It is learnt that a new fileless attack method that exploits the Microsoft Windows Error Reporting (WER) service is the handiwork of an unknown hacking group. The attack vector, as per Malwarebytes security researchers Hossein Jazi and Jérôme Segura, hinges on malware interring itself in WER-based executables to dodge igniting Continue Reading
Firmware security company Eclypsium disclosed on Wednesday that a critical GRUB2 bootloader vulnerability, which can be exploited to install stealthy malware, has impacted billions of Windows and Linux devices. Tracked as CVE-2020-10713 and termed BootHole, the flaw has a CVSS score of 8.2, with Eclypsium saying that it impacts all Continue Reading
What is hardening? Based on the principle of least privilege, hardening is about minimizing the attack surface available to the hackers and other threat actors. Hardening is an essential part of information security and includes the principles of deter, deny, delay and detection. What is OS hardening? This is the Continue Reading
This week, cybersecurity investigators found a new type of ransomware attacking macOS users that spreads through plagiarized apps. As per many independent reports, the ransomware variant — called “EvilQuest” — is packed along with genuine apps, which once installed, camouflages itself as Apple’s CrashReporter or Google Software Update. As well Continue Reading
On Tuesday, technology giant Microsoft came up with two out-of-band security updates to fix two flaws in the Microsoft Windows Codecs Library. The two bugs, tracked as CVE-2020-1425 & CVE-2020-1457, only affect Windows 10 and Windows Server 2019 distributions. The software behemoth said the two security vulnerabilities can be abused with the Continue Reading
By