Category: Cyber Security

Microsoft has fixed an issue causing some Microsoft 365 users’ Outlook desktop clients to stop connecting to email servers via Exchange ActiveSync. Exchange ActiveSync (EAS) is a synchronization protocol used by Microsoft Exchange to allow users to access their email, calendar, contacts, and tasks. EAS uses HTTP and XML to communicate and synchronize data between […]

Feb 29, 2024NewsroomRootkit / Threat Intelligence The notorious Lazarus Group actors exploited a recently patched privilege escalation flaw in the Windows Kernel as a zero-day to obtain kernel-level access and disable security software on compromised hosts. The vulnerability in question is CVE-2024-21338 (CVSS score: 7.8), which can permit an attacker to gain SYSTEM privileges. It […]

The FBI and the US Cybersecurity and Infrastructure Security Agency (CISA) have released details on the tactics and techniques threat actors are using to deploy the Phobos ransomware strain on target networks. The advisory is part of an ongoing stop-ransomware effort by the two entities working in collaboration with the Multi-State Information Sharing and Analysis […]

Authored By Anuradha McAfee Labs has recently observed a new wave of phishing attacks. In this wave, the attacker has been abusing server-parsed HTML (SHTML) files. The SHTML files are commonly associated with web servers redirecting users to malicious, credential-stealing websites or display phishing forms locally within the browser to harvest user-sensitive information.  SHTML Campaign […]

Microsoft patched a high-severity Windows Kernel privilege escalation vulnerability in February, six months after being informed that the flaw was being exploited as a zero-day. Tracked as CVE-2024-21338, the security flaw was found by Avast Senior Malware Researcher Jan Vojtěšek in the appid.sys Windows AppLocker driver and reported to Microsoft last August as an actively exploited […]

Feb 29, 2024The Hacker NewsAttack Surface / Incident Response As an IT leader, staying on top of the latest cybersecurity developments is essential to keeping your organization safe. But with threats coming from all around — and hackers dreaming up new exploits every day — how do you create proactive, agile cybersecurity strategies? And what […]

COMMENTARY Long before I was a cybersecurity manager, I was an individual contributor. I made many mental notes for myself about what I liked and saw that worked well for teams to gel and thrive. I also experienced, lived through, and survived tougher situations, where a manager was not understanding his or her team 100% […]