Over Security

Over Security

33573 bookmarks
Custom sorting
Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit
Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit
Exploit code has been released for an unpatched Windows privilege escalation flaw reported privately to Microsoft, allowing attackers to gain SYSTEM or elevated administrator permissions.
·bleepingcomputer.com·
Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit
Microsoft removes Support and Recovery Assistant from Windows
Microsoft removes Support and Recovery Assistant from Windows
Microsoft has deprecated and removed the Support and Recovery Assistant (SaRA) command-line utility from all in-support versions of Windows updates starting March 10.
·bleepingcomputer.com·
Microsoft removes Support and Recovery Assistant from Windows
Microsoft links Medusa ransomware affiliate to zero-day attacks
Microsoft links Medusa ransomware affiliate to zero-day attacks
Microsoft says that Storm-1175, a China-based financially motivated cybercriminal group known for deploying Medusa ransomware payloads, has been deploying n-day and zero-day exploits in high-velocity attacks.
·bleepingcomputer.com·
Microsoft links Medusa ransomware affiliate to zero-day attacks
Drift $280M crypto theft linked to 6-month in-person operation
Drift $280M crypto theft linked to 6-month in-person operation
The Drift Protocol says that the $280+ million hack it suffered last week was the result of a long-term, carefully planned operation that included building "a functioning operational presence inside the Drift ecosystem."
·bleepingcomputer.com·
Drift $280M crypto theft linked to 6-month in-person operation
CISA orders feds to patch Fortinet flaw exploited in attacks by Friday
CISA orders feds to patch Fortinet flaw exploited in attacks by Friday
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to secure FortiClient Enterprise Management Server (EMS) instances against an actively exploited vulnerability by Friday.
·bleepingcomputer.com·
CISA orders feds to patch Fortinet flaw exploited in attacks by Friday
Why Simple Breach Monitoring is No Longer Enough
Why Simple Breach Monitoring is No Longer Enough
Infostealers are harvesting credentials and session cookies at scale, bypassing traditional defenses. Lunar explains why simple breach monitoring alone can't keep up with modern credential-based attacks.
·bleepingcomputer.com·
Why Simple Breach Monitoring is No Longer Enough
North Korea Spent 6 Months Infiltrating Drift Protocol Only to Drain $285M in 12 Mins
North Korea Spent 6 Months Infiltrating Drift Protocol Only to Drain $285M in 12 Mins
The message Drift Protocol posted to X on April 1, opened with an unusual disclaimer: "This is not an April Fools joke." Within hours, the reason became clear. A $285 million exploit had wiped out more than half of the Solana-based decentralized perpetual futures exchange's total value.
·thecyberexpress.com·
North Korea Spent 6 Months Infiltrating Drift Protocol Only to Drain $285M in 12 Mins
Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab
Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab
An elusive hacker who went by the handle "UNKN" and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face. Authorities in Germany say 31-year-old Russian Daniil Maksimovich Shchukin headed both cybercrime gangs and…
·krebsonsecurity.com·
Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab