NPM package steals Chrome passwords on Windows via recovery tool

New npm malware has been caught stealing credentials from the Google Chrome web browser by using legitimate password recovery tools on Windows systems. Additionally, this malware listens for incoming connections from the attacker’s C2 server and provides advanced capabilities, such as screen and camera access, directory listing, file lookup, file upload, and shell command execution. […]

Major news sites serve porn after vid.me domain takeover

Major news sites including The Washington Post, New York Magazine, and HuffPost, saw their stories now displaying porn videos instead of the once-embedded intended ones. The fiasco happened as prominent websites relied on the domain vid.me to embed streaming videos in their articles. The vid.me domain has been defunct for about four years […]

New PetitPotam attack allows take over of Windows domains

A new NTLM relay attack called PetitPotam has been discovered that allows threat actors to take over a domain controller, and thus an entire Windows domain. Many organizations utilize Microsoft Active Directory Certificate Services, which is a public key infrastructure (PKI) server that can be used to authenticate users, services, […]

Honeywell, Google bring practical quantum computers a big step closer

Honeywell’s quantum computer uses ytterbium atoms trapped in this chamber, about the size of a football, to perform computations. Honeywell Honeywell and Google have detailed dueling demonstrations of logical qubits, a technology that can correct errors in potentially powerful but notoriously finicky quantum computers. In a research paper released Wednesday, Honeywell […]

Microsoft shares workaround for Windows 10 SeriousSAM vulnerability

Microsoft has shared a workaround for a Windows 10 zero-day vulnerability (dubbed SeriousSAM) that can let attackers gain admin rights on vulnerable systems and execute arbitrary code with SYSTEM privileges. As BleepingComputer previously reported, a local elevation of privilege bug found in recently released Windows versions allows users with low privileges to access […]

Quantum Computing on a Chip: Brace for the Revolution

In a moment of triumph that’s being hailed as equivalent to the move from room-scale silicon technology down to desk-sized machines, quantum computing has now gone chip-scale — down from the room-scale contraptions you might have seen elsewhere, including in science fiction.  The development has been spearheaded by Cambridge-based quantum […]

SonicWall warns of ‘critical’ ransomware risk to EOL SMA 100 VPN appliances

SonicWall has issued an “urgent security notice” warning customers of ransomware attacks targeting unpatched end-of-life (EoL) Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products. “Through the course of collaboration with trusted third parties, SonicWall has been made aware of threat actors actively targeting Secure Mobile Access (SMA) 100 series and […]

Israeli firm used Windows zero-days to deploy spyware

Microsoft and Citizen Lab have linked Israeli spyware company Candiru (also tracked as Sourgum) to new Windows spyware dubbed DevilsTongue deployed using now patched Windows zero-day vulnerabilities. “Candiru is a secretive Israel-based company that sells spyware exclusively to governments,” Citizen Lab explained in a report published today. “Reportedly, their spyware […]