AMD: Fixes For High-Severity SMM Callout Flaws Upcoming
AMD has fixed one high-severity vulnerability affecting its client and embedded processors; fixes for the other two will come out later in June.
Web skimming with Google Analytics
Web skimming is a common class of attacks generally aimed at online shoppers. The principle is quite simple: malicious code is injected into the compromised site, which collects and sends user-entered data to a cybercriminal resource. If the attack is successful, the cybercriminals gain access to shoppers’ payment information. To make the data flow to…
Former DIA Analyst Sentenced to Prison Over Data Leak
A former Defense Intelligence Agency analyst leaked classified information to two journalists – one of whom he was dating – shedding light on insider threats.
News Wrap: Malicious Chrome Extensions Removed, CIA ‘Woefully Lax’ Security Policies Bashed
Insider threats, the CIA’s bad security policies, and malicious Chrome extensions were the topics of discussion during this week’s news wrap podcast.
Netgear Zero-Day Allows Full Takeover of Dozens of Router Models
An unpatched vulnerability in the web server of device firmware gives attackers root privileges, researchers said.
Microcin is here
In February 2020, we observed a Trojan injected into the system process memory on a particular host. The target turned out to be a diplomatic entity. What initially attracted our attention was the enterprise-grade API-like (application programming interface) programming style. Such an approach is not that common in the malware world and is mostly used…
Google Yanks 106 ‘Malicious’ Chrome Extensions
Trojan Chrome browser extensions spied on users and maintained a foothold on the networks of financial services, oil and gas, media and entertainment, healthcare and pharmaceuticals and government organizations.
Facebook’s FTC-Mandated Privacy Committee Now in Effect
Facebook will report its privacy practices to both the committee, the FTC, and to a third-party assessor.
IcedID Banker is Back, Adding Steganography, COVID-19 Theme
The malware has boosted its anti-detection capabilities in a new email campaign.
Cisco Webex, Router Bugs Allow Code Execution
High-severity flaws plague Cisco’s Webex collaboration platform, as well as its RV routers for small businesses.