Sep 17, 2024Ravie LakshmananCryptocurrency / Malware Cryptocurrency exchange Binance is warning of an “ongoing” global threat that’s targeting cryptocurrency users with clipper malware with the goal of facilitating financial fraud. Clipper malware, also called ClipBankers, is a type of malware that Microsoft calls cryware, which comes with capabilities to monitor a victim’s clipboard activity and…
Read More
Sep 17, 2024Ravie LakshmananSoftware Security / Data Protection SolarWinds has released fixes to address two security flaws in its Access Rights Manager (ARM) software, including a critical vulnerability that could result in remote code execution. The vulnerability, tracked as CVE-2024-28991, is rated 9.0 out of a maximum of 10.0 on the CVSS scoring system. It…
Read MoreMS-ISAC ADVISORY NUMBER: 2024-102 DATE(S) ISSUED: 09/16/2024 OVERVIEW: Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated…
Read More
The flaw had received a fix during Microsoft’s ‘Patch Tuesday’ update on Sept. 10, but had not initially been listed as exploited in attacks. A Microsoft Windows vulnerability with a rating of “high” severity has been acknowledged as having seen exploitation in cyberattacks, after initially being listed by the tech giant as unexploited upon its…
Read More
Microsoft has fixed a known issue that causes Microsoft 365 apps like Outlook, Word, Excel, and OneNote to crash while typing or spell-checking a text. The crashes affect users of Excel for Microsoft 365, Word for Microsoft 365, Outlook for Microsoft 365, PowerPoint for Microsoft 365, and OneNote for Microsoft 365 on Version 2407 Build…
Read More
Election cybersecurity is a critical concern as numerous countries, including the US, EU, India, and others, prepare for elections in 2024. With so much at stake, cyberthreats pose a significant risk to the integrity of these democratic processes. Among the primary concerns are ransomware attacks that could steal and leak sensitive voter registration data or…
Read More
CISA has ordered U.S. federal agencies to secure their systems against a recently patched Windows MSHTML spoofing zero-day bug exploited by the Void Banshee APT hacking group. The vulnerability (CVE-2024-43461) was disclosed during this month’s Patch Tuesday, and Microsoft initially classified it as not exploited in attacks. However, Microsoft updated the advisory on Friday to confirm that…
Read More
A proof-of-concept (PoC) exploit for CVE-2024-29847, a critical remote code execution (RCE) vulnerability in Ivanti Endpoint Manager, is now publicly released, making it crucial to update devices. The flaw is a deserialization of untrusted data issue impacting Ivanti Endpoint Manager before 2022 SU6 and EPM 2024, which was fixed as part of the September 2024…
Read More
Amazon CEO said that to boost innovation and collaboration, corporate workers must return to the office five days a week. Amazon will “return to being in the office the way we were before the onset of COVID,” Andy Jassy said today in a memo to employees. Amazon is mandating corporate workers return to the office…
Read More
Microsoft has announced that Office LTSC (Long Term Servicing Channel) 2024, a volume-licensed and perpetual version of Office for Windows and macOS users, is now available for commercial and government customers. Office LTSC 2024 is designed for organizations with devices without internet connectivity and requiring long-term support, such as specialty systems like medical equipment. It has…
Read More