Update Now: Microsoft Releases Patches for 3 Actively Exploited Windows Vulnerabilities

Update Now: Microsoft Releases Patches for 3 Actively Exploited Windows Vulnerabilities,

Microsoft on Tuesday released security updates to address 75 flaws spanning its product portfolio, three of which have come under active exploitation in the wild.
The updates are in addition to 22 flaws the Windows maker patched in its Chromium-based Edge browser over the past month.
Of the 75 vulnerabilities, nine are rated Critical and 66 are rated Important in severity. 37 out of 75 bugs are

,

Microsoft on Tuesday released security updates to address 75 flaws spanning its product portfolio, three of which have come under active exploitation in the wild.
The updates are in addition to 22 flaws the Windows maker patched in its Chromium-based Edge browser over the past month.
Of the 75 vulnerabilities, nine are rated Critical and 66 are rated Important in severity. 37 out of 75 bugs are

, ,
https://thehackernews.com/2023/02/update-now-microsoft-releases-patches.html

Windows 11 : Microsoft vient de corriger 77 failles de sécurité, dont trois zero day

Windows 11 : Microsoft vient de corriger 77 failles de sécurité, dont trois zero day,

Windows 11

Microsoft vient de publier sa dernière mise à jour de sécurité pour Windows 11. En plus des quelques 77 failles de sécurités qui ont été corrigées, le patch Tuesday de février a également permis de colmater trois failles zero day activement exploitées.

,

Windows 11

Microsoft vient de publier sa dernière mise à jour de sécurité pour Windows 11. En plus des quelques 77 failles de sécurités qui ont été corrigées, le patch Tuesday de février a également permis de colmater trois failles zero day activement exploitées.

, ,
https://www.01net.com/actualites/windows-11-microsoft-vient-de-corriger-77-failles-de-securite-dont-3-zero-day.html

Massive AdSense Fraud Campaign Uncovered – 10,000+ WordPress Sites Infected

Massive AdSense Fraud Campaign Uncovered – 10,000+ WordPress Sites Infected,

The threat actors behind the black hat redirect malware campaign have scaled up their campaign to use more than 70 bogus domains mimicking URL shorteners and infected over 10,800 websites.
« The main objective is still ad fraud by artificially increasing traffic to pages which contain the AdSense ID which contain Google ads for revenue generation, » Sucuri researcher Ben Martin said in a report

,

The threat actors behind the black hat redirect malware campaign have scaled up their campaign to use more than 70 bogus domains mimicking URL shorteners and infected over 10,800 websites.
« The main objective is still ad fraud by artificially increasing traffic to pages which contain the AdSense ID which contain Google ads for revenue generation, » Sucuri researcher Ben Martin said in a report

, ,
https://thehackernews.com/2023/02/massive-adsense-fraud-campaign.html

Python Developers Beware: Clipper Malware Found in 450+ PyPI Packages!

Python Developers Beware: Clipper Malware Found in 450+ PyPI Packages!,

Malicious actors have published more than 451 unique Python packages on the official Python Package Index (PyPI) repository in an attempt to infect developer systems with clipper malware.
Software supply chain security company Phylum, which spotted the libraries, said the ongoing activity is a follow-up to a campaign that was initially disclosed in November 2022.
The initial vector entails using

,

Malicious actors have published more than 451 unique Python packages on the official Python Package Index (PyPI) repository in an attempt to infect developer systems with clipper malware.
Software supply chain security company Phylum, which spotted the libraries, said the ongoing activity is a follow-up to a campaign that was initially disclosed in November 2022.
The initial vector entails using

, ,
https://thehackernews.com/2023/02/python-developers-beware-clipper.html

A CISOs Practical Guide to Storage and Backup Ransomware Resiliency

A CISOs Practical Guide to Storage and Backup Ransomware Resiliency,

One thing is clear. The « business value » of data continues to grow, making it an organization’s primary piece of intellectual property.
From a cyber risk perspective, attacks on data are the most prominent threat to organizations. 
Regulators, cyber insurance firms, and auditors are paying much closer attention to the integrity, resilience, and recoverability of organization data – as well as

,

One thing is clear. The « business value » of data continues to grow, making it an organization’s primary piece of intellectual property.
From a cyber risk perspective, attacks on data are the most prominent threat to organizations. 
Regulators, cyber insurance firms, and auditors are paying much closer attention to the integrity, resilience, and recoverability of organization data – as well as

, ,
https://thehackernews.com/2023/02/a-cisos-practical-guide-to-storage-and.html

Chinese Hackers Targeting South American Diplomatic Entities with ShadowPad

Chinese Hackers Targeting South American Diplomatic Entities with ShadowPad,

Microsoft on Monday attributed a China-based cyber espionage actor to a set of attacks targeting diplomatic entities in South America.
The tech giant’s Security Intelligence team is tracking the cluster under the emerging moniker DEV-0147, describing the activity as an « expansion of the group’s data exfiltration operations that traditionally targeted government agencies and think tanks in Asia

,

Microsoft on Monday attributed a China-based cyber espionage actor to a set of attacks targeting diplomatic entities in South America.
The tech giant’s Security Intelligence team is tracking the cluster under the emerging moniker DEV-0147, describing the activity as an « expansion of the group’s data exfiltration operations that traditionally targeted government agencies and think tanks in Asia

, ,
https://thehackernews.com/2023/02/chinese-hackers-targeting-south.html

Massive HTTP DDoS Attack Hits Record High of 71 Million Requests/Second

Massive HTTP DDoS Attack Hits Record High of 71 Million Requests/Second,

Web infrastructure company Cloudflare on Monday disclosed that it thwarted a record-breaking distributed denial-of-service (DDoS) attack that peaked at over 71 million requests per second (RPS).
« The majority of attacks peaked in the ballpark of 50-70 million requests per second (RPS) with the largest exceeding 71 million, » the company said, calling it a « hyper-volumetric » DDoS attack.
It’s also

,

Web infrastructure company Cloudflare on Monday disclosed that it thwarted a record-breaking distributed denial-of-service (DDoS) attack that peaked at over 71 million requests per second (RPS).
« The majority of attacks peaked in the ballpark of 50-70 million requests per second (RPS) with the largest exceeding 71 million, » the company said, calling it a « hyper-volumetric » DDoS attack.
It’s also

, ,
https://thehackernews.com/2023/02/massive-http-ddos-attack-hits-record.html

Patch Now: Apple’s iOS, iPadOS, macOS, and Safari Under Attack with New Zero-Day Flaw

Patch Now: Apple’s iOS, iPadOS, macOS, and Safari Under Attack with New Zero-Day Flaw

,

Apple on Monday rolled out security updates for iOS, iPadOS, macOS, and Safari to address a zero-day flaw that it said has been actively exploited in the wild.
Tracked as CVE-2023-23529, the issue relates to a type confusion bug in the WebKit browser engine that could be activated when processing maliciously crafted web content, culminating in arbitrary code execution.
The iPhone maker said the

,

Apple on Monday rolled out security updates for iOS, iPadOS, macOS, and Safari to address a zero-day flaw that it said has been actively exploited in the wild.
Tracked as CVE-2023-23529, the issue relates to a type confusion bug in the WebKit browser engine that could be activated when processing maliciously crafted web content, culminating in arbitrary code execution.
The iPhone maker said the

, ,
https://thehackernews.com/2023/02/patch-now-apples-ios-ipados-macos-and.html

Hackers Create Malicious Dota 2 Game Modes to Secretly Access Players’ Systems

Hackers Create Malicious Dota 2 Game Modes to Secretly Access Players’ Systems

,

An unknown threat actor created malicious game modes for the Dota 2 multiplayer online battle arena (MOBA) video game that could have been exploited to establish backdoor access to players’ systems.
The modes exploited a high-severity flaw in the V8 JavaScript engine tracked as CVE-2021-38003 (CVSS score: 8.8), which was exploited as a zero-day and addressed by Google in October 2021.
« Since V8

,

An unknown threat actor created malicious game modes for the Dota 2 multiplayer online battle arena (MOBA) video game that could have been exploited to establish backdoor access to players’ systems.
The modes exploited a high-severity flaw in the V8 JavaScript engine tracked as CVE-2021-38003 (CVSS score: 8.8), which was exploited as a zero-day and addressed by Google in October 2021.
« Since V8

, ,
https://thehackernews.com/2023/02/hackers-create-malicious-dota-2-game.html

Bitcoin : on sait comment les pirates nord-coréens blanchissent les cryptos volées

Bitcoin : on sait comment les pirates nord-coréens blanchissent les cryptos volées,

bitcoin

Les pirates de la Corée du Nord ont amassé un important butin en s’attaquant à des protocoles du monde des cryptomonnaies. Pour blanchir leur trésor, les hackers se sont ensuite tournés vers un nouvel outil : Sinbad.

,

bitcoin

Les pirates de la Corée du Nord ont amassé un important butin en s’attaquant à des protocoles du monde des cryptomonnaies. Pour blanchir leur trésor, les hackers se sont ensuite tournés vers un nouvel outil : Sinbad.

, ,
https://www.01net.com/actualites/bitcoin-comment-pirates-nord-coreens-blanchissent-cryptos-volees.html