A highly popular malware for stealing information from Windows systems has been modified into a new strain called XLoader, which can also target macOS systems. XLoader is currently being offered on an underground forum as a botnet loader service that can “recover” passwords from web browsers and some email clients […]
Computer
NPM package steals Chrome passwords on Windows via recovery tool
New npm malware has been caught stealing credentials from the Google Chrome web browser by using legitimate password recovery tools on Windows systems. Additionally, this malware listens for incoming connections from the attacker’s C2 server and provides advanced capabilities, such as screen and camera access, directory listing, file lookup, file upload, and shell command execution. […]
Kaseya obtains universal decryptor for REvil ransomware victims
Kaseya received a universal decryptor that allows victims of the July 2nd REvil ransomware attack to recover their files for free. On July 2nd, the REvil ransomware operation launched a massive attack by exploiting a zero-day vulnerability in the Kaseya VSA remote management application to encrypt approximately sixty managed service […]
Major news sites serve porn after vid.me domain takeover
Major news sites including The Washington Post, New York Magazine, and HuffPost, saw their stories now displaying porn videos instead of the once-embedded intended ones. The fiasco happened as prominent websites relied on the domain vid.me to embed streaming videos in their articles. The vid.me domain has been defunct for about four years […]
New PetitPotam attack allows take over of Windows domains
A new NTLM relay attack called PetitPotam has been discovered that allows threat actors to take over a domain controller, and thus an entire Windows domain. Many organizations utilize Microsoft Active Directory Certificate Services, which is a public key infrastructure (PKI) server that can be used to authenticate users, services, […]
Honeywell, Google bring practical quantum computers a big step closer
Honeywell’s quantum computer uses ytterbium atoms trapped in this chamber, about the size of a football, to perform computations. Honeywell Honeywell and Google have detailed dueling demonstrations of logical qubits, a technology that can correct errors in potentially powerful but notoriously finicky quantum computers. In a research paper released Wednesday, Honeywell […]
Microsoft shares workaround for Windows 10 SeriousSAM vulnerability
Microsoft has shared a workaround for a Windows 10 zero-day vulnerability (dubbed SeriousSAM) that can let attackers gain admin rights on vulnerable systems and execute arbitrary code with SYSTEM privileges. As BleepingComputer previously reported, a local elevation of privilege bug found in recently released Windows versions allows users with low privileges to access […]
World’s First Desktop PC RISC-V Board Meets AMD Radeon RX 6700 XT
When SiFive introduced its HiFive Unmatchd RISC-V desktop motherboard for developers last year, it was clear from the start that sooner or later an enthusiast would attempt to try using its U7 SoC for something it is not meant for: general PC usage with high-performance graphics and video decoding. That time has come […]
World of Warcraft players are staging in-game protests against Activision Blizzard
World of Warcraft players are gathering by the hundreds in-game to protest Activision Blizzard after the state of California filed a lawsuit against the company for operating a workplace steeped in sexual harassment, gender discrimination, and “frat boy culture.” Players from both factions have gathered in the city of Oribos, […]
Quantum Computing on a Chip: Brace for the Revolution
In a moment of triumph that’s being hailed as equivalent to the move from room-scale silicon technology down to desk-sized machines, quantum computing has now gone chip-scale — down from the room-scale contraptions you might have seen elsewhere, including in science fiction. The development has been spearheaded by Cambridge-based quantum […]
SonicWall warns of ‘critical’ ransomware risk to EOL SMA 100 VPN appliances
SonicWall has issued an “urgent security notice” warning customers of ransomware attacks targeting unpatched end-of-life (EoL) Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products. “Through the course of collaboration with trusted third parties, SonicWall has been made aware of threat actors actively targeting Secure Mobile Access (SMA) 100 series and […]
Microsoft unveils Windows 11’s beautiful new context menus
Windows 11 preview build 22000.71 is now live in the Dev Channel of the Windows Insider program and it comes with visual improvements for the context menu and various right-click menus. As part of the latest update, Microsoft is refreshing the right-click menu within File Explorer and other apps with Fluent Design […]
Linux version of HelloKitty ransomware targets VMware ESXi servers
The ransomware gang behind the highly publicized attack on CD Projekt Red uses a Linux variant that targets VMware’s ESXi virtual machine platform for maximum damage. As the enterprise increasingly moves to virtual machines for easier backup and resource management, ransomware gangs are evolving their tactics to create Linux encryptors […]
Israeli firm used Windows zero-days to deploy spyware
Microsoft and Citizen Lab have linked Israeli spyware company Candiru (also tracked as Sourgum) to new Windows spyware dubbed DevilsTongue deployed using now patched Windows zero-day vulnerabilities. “Candiru is a secretive Israel-based company that sells spyware exclusively to governments,” Citizen Lab explained in a report published today. “Reportedly, their spyware […]