CISA Warns Samsung Handset Bugs and D-Link Router Flaws are Being Exploited in Wild
The most severe Samsung bug is a vulnerability (CVE-2021-25487) classified as an out-of-bounds read error impacting the handset modem interface driver. The flaw can lead to arbitrary code execution by an adversary. Both Samsung and NIST classified the bug as “high severity”. Read More

US Military Personnel Receiving Unsolicited, Suspicious Smartwatches
The US Army says soldiers say unsolicited, suspicious smartwatches are being sent to soldiers, exposing them to malware attacks. Read More

Chatgpt Creates Mutating Malware That Evades Detection By Edr
Mutating, or polymorphic, malware can be built using the ChatGPT API at runtime to effect advanced attacks that can evade endpoint detections and response (EDR) applications. Read More

Studies Show Ransomware Has Already Caused Patient Deaths
No patient deaths have been definitively attributed to cyber attacks on hospitals, but some infosec experts say that statistical evidence shows a different, grim reality. Read More

Three-Quarters of Firms Predict Breach in Coming Year
Most said it was “somewhat to very likely” that they’d suffer a breach of customer data (70%) or IP (69%), or a successful cyber-attack (78%). Read More

US Cyberwarriors Thwarted 2020 Iran Election Hacking Attempt
Iranian hackers broke into a system used by a local government to support its election night operations but were kicked out before any attack could be launched, according to U.S. military and cybersecurity officials. Read More

Windows Zero-Day Exploited by Cybercriminals in Ransomware Attacks
The issue is an unspecified vulnerability in the CLFS driver that allows for privilege escalation. A local attacker can exploit this vulnerability to gain SYSTEM privileges. The vulnerability is easy to exploit and could be triggered without user interaction. Read More

Outlook Zero-Day Needs Quick Patching: Microsoft
The privilege elevation/authentication affects all supported versions of Microsoft Outlook for Windows, including Microsoft 365, Microsoft Office 2019, Microsoft Outlook 2016, and Microsoft Outlook 2013. Read More

Microsoft Lays off Team Responsible for AI Ethics
What was left of the team has now been wiped out completely. Read More

Cybercrime Groups Offer Six-Figure Salaries, bonuses, Paid Time Off to Attract Talent on Dark Web
Cybercriminals are offering high salaries and perks to attract the best. Some ads boasted annual salaries as high as $1.2 million for the skilled hackers. Read More