Researchers Uncover First Native Spectre v2 Exploit Against Linux Kernel

/in

Cybersecurity researchers have disclosed what they say is the “first native Spectre v2 exploit” against the Linux kernel on Intel systems that could be exploited to read sensitive data from the memory.
The exploit, called Native Branch History Injection (BHI), can be used to leak arbitrary kernel memory at 3.5 kB/sec by bypassing existing Spectre v2/BHI mitigations, researchers from Systems and

The Hacker News – ​Read More

Researchers Discover New Ransomware Gang ‘Muliaka’ Attacking Russian Businesses

/in

The gang, which researchers at the Moscow-based cybersecurity company F.A.C.C.T. have dubbed “Muliaka,” or Muddy Water in English, has left minimal traces from its attacks but has likely been active since at least December 2023.

Cyware News – Latest Cyber News – ​Read More

6 Best Open Source Password Managers for Mac in 2024

/in

Explore the top open-source password managers available for Mac users. Find the best one that suits your needs and secure your online accounts effectively.

Security | TechRepublic – ​Read More

530k Impacted by Data Breach at Wisconsin Healthcare Organization

/in

The personal information of 500,000 people was compromised in a data breach at Group Health Cooperative of South Central Wisconsin.

The post 530k Impacted by Data Breach at Wisconsin Healthcare Organization appeared first on SecurityWeek.

SecurityWeek – ​Read More

Microsoft Patches Two Zero-Days Exploited for Malware Delivery

/in

Microsoft patches CVE-2024-29988 and CVE-2024-26234, two zero-day vulnerabilities exploited by threat actors to deliver malware.

The post Microsoft Patches Two Zero-Days Exploited for Malware Delivery appeared first on SecurityWeek.

SecurityWeek – ​Read More

Webinar: Learn How to Stop Hackers from Exploiting Hidden Identity Weaknesses

/in

We all know passwords and firewalls are important, but what about the invisible threats lurking beneath the surface of your systems?
Identity Threat Exposures (ITEs) are like secret tunnels for hackers – they make your security way more vulnerable than you think.
Think of it like this: misconfigurations, forgotten accounts, and old settings are like cracks in your digital fortress walls. Hackers

The Hacker News – ​Read More

Novel Ahoi Attacks Could Compromise Confidential VMs

/in

The researchers presented two variations of what they call Ahoi attacks. One of them, dubbed Heckler, involves a malicious hypervisor injecting interrupts to alter data and control flow, breaking the integrity and confidentiality of CVMs.

Cyware News – Latest Cyber News – ​Read More

Vedalia APT Group Exploits Oversized LNK Files in Malware Campaign

/in

The Vedalia APT group has ingeniously utilized LNK files with double extensions, effectively masking the malicious .lnk extension. This tactic deceives users into believing the files are harmless, increasing the likelihood of execution.

Cyware News – Latest Cyber News – ​Read More

Microsoft Fixes 149 Flaws in Huge April Patch Release, Zero-Days Included

/in

Microsoft has released security updates for the month of April 2024 to remediate a record 149 flaws, two of which have come under active exploitation in the wild.
Of the 149 flaws, three are rated Critical, 142 are rated Important, three are rated Moderate, and one is rated Low in severity. The update is aside from 21 vulnerabilities that the company addressed in its

The Hacker News – ​Read More

Top MITRE ATT&CK Techniques and How to Defend Against Them

/in

A cheat sheet for all of the most common techniques hackers use, and general principles for stopping them.

darkreading – ​Read More