Microsoft MFA AuthQuake Flaw Enabled Unlimited Brute-Force Attempts Without Alerts

Actualités
Cybersecurity researchers have flagged a "critical" security vulnerability in Microsoft's multi-factor authentication (MFA) implementation that allows an attacker to trivially sidestep the protection and gain unauthorized access to a victim's account. "The bypass was simple: it took around an hour to execute, required no user interaction and did not generate any notification or provide the
Read More

ZLoader Malware Returns With DNS Tunneling to Stealthily Mask C2 Comms

Actualités
Cybersecurity researchers have discovered a new version of the ZLoader malware that employs a Domain Name System (DNS) tunnel for command-and-control (C2) communications, indicating that the threat actors are continuing to refine the tool after resurfacing a year ago. "Zloader 2.9.4.0 adds notable improvements including a custom DNS tunnel protocol for C2 communications and an interactive shell
Read More

Chinese EagleMsgSpy Spyware Found Exploiting Mobile Devices Since 2017

Actualités
Cybersecurity researchers have discovered a novel surveillance program that's suspected to be used by Chinese police departments as a lawful intercept tool to gather a wide range of information from mobile devices. The Android tool, codenamed EagleMsgSpy by Lookout, has been operational since at least 2017, with artifacts uploaded to the VirusTotal malware scanning platform as recently as
Read More

Researchers Uncover Espionage Tactics of China-Based APT Groups in Southeast Asia

Actualités
A suspected China-based threat actor has been linked to a series of cyber attacks targeting high-profile organizations in Southeast Asia since at least October 2023. The espionage campaign targeted organizations in various sectors spanning government ministries in two different countries, an air traffic control organization, a telecoms company, and a media outlet, the Symantec Threat Hunter Team
Read More

Patch Tuesday, December 2024 Edition (Krebs on Security)

Actualités, Sécurité
Microsoft today released updates to plug at least 70 security holes in Windows and Windows software, including one vulnerability that is already being exploited in active attacks. The zero-day seeing exploitation involves CVE-2024-49138, a security weakness in the Windows Common Log File System (CLFS) driver — used by applications to write transaction logs — that could let an authenticated attacker gain “system” level privileges on a vulnerable Windows device. The security firm Rapid7 notes there have been a series of zero-day elevation of privilege flaws in CLFS over the past few years. “Ransomware authors who have abused previous CLFS vulnerabilities will be only too pleased to get their hands on a fresh one,” wrote Adam Barnett, lead software engineer at Rapid7. “Expect more CLFS zero-day vulnerabilities to emerge in the…
Read More

Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability

Actualités
Microsoft closed out its Patch Tuesday updates for 2024 with fixes for a total of 72 security flaws spanning its software portfolio, including one that it said has been exploited in the wild. Of the 72 flaws, 17 are rated Critical, 54 are rated Important, and one is rated Moderate in severity. Thirty-one of the vulnerabilities are remote code execution flaws, and 27 of them allow for the
Read More