Unpatched Microsoft Exchange Servers abused in new phishing campaign

The noteworthy aspect of this phishing campaign is that the emails were sent as replies to previously sent messages, due to which these appeared legit. According to the IT security…

Printing Shellz: Critical bugs impacting 150 HP printer models patched

F-Secure HP has patched critical flaws impacting approximately 150 printer models.  Printers are usually connected to business networks — and potentially forgotten when it comes to security — so they…

Cyber Essentials Set for Major Update in 2022

Cyber Essentials Set for Major Update in 2022 The UK government’s best practice cybersecurity framework is set to undergo the “biggest overhaul” of its technical controls since it was introduced…

Education sees the highest ransomware recovery cost compared to other sectors

John Shier is a senior security advisor at Sophos with more than two decades of cybersecurity experience. He is passionate about protecting consumers and organizations from advanced threats and has…

Unpatched Windows Zero-Day Allows Privileged File Access

A temporary fix has been issued for CVE-2021-24084, which can be exploited using the LPE exploitation approach for the HiveNightmare/SeriousSAM bug. An unpatched Windows security vulnerability could allow information disclosure…

Over 300,000 Android users have downloaded these banking trojan malware apps, say security researchers

Over 300,000 Android smartphone users have downloaded what have turned out to be banking trojans after falling victim to malware which has bypassed detection by the Google Play app store. …

30% of Android Smartphones Impacted by Mediatek Vulnerabilities

Researchers have discovered four Mediatek vulnerabilities that, if successfully exploited would have permitted malicious hackers to perform a series of actions like Android phone calls eavesdropping, commands execution and increased…

UK Introduces New Cybersecurity Legislation for IoT Devices

UK Introduces New Cybersecurity Legislation for IoT Devices The UK government has today introduced new legislation to Parliament that aims to better protect consumers’ IoT devices from hackers. The Product Security…

Attackers Actively Target Windows Installer Zero-Day

Researcher discovered a “more powerful” variant of an elevation-of-privilege flaw for which Microsoft released a botched patch earlier this month. Attackers are actively exploiting a Windows Installer zero-day vulnerability that…