Five new security weaknesses have been disclosed in Dell BIOS that, if successfully exploited, could lead to code execution on vulnerable systems, joining the likes of firmware vulnerabilities recently uncovered in Insyde Software’s InsydeH2O and HP Unified Extensible Firmware Interface (UEFI). Tracked as CVE-2022-24415, CVE-2022-24416, CVE-2022-24419, CVE-2022-24420, and CVE-2022-24421, the high-severity vulnerabilities are rated 8.2
Technology
Realme Narzo 50A Prime has been launched in Indonesia. The new smartphone sports a 6.6-inch full-HD+ display that offers 600 nits of peak brightness. Realme Narzo 50A Prime is powered by a Unisoc T612 SoC, paired with 4GB of RAM and up to 128GB of onboard storage. The smartphone features an AI triple rear camera
A novel phishing technique called browser-in-the-browser (BitB) attack can be exploited to simulate a browser window within the browser in order to spoof a legitimate domain, thereby making it possible to stage convincing phishing attacks. According to penetration tester and security researcher, who goes by the handle mrd0x_, the method takes advantage of third-party single
OnePlus 10 Pro was recently teased by the company to launch soon in India. This flagship offering is powered by a Snapdragon 8 Gen 1 SoC, paired with up to 12GB of RAM. The Chinese tech giant is soon expected to confirm the launch date of the OnePlus 10 Pro. OnePlus is also planning the
Researchers have exposed a new targeted email campaign aimed at French entities in the construction, real estate, and government sectors that leverages the Chocolatey Windows package manager to deliver a backdoor called Serpent on compromised systems. Enterprise security firm Proofpoint attributed the attacks to a likely advanced threat actor based on the tactics and the
Oppo A96 and Oppo A76 were launched in India on Monday. Both Oppo phones come with a hole-punch display design and are equipped with an octa-core Qualcomm Snapdragon 680 SoC. The phones also have 33W fast charging support and carry dual rear cameras. However, the Oppo A96 carries a large full-HD+ display, whereas the Oppo
OnePlus 10 Pro — the upcoming flagship smartphone from the Chinese company — is set to debut in global markets later this month. Ahead of the launch, the company has teased the launch of a new smartphone in India, which can be safely assumed to be none other than the OnePlus 10 Pro. The premium
Oppo K10 specifications have been shared by a tipster, giving us an idea of what to expect from the upcoming smartphone. The Chinese company recently confirmed that the Oppo K10 will launch on March 23. Oppo has also teased some of the specifications of the handset, revealing that it will be powered by a Snapdragon
A newly disclosed security vulnerability in the Kubernetes container engine CRI-O called cr8escape could be exploited by an attacker to break out of containers and obtain root access to the host. “Invocation of CVE-2022-0811 can allow an attacker to perform a variety of actions on objectives, including execution of malware, exfiltration of data, and lateral
The Security Service of Ukraine (SBU) said it has detained a “hacker” who offered technical assistance to the invading Russian troops by providing mobile communication services inside the Ukrainian territory. The anonymous suspect is said to have broadcasted text messages to Ukrainian officials, including security officers and civil servants, proposing that they surrender and take
As a CSIRT consultant, I cannot overemphasize the importance of effectively managing the first hour in a critical incident. Finding out what to do is often a daunting task in a critical incident. In addition, the feeling of uneasiness often prevents an incident response analyst from making effective decisions. However, keeping a cool head and
Microsoft on Wednesday detailed a previously undiscovered technique put to use by the TrickBot malware that involves using compromised Internet of Things (IoT) devices as a go-between for establishing communications with the command-and-control (C2) servers. “By using MikroTik routers as proxy servers for its C2 servers and redirecting the traffic through non-standard ports, TrickBot adds
The malware known as DirtyMoe has gained new worm-like propagation capabilities that allow it to expand its reach without requiring any user interaction, the latest research has found. “The worming module targets older well-known vulnerabilities, e.g., EternalBlue and Hot Potato Windows privilege escalation,” Avast researcher Martin Chlumecký said in a report published Wednesday. “One worm
In what’s yet another act of sabotage, the developer behind the popular “node-ipc” NPM package shipped a new version to protest Russia’s invasion of Ukraine, raising concerns about security in the open-source and the software supply chain. Affecting versions 10.1.1 and 10.1.2 of the library, the changes introduced undesirable behavior by its maintainer RIAEvangelist, targeting
ASUS routers have emerged as the target of a nascent botnet called Cyclops Blink, almost a month after it was revealed the malware abused WatchGuard firewall appliances as a stepping stone to gain remote access to breached networks. According to a new report published by Trend Micro, the botnet’s “main purpose is to build an
Google’s Threat Analysis Group (TAG) took the wraps off a new initial access broker that it said is closely affiliated to a Russian cyber crime gang notorious for its Conti and Diavol ransomware operations. Dubbed Exotic Lily, the financially motivated threat actor has been observed exploiting a now-patched critical flaw in the Microsoft Windows MSHTML
A financially motivated threat actor has been observed deploying a previously unknown rootkit targeting Oracle Solaris systems with the goal of compromising Automatic Teller Machine (ATM) switching networks and carrying out unauthorized cash withdrawals at different banks using fraudulent cards. Threat intelligence and incident response firm Mandiant is tracking the cluster under the moniker UNC2891,
An analysis of two ransomware attacks has identified overlaps in the tactics, techniques, and procedures (TTPs) between BlackCat and BlackMatter, indicating a strong connection between the two groups. While it’s typical of ransomware groups to rebrand their operations in response to increased visibility into their attacks, BlackCat (aka Alphv) marks a new frontier in that
Samsung Galaxy A53 5G and Galaxy A33 5G were launched at the company’s Galaxy A Event on Thursday (March 17). While the Galaxy A53 5G is the descendant of the Galaxy A52 5G that was launched in last March, the Galaxy A33 5G comes as the successor to the Galaxy A32 5G that debuted in
Redmi K50 Pro and Redmi K50 were launched by Xiaomi on Thursday. The smartphones are the flagship models of the Redmi brand, and feature top-end MediaTek SoCs, apart from liquid cooling tech, as well as 120Hz refresh rate and Dolby Vision capable 2K resolution displays. The two 5G-enabled smartphones are currently up for pre-booking, and