[ThreatPost] Windows EoP Bug Detailed by Google Project Zero

Recently discovered malware that helps attackers capture, move and delete data is aimed at organizations’ Microsoft Exchange servers and has the capability to expand into other web applications, researchers at CrowdStrike reported Wednesday. The threat, dubbed IceApple, is used for “post-exploitation” tasks, the researchers said, meaning that “it does not provide access, rather it is […]

At the Internet Storm Center, we like to show how exotic extensions can be used to make victims feel confident to open malicious files. There is  an interesting webpage that maintains a list of dangerous extensions used by attackers: filesec.io[1]. The list is regularly updated and here is an example of malicious file that is currently […]

SonicWall has released patches for a critical-severity vulnerability in the web management interface of multiple firewall appliances. Tracked as CVE-2022-22274 (CVSS score of 9.4), the security flaw is described as a stack-based buffer overflow bug that impacts SonicOS. read more Source: Read More (SecurityWeek RSS Feed)