of cybersecurity is holding back gains — although the jury is out on how much.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Networking vendor TP-Link has found itself under scrutiny from Congress over its links to the Chinese government.

The RCE vulnerability was leveraged in ransomware attacks targeting Indian banks.

Outlook, Teams, PowerPoint, OneNote, Excel, and Word undermine macOS's strict user permission-based privacy and security protections.