Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines (CVE-2022-29799, CVE-2022-29800)

Microsoft has unearthed two security vulnerabilities (CVE-2022-29799, CVE-2022-29800) in the networkd-dispatcher daemon that may be exploited by attackers to gain root on many Linux endpoints, allowing them to deploy backdoors, malware, ransomware, or perform other malicious actions. About the vulnerabilities (CVE-2022-29799, CVE-2022-29800) CVE-2022-29799 is a directory traversal bug; CVE-2022-29800 is a time-of-check-time-of-use (TOCTOU) race condition […]

Continue Reading

How hackers could use popular virtual reality headsets to steal sensitive information

Researchers at Rutgers University-New Brunswick have published “Face-Mic,” the first work examining how voice command features on virtual reality headsets could lead to major privacy leakages, known as eavesdropping attacks. The research shows that hackers could use popular virtual reality (AR/VR) headsets with built in motion sensors to record subtle, speech-associated facial dynamics to steal […]

Continue Reading

Preventing software security vulnerabilities with automation

A team of UTSA researchers is exploring how a new automated approach could prevent software security vulnerabilities. The team sought to develop a deep learning model that could teach software how to extract security policies automatically. Unlike traditional software models, the agile software development process is meant to produce software at a faster pace, eliminating […]

Continue Reading

Campaigns abusing corporate trusted infrastructure hunt for corporate credentials on ICS networks

Main facts Kaspersky ICS CERT has uncovered a number of spyware campaigns targeting industrial enterprises. Operators of these campaigns hunt for corporate credentials, aiming to commit financial fraud or to sell them to other malicious actors. Spearphishing emails with malicious attachments sent from compromised corporate mailboxes to their contacts. The attackers use off-the-shelf spyware, but […]

Continue Reading

How and why do we attack our own Anti-Spam?

We often use machine-learning (ML) technologies to improve the quality of cybersecurity systems. But machine-learning models can be susceptible to attacks that aim to “fool” them into delivering erroneous results. This can lead to significant damage to both our company and our clients. Therefore, it is vital that we know about all potential vulnerabilities in […]

Continue Reading