Somcert

Apple has abruptly withdrawn its lawsuit against NSO Group, citing increased risk that the legal battle might unintentionally reveal sensitive vulnerability data and difficulties in acquiring essential information from the spyware vendor. In a court filing Friday, Apple said continuing the lawsuit now poses “too significant a risk” of exposing the anti-exploitation and threat intelligence […]

Microsoft raised an alarm for in-the-wild exploitation of a critical flaw in Windows Update, warning that attackers are rolling back security fixes on certain versions of its flagship operating system. The Windows flaw, tagged as CVE-2024-43491 and marked as actively exploited, is rated critical and carries a CVSS severity score of 9.8/10. Microsoft did not provide any information […]

A hacktivist group known as Head Mare has been linked to cyber attacks that exclusively target organizations located in Russia and Belarus. “Head Mare uses more up-to-date methods for obtaining initial access,” Kaspersky said in a Monday analysis of the group’s tactics and tools. “For instance, the attackers took advantage of the relatively recent CVE-2023-38831 vulnerability in WinRAR, which allows the […]

Google has rolled out security fixes to address a high-severity security flaw in its Chrome browser that it said has come under active exploitation in the wild. Tracked as CVE-2024-7971, the vulnerability has been described as a type confusion bug in the V8 JavaScript and WebAssembly engine. “Type confusion in V8 in Google Chrome prior to […]

The U.S. Federal Bureau of Investigation (FBI) on Monday announced the disruption of online infrastructure associated with a nascent ransomware group called Radar/Dispossessor. The effort saw the dismantling of three U.S. servers, three United Kingdom servers, 18 German servers, eight U.S.-based criminal domains, and one German-based criminal domain. Dispossessor is said to be led by […]

LAS VEGAS —  SafeBreach Labs researcher Alon Leviev is calling urgent attention to major gaps in Microsoft’s Windows Update architecture, warning that malicious hackers can launch software downgrade attacks that make the term “fully patched” meaningless on any Windows machine in the world.  During a closely watched presentation at the Black Hat conference today in […]

A team of researchers from the Graz University of Technology in Austria has published a paper on SLUBStick, a new Linux kernel exploitation technique that can make heap vulnerabilities more dangerous. The researchers noted that while the number of Linux kernel flaws has significantly increased in the past years, many issues have limited impact. Software […]

Organizations worldwide are reporting major outages that appear to be caused by a bad update pushed out by cybersecurity giant CrowdStrike (NASDAQ: CRWD). CrowdStrike launched an investigation after receiving widespread reports of Windows hosts experiencing a Blue Screen of Death (BSOD). In the latest update provided at the time of writing the company said it’s in […]