Author: Admin

A flaw in the MSHTML engine that lets an attacker use a malicious Office document to install malware is currently being used against the energy, industrial, banking, medical tech, and other sectors. BeeBright, Getty Images/iStockphoto A recently reported security vulnerability in Microsoft’s MSHTML browser engine is being found all over the world, and Kaspersky said it “expects to see an increase in attacks using this vulnerability.” MSHTML is the under-the-hood browser engine that is found…

More Native American tribes are going to be given enhanced access to critical databases containing national crime information for the United States. In an announcement made September 16, the Department of Justice said that 12 tribes have been newly selected to participate in the Tribal Access Program for National Crime Information (TAP), bringing the total number of federally recognized participating tribes to 108. TAP was set up in 2015 after tribal leaders raised concerns about not being able to…

A cyber-criminal who defrauded American telecommunications giant AT&T out of more than $200m through a phone-unlocking bribery scheme has been sentenced to prison. Muhammad Fahd, a 35-year-old citizen of Pakistan and Grenada, led a seven-year conspiracy in which AT&T employees were bribed to unlawfully unlock nearly two million customers’ cell phones for profit. The plot began in 2012 when Fahd colluded with others to recruit AT&T staff working at a call center in Bothell, Washington. The employees…

Agents installed by default on Azure Linux virtual machines are vulnerable to a remote code execution flaw that can be exploited with a single request. Background On September 14, researchers at Wiz disclosed a set of four vulnerabilities in Microsoft’s Open Management Infrastructure (OMI), an open source Common Information Model (CIM) management server used for managing Unix and Linux systems. CVE Description CVSSv3 VPR …

Antivirus vendor Bitdefender has launched a free universal decryption tool to help victims of REvil ransomware, also known as Sodinokibi. The new tool, which was made available on Thursday, can restore many files impacted by the crypto-locking malware before July 13, 2021. However, the tool’s instructions include the warning that “some versions” of REvil “are not yet decryptable.” REvil victims can download the tool and a step-by-step tutorial on how to use it via the Bitdefender website. The free decryptor is…

An August Beyond Identity report takes a look at people’s password protection habits as well as their tendencies to guess other folk’s passwords. Image: GettyImages/GaudiLab In recent months, a slew of cyberattacks has hamstrung critical aspects of U.S. infrastructure including domestic meat and petroleum production as network security concerns take center stage amid soaring ransomware payouts. Last month, Beyond Identity published the results of a survey highlighting password protection habits, office password “guessing games” and…