[HackerNews] Warning — Hackers Exploiting New Windows Installer Zero-Day Exploit in the Wild

Attackers are actively making efforts to exploit a new variant of a recently disclosed privilege escalation vulnerability to potentially execute arbitrary code on fully-patched systems, once again demonstrating how adversaries move quickly to weaponize a publicly available exploit.
Cisco Talos disclosed that it “detected malware samples in the wild that are attempting to take advantage of this

Source: Read More (The Hacker News)

You might be interested in …

[BleepingComputer] Poland blames Russia for breach, theft of Polish officials’ emails

Poland’s deputy prime minister Jarosław Kaczyński says last week’s breach of multiple Polish officials’ private email accounts was carried out from servers within the Russian Federation. […] Source: Read More (BleepingComputer)

Read More

[BleepingComputer] Google Chrome now 23% faster after JavaScript engine improvements

Google says the latest Google Chrome release comes with a significant performance boost due to newly added improvements to the open-source V8 JavaScript and WebAssembly engine. […] Source: Read More (BleepingComputer)

Read More

[HackerNews] Researchers Bypass SMS-based Multi-Factor Authentication Protecting Box Accounts

All posts, HackerNews

Cybersecurity researchers have disclosed details of a now-patched bug in Box’s multi-factor authentication (MFA) mechanism that could be abused to completely sidestep SMS-based login verification. “Using this technique, an attacker could use stolen credentials to compromise an organization’s Box account and exfiltrate sensitive data without access to the victim’s phone,” Varonis researchers said Source: Read More […]

Read More