Aggregator

A newly demonstrated attack technique has revealed a flaw in how Windows Defender manages its update and execution mechanism. By exploiting symbolic links, attackers can hijack Defender’s service folders, gain full control over its executables, and even disable the antivirus entirely. How the Exploit Works Windows Defender stores its executables inside versioned folders under ProgramData\Microsoft\Windows Defender\Platform. […]

The post Windows Defender Vulnerability Lets Hackers Hijack and Disable Services Using Symbolic Links appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

You must login to view this content

Nearly 500 scientists and researchers have signed an open letter warning that the latest version of the EU’s Chat Control Proposal would weaken digital security while failing to deliver meaningful protection for children. The signatories represent 34 countries and include well-known cryptographer Bart Preneel of KU Leuven, along with researchers from leading institutions such as ETH Zurich, Johns Hopkins University, and the Max Planck Institute for Security and Privacy. The letter responds to a revised … More →

The post Nearly 500 researchers urge EU to rethink controversial CSAM scanning proposal appeared first on Help Net Security.

The North Korean-aligned threat group APT37, also known as ScarCruft, Ruby Sleet, and Velvet Chollima, has evolved its cyber warfare capabilities by deploying sophisticated Rust and Python-based malware in recent campaigns targeting Windows systems. Active since 2012, this advanced persistent threat group continues to focus on South Korean individuals connected to the North Korean regime […]

The post APT37 Deploys New Rust and Python Malware Targeting Windows Systems appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

You must login to view this content

You must login to view this content

Researchers have spotted a malvertising (and clever malware delivery) campaign targeting IT workers in the European Union with fake GitHub Desktop installers. “We believe the goal of this campaign was to gain initial access to organizations for the purposes of malicious activity such as credential theft, infostealing and ransomware deployment,” Arctic Wolf researchers noted. Delivering malware without triggering alerts or suspicion The campaign, which has apparently been running for over half a year, involves a … More →

The post Ongoing malvertising campaign targets European IT workers with fake GitHub Desktop installers appeared first on Help Net Security.