article thumbnail

TP-Link Router Botnet

Schneier on Security

There is a new botnet that is infecting TP-Link routers: The botnet can lead to command injection which then makes remote code execution (RCE) possible so that the malware can spread itself across the internet automatically.

article thumbnail

Microsoft Patch Tuesday, November 2023 Edition

Krebs on Security

The zero-day threats targeting Microsoft this month include CVE-2023-36025 , a weakness that allows malicious content to bypass the Windows SmartScreen Security feature. Microsoft says it is relatively straightforward for attackers to exploit CVE-2023-36036 as a way to elevate their privileges on a compromised PC.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Microsoft Patch Tuesday, February 2023 Edition

Krebs on Security

Redmond flags CVE-2023-23376 as an “Important” elevation of privilege vulnerability in the Windows Common Log File System Driver , which is present in Windows 10 and 11 systems, as well as many server versions of Windows. Microsoft’s security advisories are somewhat sparse with details about the zero-day bugs. Apple on Feb.

article thumbnail

Microsoft Patch Tuesday, December 2023 Edition

Krebs on Security

The final Patch Tuesday of 2023 is upon us, with Microsoft Corp. Among the critical bugs quashed this month is CVE-2023-35628 , a weakness present in Windows 10 and later versions, as well as Microsoft Server 2008 and later. For example, CVE-2023-35636 , which Microsoft says is an information disclosure vulnerability in Outlook.

Internet 274
article thumbnail

5 Key Findings From the 2023 FBI Internet Crime Report

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). In this eBook, we will look at the 2023 report and explore the most important cybersecurity stats and how to prevent them.

article thumbnail

Microsoft (& Apple) Patch Tuesday, April 2023 Edition

Krebs on Security

On April 7, Apple issued emergency security updates to fix two weaknesses that are being actively exploited, including CVE-2023-28206 , which can be exploited by apps to seize control over a device. CVE-2023-28205 can be used by a malicious or hacked website to install code. Both vulnerabilities are addressed in iOS/iPadOS 16.4.1,

article thumbnail

Why Phishers Love New TLDs Like.shop,top and.xyz

Krebs on Security

A study on phishing data released by Interisle Consulting finds that new gTLDs introduced in the last few years command just 11 percent of the market for new domains, but accounted for roughly 37 percent of cybercrime domains reported between September 2023 and August 2024. The top 5 new gTLDs, ranked by cybercrime domains reported.