Knock, Knock: Aiphone Bug Allows Cyberattackers to Literally Open (Physical) Doors
A vulnerability in a series of popular digital door-entry systems offered by Aiphone can enable hackers to breach the entry systems — simply by utilizing a mobile device and...
5 Easy Steps to Bypass Google Pixel Lock Screens
The November 2022 Android update includes a remediation for a bug that could allow an attacker to bypass the Google Pixel lock screen. The researcher behind the discovery, David Schütz, reported...
Evasive KmsdBot Cryptominer/DDoS Bot Targets Gaming, Enterprises
A just-discovered evasive malware takes advantage of a key Internet-facing protocol to gain entry onto enterprise systems to mine cryptocurrency, launch distributed denial-of-service (DDoS) attacks, and gain a foothold...
LockBit Bigwig Arrested for Ransomware Crimes
One of LockBit's alleged ringleaders has been arrested in Ontario, Canada and is on his way to the US to face charges related to ransomware attacks against at least...
Malicious Python Package Relies on Steganography to Download Malware
Check Point Research has detected a malicious open source code package that uses steganography to hide malicious code inside image files.The malicious package was available on PyPI, a package index...
Cloud9 Malware Offers a Paradise of Cyberattack Methods
A malicious browser extension that works on both Google Chrome and Microsoft Edge allows attackers to remotely take over someone's browser session and carry out a full range of...
Microsoft Quashes Bevy of Actively Exploited Zero-Days for November Patch Tuesday
Microsoft finally patched the publicly known "ProxyNotShell" and Mark of the Web (MotW) security vulnerabilities in its penultimate monthly security update for 2022 — two of six zero-day bugs...
Retail Sector Prepares for Annual Holiday Cybercrime Onslaught
For companies in the retail and hospitality sector, the holiday shopping season represents their busiest time of year, both for sales and fighting cybercrime threats.
This year is no different, with companies...
SolarWinds Faces Potential SEC Enforcement Act Over Orion Breach
The US Securities and Exchange Commission (SEC) appears poised to take enforcement action against SolarWinds for the enterprise software company's alleged violation of federal securities laws when making statements...
