Security Bulletin

I found a malicious Word document with VBA code using the CrowdStrike outage for social engineering purposes. It's an .ASD file (AutoRecover file). My tool oledump.py can analyze it:

When Johannes talked about my diary entry " Protected OOXML Spreadsheets" on his StormCast podcast, he mentioned that I privately shared data on the power consumption of my desktop with a NVIDIA GeForce RTX 3080 GPU when running Hashcat.

With all the Blue Screen Of Death screenshots we saw lately, I got the idea to write about Sysinternals' tool NotMyFault.

Researchers say that a years-old security leak is putting a number of production model PCs at risk of persistent remote takeover.

Several vendors for consumer and enterprise PCs share a compromised crypto key that should never have been on the devices in the first place.

Researchers track the healthcare sector as experiencing the biggest financial losses, with banking and transportation following close behind.

The campaign is laser-targeted, bucking the trend of "spray-and-pray" malicious open source packages turning up in code repositories seemingly every other day.

Security pros say the bugs are input validation flaws that can lead to remote code execution.

The cybersecurity firm says that 97% of sensors are back online, but some organizations continue to recover, with costs tallied at $5.4 billion for the Fortune 500 alone.

The individual is part of a DPRK-backed group known as Andariel, which is known for using the 'Maui' ransomware strain to target and extort healthcare entities.

Nvidia doesn't just make the chips that accelerate a lot of AI applications — the company regularly creates and uses its own large language models, too.