Cyber criminals look to exploit Intel vulnerabilities for highly persistent implants
Leaked Conti information show the ransomware gang likely completed a proof of concept to exploit Intel ME and rewrite its firmware.
Stories by Lucian Constantin
-
-
Conti ransomware explained: What you need to know about this aggressive criminal group
The Conti ransomware group is less likely to help victims restore encrypted files and more likely to leak exfiltrated data.
-
Microsoft gives mitigation advice for Follina vulnerability exploitable via Office apps
The actively exploited flaw allows attackers to use malicious Word documents to perform remote code execution through Microsoft Support Diagnostic Tool.
-
Google Cloud to launch repository service with security-tested versions of open source software packages
The paid Assured Open Source Software service will offer common open source packages after vetting the provenance of its code and dependencies.
-
Stealthy Linux implant BPFdoor has compromised businesses for years, notably in Vietnam
Malware researchers warn about a stealthy backdoor program that has been used by a Chinese threat actor to compromise Linux servers around the world.
-
TLS implementation flaws open Aruba and Avaya network switches to attack
The network switch vulnerabilities are considered critical and could allow attackers to break network segmentation, exfiltrate data, and escape captive portals.
-
Researchers break Azure PostgreSQL database-as-a-service isolation with cross-tenant attack
Although the vulnerabilities were patched server-side, they allowed privilege escalation and authentication bypass.
-
Why businesses should patch the latest critical Windows RPC vulnerability right now
Among the over 100 vulnerabilities fixed by Microsoft during the past week in its monthly patch cycle is one that has the security community very worried.
-
Attackers create malware for serverless computing platforms like AWS Lambda
The new cryptomining malware is written in Go for easier deployment and uses Amazon Web Services' own open-source Go libraries.
-
New ransomware LokiLocker bundles destructive wiping component
A new ransomware operation dubbed LokiLocker has slowly been gaining traction since August among cyber criminals, researchers warn.
-
Dirty Pipe root Linux vulnerability can also impact containers
The dangerous Linux privilege escalation flaw dubbed Dirty Pipe that was recently disclosed could also impact applications and systems.
-
Vulnerabilities in remote management agent impacts thousands of medical devices
The Axeda platform, used by hundreds of Internet of Things devices, has seven vulnerabilities, three of which allow for remote code execution.
-
Critical flaws in APC uninterruptible power supplies poses risks to mission-critical devices
Security researchers have found several vulnerabilities affecting many models of APC Smart-UPS uninterruptible power supplies that could be exploited.
-
Nvidia hackers release code-signing certificates that malware can abuse
The hacker group that recently broke into systems belonging to Nvidia has released two of the company's old code-signing certificates.
-
Conti gang ready to hit critical infrastructure in support of Russian government
Ransomware group's claims follow a threat from the hacktivist group Anonymous to conduct cyber attacks against Russian targets.
Events
ARN Innovation Awards 2023
Innovation Awards is the market-leading awards program for celebrating ecosystem innovation and excellence across the technology sector in Australia.
Brand Post
Scale AI while avoiding costly IT and Infrastructure investments with IBM embeddable AI
By Kalyan Madala, CTO, IBM ASEANZK
Sponsored By
