Last week Adobe released fixed 6 critical updates in their September 2018 monthly Patch Tuesday. It looks like they missed one, as Adobe released today an out-of-band security update for a critical vulnerability in Adobe Acrobat and Adobe Reader.
The malicious credit card stealing MageCart script behind the British Airlines and Feedify breaches have struck again, but this time against the Newegg online technology retailer.
A vulnerability in Western Digital My Cloud network-attached storage (NAS) that allows an attacker to bypass authentication and take control of the device with administrator permissions remains unpatched almost a year and a half after being reported initially.
Credential stuffing attacks are a growing problem, particularly in the financial sector, where botnets can initiate so many fraudulent login attempts that the wave has the effect of a distributed denial-of-service (DDoS) attack.
A report released today about the activity of Pegasus spyware presents evidence of the tool's use outside the ethical boundaries publicized by its maker.
What may very well be considered a cybercriminal's dream tool is now real and it is hunting Windows and Linux servers: a botnet with self-spreading capabilities that combines cryptomining and ransomware functions.
A critical vulnerability in software from a global vendor of video surveillance equipment puts at risk the security of video feeds from over 100 camera brands and more than 2,500 camera models.
A new round of security updates is available from Apple, fixing bugs in Safari, watchOS, tvOS, and iOS. Some of the vulnerabilities were disclosed ahead of these releases, creating a window of opportunity for ill-intended users.
A new botnet captured the attention of security researchers through its harmless behavior and the use of an original communication channel with its command and control center.
Reports are coming in that Piriform is forcing CCleaner to update to the latest 5.46 version even when users had configured the program to not perform automatic updates. To make matters worse, once the users were upgraded to the latest version, their privacy settings are reset to default, which is to send usage data.
CloudFlare has introduced a new gateway that allows you to easily access content stored on IPFS, or the InterPlanetary File System, through a web browser and without having to install a client.
Microsoft released a security advisory about a denial-of-service vulnerability that could render multiple versions of Windows completely unresponsive and has no mitigation factors, the company says.
A new attack has been discovered that will cause iOS to restart or respring and macOS to freeze simply by visiting a web page that contains certain CSS & HTML. Windows and Linux users are not affected by this bug.
Google has made it so you can see the WWW and M subdomains in Chrome 69 again, but have stated that they will strip WWW again in Chrome 70.
Was a quiet week for new variants, but a bunch of long-running ransomware infections released new variants this week. We had a few from Scarab, a new Dharma variant, and a new Matrix ransomware variant.
Last week the Fallout Exploit kit was distributing the GandCrab ransomware. This week, it has started to distribute a new ransomware called SAVEfiles, for lack of a better name, through malvertising campaigns.
Microsoft extends support for its Antimalware Scan Interface (AMSI) to Office 365 client applications, offering protection against script-based threats at runtime.