[ad_1] Vendors of offensive cyber tools have made it easy for any threat group with the right funds to leverage unpatched bugs, FireEye says. Sophisticated advanced persistent threat groups are no longer the only ones leveraging zero-day exploits. An analysis by FireEye of exploit activity last year showed that more cyberattackers exploited more zero-day vulnerabilities
[ad_1] The lack of an attack has puzzled some security experts, but the general advice remains that companies should patch their vulnerable systems more quickly. When Microsoft originally issued an alert for a remotely exploitable software flaw in mid-May, security firms immediately drew analogies between the danger posed by the so-called “BlueKeep” vulnerability and the
[ad_1] Exploitation of CVE-2018-8453 grants attackers the highest level of privileges on a target system. In a world where ransomware runs rampant, Sodin stands out. The newly discovered malware exploits Windows vulnerability CVE-2018-8453 to elevate privileges — a rarity for ransomware. Kaspersky Lab researchers have been watching Sodin, also known as Sodinokibi and REvil, since
[ad_1] Exploits give attackers a way to create havoc in business-critical SAP ERP, CRM, SCM, and other environments, Onapsis says. Exploits targeting a couple of long-known misconfiguration issues in SAP environments have become publicly available, putting close to 1 million systems running the company’s software at risk of major compromise. Risks include attackers being able
[ad_1] With Flash Player on way out, attackers are renewing their focus on Acrobat Reader, RiskSense found. Malware authors weaponized more Adobe software vulnerabilities in 2018 than any previous year while the actual number of newly disclosed security flaws in the company’s products dropped significantly since reaching an all-time-high in 2016. Security vendor RiskSense recently
[ad_1] A new exploit developed by eGobbler is allowing it to distribute malvertisements-more than 500 million to date-at huge scale, Confiant says. In one of the biggest malvertising campaigns in the last 18 months, a previously known threat group called eGobbler is taking advantage of a security bug in Google’s Chrome browser to target millions of
[ad_1] Problem lies in the manner in which Word handles integer overflow errors in OLE file format, Mimecast says. The manner in which Microsoft Word handles integer overflow errors in the Object Linking and Embedding (OLE) file format has given attackers a way to sneak weaponized Word documents past enterprises sandboxes and other anti-malware controls.