The Lapsus$ extortionist group has returned from a “vacation” despite the recent arrest of seven of its members. The cybercriminals’ Telegram channel published data allegedly stolen from the Globant software development company. As evidence of the hack, the hackers first posted a screenshot showing a list of folders with the names of various companies from… Continue reading Hack group Lapsus$ returned from “vacation” and announced the hacking of Globant
Tag: Microsoft
British police announced the arrest of several members of the Lapsus$ group
Recently, the hack group Lapsus$ mentioned that several of its members were going on vacation, and soon law enforcements in the UK announced the arrest of seven alleged members of Lapsus$. The hack group Lapsus$ has only recently entered the scene, but has already compromised Microsoft, Nvidia, Ubisoft and other major companies. One of the… Continue reading British police announced the arrest of several members of the Lapsus$ group
Lapsus$ hack group stole the source codes of Microsoft products
The Lapsus$ hack group has released the source codes for Bing, Cortana, and other Microsoft products allegedly stolen from an internal Microsoft Azure DevOps server. Over the weekend, a screenshot appeared on the Lapsus$ Telegram channel demonstrating that hackers attacked the Microsoft Azure DevOps server and got to the sources of Bing, Cortana and various… Continue reading Lapsus$ hack group stole the source codes of Microsoft products
Google analysts noticed that software vendors began to fix Zero-day vulnerabilities faster
Google Project Zero specialists presented a report according to which software vendors began to fix 0-day vulnerabilities faster. For example, last year organizations needed less time than in previous years to fix 0-day vulnerabilities discovered by experts. On average, companies took 52 days to fix bugs, while three years ago they needed an average of… Continue reading Google analysts noticed that software vendors began to fix Zero-day vulnerabilities faster
0-day vulnerability remained unpatched for 2 years due to Microsoft bug bounty issues
As part of January Patch Tuesday, Microsoft fixed a dangerous 0-day privilege escalation vulnerability for which a PoC exploit is available online. The vulnerability is already being exploited in attacks by highly skilled hacker groups. The exploit was published by Privacy Piiano founder and CEO Gil Dabah, who discovered the vulnerability two years ago. Daba… Continue reading 0-day vulnerability remained unpatched for 2 years due to Microsoft bug bounty issues
Zerodium offers up to $400,000 for exploits for Microsoft Outlook
Well-known exploit and vulnerability broker Zerodium announced that it is ready to pay up to $400,000 for zero-day vulnerabilities and exploits that will allow remote code execution in the Microsoft Outlook email client. Previously, the maximum payout was $250,000. For similar bugs in Mozilla Thunderbird, the company is willing to pay up to $200,000. Let… Continue reading Zerodium offers up to $400,000 for exploits for Microsoft Outlook
TrickBot causes crashes on the machines when cybersecurity experts studying it
TrickBot malware has received new features that make it more difficult to investigate and detect — for example, TrickBot has learned to crash the browser when suspicious manipulations are detected. TrickBot is one of the most famous and “successful” malware to date. The malware was first noticed back in 2015, shortly after a series of… Continue reading TrickBot causes crashes on the machines when cybersecurity experts studying it
Pornographic virus alert from Microsoft
Microsoft shows you the banner which states that your PC is infected with a “Pornographic virus”? It seems that someone wants to involve you in a popular online tech support scam, called “Pornographic virus alert from Microsoft”. But how can they do it with a single banner? That article will show you the whole mechanism… Continue reading Pornographic virus alert from Microsoft
Microsoft discovered the WhisperGate wiper attacking Ukrainian users
Microsoft says it discovered a destructive attack on Ukrainian users using the WhisperGate wiper, which tried to impersonate a ransomware, but in fact did not provide victims with data recovery options. In fact, the detected threat is a classic wiper, that is, malware designed to deliberately destroy data on an infected host. WhisperGate wiper Such… Continue reading Microsoft discovered the WhisperGate wiper attacking Ukrainian users
Critical vulnerability in Office fixed, but macOS update is delayed
As part of the January Patch Tuesday, Microsoft engineers fixed a critical vulnerability in Office that could allow attackers to remotely run malicious code on vulnerable systems. The RCE vulnerability identified as CVE-2022-21840 can be exploited on target devices with even the lowest privileges and in simple attacks that require user interaction. Basically, the user… Continue reading Critical vulnerability in Office fixed, but macOS update is delayed