Categories: News Tags: AI Tags: ML Tags: LLM Tags: chatgpt Tags: data poisoning Tags: SQL Tags: prompt injection The NCSC has warned about integrating LLMs into your own services or platforms. Prompt injection and data poisoning are just some of…
Category: Malwarebytes Labs
Social Security Numbers leaked in ransomware attack on Ohio History Connection
Categories: News Categories: Ransomware Tags: Ohio History Connection Tags: ransomware Tags: LockBit Tags: SSN Tags: phishing Ohio History Connection acknowledged that in a ransomware attack the attackers may have had access to 7,600 SSNs. (Read more…) The post Social Security…
3 reasons why your endpoint security is not enough
Categories: Business Join our upcoming webinar and learn about weaknesses in your current endpoint security setup and how to address them. (Read more…) The post 3 reasons why your endpoint security is not enough appeared first on Malwarebytes Labs. This…
How “EDR Extra Strength” simplifies traditional EDR complexity
Categories: Business Learn how EDR Extra Strength can help IT teams save time, money, and stop more threats. (Read more…) The post How “EDR Extra Strength” simplifies traditional EDR complexity appeared first on Malwarebytes Labs. This article has been indexed…
Meal delivery service PurFoods announces major data breach
Categories: Business Tags: purfoods Tags: breach Tags: ransomware Tags: data Tags: information We take a look at a breach notice from food delivery service PurFoods. (Read more…) The post Meal delivery service PurFoods announces major data breach appeared first on…
Cisco VPNs without MFA are under attack by ransomware operator
Categories: Business Categories: News Tags: Cisco Tags: VPN Tags: Akira Tags: ransomware Tags: brute-force Tags: credential stuffing Tags: password spraying Several researchers are seeing ransomware attacks targetting Cisco VPNs without MFA (Read more…) The post Cisco VPNs without MFA are…
“An influx of Elons,” a hospital visit, and magic men: Becky Holmes shares more romance scams: Lock and Code S04E18
Categories: Podcast This week on the Lock and Code podcast, we speak with Becky Holmes about how she flips the script on romance scammers, and what more governments should be doing to help. (Read more…) The post “An influx of…
FBI confirms Barracuda patch is not effective for exploited ESG appliances
Categories: Exploits and vulnerabilities Categories: News Tags: Barracuda ESG Tags: CVE-2023-2868 Tags: SEASPY Tags: SUBMARINE Tags: WHIRLPOOL The FBI repeats the warning by Barracuda that all ESG appliances should immediately be replaced because the patch was ineffective. (Read more…) The…
A week in security (August 21 – August 27)
Categories: News Tags: week Tags: security Tags: august Tags: 2023 Tags: trusted advisor Tags: cyrus Tags: A list of topics we covered in the week of August 21 to August 27 of 2023 (Read more…) The post A week in…
2.6 million DuoLingo users have scraped data released
Categories: News Tags: DuoLingo Tags: data breach Tags: email adress Tags: username Tags: real name Using an openly available API, cybercrimnals were able to scrape the data of 2.6 million DuoLingo users. (Read more…) The post 2.6 million DuoLingo users…
Google strengthens its Workplace suite protection
Categories: Business Tags: google Tags: gmail Tags: workplace Tags: protection Tags: sensitive Tags: trigger Tags: business We take a look at how Google is strengthening protections across its Workplace products, and Gmail in particular. (Read more…) The post Google strengthens…
Smart lightbulb and app vulnerability puts your Wi-Fi password at risk
Categories: Business Tags: business Tags: home Tags: personal Tags: router Tags: wi-fi Tags: wireless Tags: network Tags: home Tags: bulb Tags: smart bulb Tags: IoT Tags: app Tags: TP-Link We take a look at reports that a smart lightbulb and…
Update now! Google Chrome’s first weekly update has arrived
Categories: Exploits and vulnerabilities Tags: stable channel Tags: weekly updates Tags: CVE-2023-4427 Tags: CVE-2023-4428 Tags: CVE-2023-4429 Tags: CVE-2023-4430 Tags: CVE-2023-4431 Tags: use after free Tags: out of bounds Tags: heap corruption The first of Chrome’s now weekly security updates fixes…
Teenage members of Lapsus$ ransomware gang convicted
Categories: Business Tags: business Tags: hack Tags: hacked Tags: compromise Tags: lapsus$ Tags: convicted Tags: crime Tags: ransomware Tags: leak Tags: breach A wave of video game developer compromises has come to a court-based conclusion. (Read more…) The post Teenage…
Malwarebytes acquires Cyrus Security
Categories: Personal Cybersecurity isn’t limited to defending against malware anymore; it’s about ensuring your entire digital identity remains unscathed and your private details remain private. (Read more…) The post Malwarebytes acquires Cyrus Security appeared first on Malwarebytes Labs. This article…
Adobe ColdFusion vulnerability exploited in the wild
Categories: Exploits and vulnerabilities Categories: News Tags: Adobe Tags: ColdFusion Tags: CVE-2023-26359 Tags: CVE-2023-26360 Tags: critical Tags: known exploited Tags: deserialization A second Adobe ColdFusion vulnerability that was patched in April has been added to CISA’s known exploited vulnerabilities catalog.…
DarkGate reloaded via malvertising and SEO poisoning campaigns
Categories: Threat Intelligence Tags: darkgate Tags: autoit Tags: malvertising Tags: seo poisoning The new version of the DarkGate malware is currently actively being distributed via malspam, malicious ads and SEO poisoning. (Read more…) The post DarkGate reloaded via malvertising and…
Ivanti Sentry critical vulnerability—don’t play dice, patch
Categories: Exploits and vulnerabilities Categories: News Tags: Ivanti Tags: Sentry Tags: MobileIron Tags: CVE-2023-38035 Tags: MICS Tags: port 8443 There is some uncertainty about whether a vulnerability in Ivanti Sentry is being exploited in the wild, but why take the…
Update now! WinRAR files can be abused to run malware
Categories: Exploits and vulnerabilities Categories: News Tags: WinRAR Tags: CVE-2023-40477 Tags: RCE Tags: Windows 11 A new version of WinRAR is available that patches two vulnerabilities attackers could use for remote code execution. (Read more…) The post Update now! WinRAR…
Alert Prioritization and Guided Remediation: The future of EDR
Categories: Business Defeat alert fatigue using specialized threat intelligence. (Read more…) The post Alert Prioritization and Guided Remediation: The future of EDR appeared first on Malwarebytes Labs. This article has been indexed from Malwarebytes Labs Read the original article: Alert…
A week in security (August 14 – August 20)
Categories: News Tags: Augsut 2023 Tags: week in security A list of topics we covered in the week of August 14 to August 20 of 2023 (Read more…) The post A week in security (August 14 – August 20) appeared…
QR codes used to phish for Microsoft credentials
Categories: News Tags: QR codes Tags: attachment Tags: phishing Tags: Bing Tags: Microsoft Tags: credentials Researchers have been monitoring a phishing campaign that uses QR codes and Bing redirects to lead targets to phishing sites. (Read more…) The post QR…
Chrome will soon start removing extensions that may be unsafe
Categories: Personal Tags: chrome Tags: browser Tags: rogue Tags: malicious Tags: malware Tags: extension Tags: remove Tags: delete Tags: uninstall We take a look at news that Chrome will soon start asking users if they want to remove outdated extensions.…
Trusted Advisor puts you in the security driving seat
Categories: Personal Malwarebytes’ new Trusted Advisor makes security easy with a comprehensive, at-a-glance, real-time assessment. (Read more…) The post Trusted Advisor puts you in the security driving seat appeared first on Malwarebytes Labs. This article has been indexed from Malwarebytes…
Exchange Server security updates updated
Categories: Exploits and vulnerabilities Categories: News Tags: Exchange Tags: CVE-2023-21709 Tags: August update Tags: re-release Microsoft Exchange Server administrators may have to install a re-released security patch (Read more…) The post Exchange Server security updates updated appeared first on Malwarebytes…
Patch now! Citrix Sharefile joins the list of actively exploited file sharing software
Categories: Exploits and vulnerabilities Categories: News Tags: Citrix Tags: ShareFile Tags: CVE-2023-24489 Tags: RCE Tags: unauthenticated Tags: vulnerability Tags: PoC Citrix ShareFile can be exploited remotely by unauthenticated attackers. (Read more…) The post Patch now! Citrix Sharefile joins the list…
Attackers demand ransoms for stolen LinkedIn accounts
Categories: News Tags: LinkedIn Tags: rambler.ru Tags: MFA Tags: brute-force Tags: credential stuffing LinkedIn support channels are being swamped by users that have been locked out of their accounts. (Read more…) The post Attackers demand ransoms for stolen LinkedIn accounts…
Citrix NetScalers backdoored in widespread exploitation campaign
Categories: Exploits and vulnerabilities Categories: News Tags: Citrix Tags: NetScalers Tags: Germany Tags: CVE-2023-3519 Tags: Fox-IT Tags: DIVD Researchers have found almost 2000 backdoored Citrix NetScalers, many of which were patched after the backdoor in the form of a web…
Catching up with WoofLocker, the most elaborate traffic redirection scheme to tech support scams
Categories: Threat Intelligence Tags: tech support scams Tags: fingerprinting Tags: steganography This tech support scam is one of the most long running and covert ones we have ever seen. (Read more…) The post Catching up with WoofLocker, the most elaborate…
Beware malware posing as beta versions of legitimate apps, warns FBI
Categories: News Tags: FBI Tags: warning Tags: beta-testing Tags: malicious code Tags: crypto recovery Tags: scammers The FBI has issued a warning about two related types of fraud, malicious beta-testing apps and crypto recovery schemes. (Read more…) The post Beware…
Malvertisers up their game against researchers
Categories: Threat Intelligence Tags: malvertising Tags: google Tags: ads Tags: malware Tags: fingerprinting Malicious ads via search engine results page are getting harder to identify thanks to advanced fingerprinting techniques (Read more…) The post Malvertisers up their game against researchers…
Discord.io confirms theft of 760,000 members’ data
Categories: News Tags: Discord.io Tags: Discord Tags: data breach Discord.io has confirmed that personally identifiable information of 760,000 members was stolen in a data breach. The third-party Discord service has been shut down for the time being (Read more…) The…
Ford says it’s safe to drive its cars with a WiFi vulnerability
Categories: Exploits and vulnerabilities Categories: News Tags: Ford Tags: Lincoln Tags: SYNC 3 Tags: CVE-2023-29468 Tags: TI WLink Tags: MCP driver A vulnerability in the SYNC 3 infotainment will not have a negative effect on driving safety, says Ford. (Read…
PCMag ranks Malwarebytes #1 cybersecurity vendor
Categories: Business PCMag readers named Malwarebytes the #1 most-recommended security software vendor in its list of Best Tech Brands for 2023. (Read more…) The post PCMag ranks Malwarebytes #1 cybersecurity vendor appeared first on Malwarebytes Labs. This article has been…
A week in security (August 7 – August 13)
Categories: News Tags: Zoom Tags: YouTube Tags: Chrome Tags: TikTok Tags: ransomware Tags: Cloudflare Tags: robocallers Tags: security advisor A list of topics we covered in the week of August 7 to August 13 of 2023 (Read more…) The post…
A new type of “freedom,” or, tracking children with AirTags, with Heather Kelly: Lock and Code S04E17
Categories: Podcast This week on Lock and Code, we speak with Heather Kelly about why how parents are using AirTags to give their kids freedom. (Read more…) The post A new type of “freedom,” or, tracking children with AirTags, with…
Google’s “browse privately” is nothing more than a word play, lawyers say
Categories: News Categories: Privacy Tags: Google Tags: Chrome Tags: Incognito Tags: private mode Tags: fingerprinting Tags: cookies Tags: tracking Private browsing is not what users expect it to be (Read more…) The post Google’s “browse privately” is nothing more than…
YouTube makes sweeping changes to tackle spam on Shorts videos
Categories: News Tags: YouTube Tags: shorts Tags: video Tags: spam Tags: scam Tags: comments Tags: replies Tags: block Tags: remove YouTube is making drastic changes to combat a a growing tide of spam comments on the Shorts video category. (Read…
Old exploit kits still kicking around in 2023
Categories: Threat Intelligence Tags: exploit kits Tags: eks Tags: rigek Tags: purplefoxek Internet Explorer may be a thing of the past, but there are still users and threat actors trying to deliver drive-by downloads. (Read more…) The post Old exploit…
Several hospitals still counting the cost of widespread ransomware attack
Categories: News Tags: hospital Tags: healthcare Tags: ransomware Tags: hijack Tags: network Tags: compromise Tags: data Tags: ambulance Tags: service Tags: redirect A widespread ransomware attack affecting 16 hospitals last week has led to ongoing cleanup efforts. (Read more…) The…
Zoom clarifies user consent requirement when training its AI
Categories: News Categories: Privacy Analysis of the Zoom Terms of Service caused users to believe their video conferences were being used to train an AI (Read more…) The post Zoom clarifies user consent requirement when training its AI appeared first…
August Patch Tuesday stops actively exploited attack chain and more
Categories: Exploits and vulnerabilities Categories: News Microsoft has announced patches for 87 vulnerabilities this month, including two that are being actively exploited. (Read more…) The post August Patch Tuesday stops actively exploited attack chain and more appeared first on Malwarebytes…
Ransomware review: August 2023
Categories: Threat Intelligence July saw one of the highest number of ransomware attacks in 2023 at 441. At the forefront of these attacks is, once again, Cl0p. (Read more…) The post Ransomware review: August 2023 appeared first on Malwarebytes Labs.…
Voter data stolen in UK Electoral Commission systems breach
Categories: Personal Tags: electoral commission Tags: election Tags: voting Tags: vote Tags: record Tags: roll Tags: register Tags: breached Tags: compromise Tags: uk Tags: opt-out We take a look at reports that the UK’s electoral commission has been breached, and…
Cloudflare Tunnel increasingly abused by cybercriminals
Categories: News Tags: Cloudflare Tunnel Tags: cloudflared Tags: rdp Tags: https Tags: smb Tags: ssh Researchers have found that cybercriminals are shifting to Cloudflare Tunnel to hide and anonymize their nefarious activities. (Read more…) The post Cloudflare Tunnel increasingly abused…
Facial recognition tech lands innocent woman with bogus carjacking charge
Categories: Personal Tags: facial recognition Tags: surveillance Tags: Detroit Tags: police Tags: law enforcement Tags: mistaken identity Tags: wrong Tags: flagged Tags: carjacking Tags: robbery Tags: phone We take a look at another case of facial recognition technology getting it…
Digital assets continue to be prime target for malvertisers
Categories: Threat Intelligence Tags: malvertising Tags: nft Tags: crypto Tags: wallet Tags: bing Tags: google NFT enthusiasts are getting their wallets drained after clicking on a malicious ad. (Read more…) The post Digital assets continue to be prime target for…
Server breach could be fatal blow for LetMeSpy
Categories: Personal Tags: letmespy Tags: stalkerware Tags: spy Tags: snoop Tags: install Tags: data Tags: breach Tags: hacked We take a look at reports of an app called LetMeSpy facing an imminent shutdown after a server breach and data deletion…
A week in security (July 31 – August 6)
Categories: News Tags: Ivanti Tags: Meta Tags: Teams Tags: ransomware rollback Tags: AMP Tags: Minecraft Tags: Barracuda A list of topics we covered in the week of July 31 to August 6 of 2023 (Read more…) The post A week…
New Security Advisor amps up security in minutes
Categories: Business The new feature provides comprehensive health score that assesses the quality of your Nebula implementation. (Read more…) The post New Security Advisor amps up security in minutes appeared first on Malwarebytes Labs. This article has been indexed from…
2022’s most routinely exploited vulnerabilities—history repeats
Categories: Exploits and vulnerabilities Categories: News Tags: Zoho ManageEngine Tags: CVE-2021-40539 Tags: Log4Shell Tags: CVE-2021-44228 Tags: CVE-2021-13379 Tags: ProxyShell Tags: CVE-2021-34473 Tags: CVE-2021-31207 Tags: CVE-2021-34523 Tags: CVE-2021-26084 Tags: Atlassian Tags: CVE-2022-22954 Tags: CVE-2022-22960 Tags: CVE-2022-26134 Tags: CVE-2022-1388 Tags: CVE-2022-30190 Tags:…
FCC comes down hard on robocallers with record $300m fine
Categories: Personal Tags: FCC Tags: FTC Tags: robocall Tags: cold caller Tags: calling Tags: phone Tags: do not call Tags: block Tags: fine We take a look at a record fine issued by the FCC in relation to a prolific…
TikTok facing fines for violating children’s privacy
Categories: News Categories: Privacy Tags: tiktok Tags: privacy Tags: gdpr Tags: children Tags: under 13 TikTok is looking at yet another fine… (Read more…) The post TikTok facing fines for violating children’s privacy appeared first on Malwarebytes Labs. This article…
Microsoft Teams used in phishing campaign to bypass multi-factor authentication
Categories: Business Categories: News Tags: Microsoft Teams Tags: social engineering Tags: bypass Tags: MFA Tags: authenticator Attackers are using Microsoft Teams chats from compromised Microsft 365 tenants as credential theft phishing lures (Read more…) The post Microsoft Teams used in…
The end looms for Meta’s behavioural advertising in Europe
Categories: Personal Tags: meta Tags: Facebook Tags: EU Tags: legal Tags: litigation Tags: behavioural Tags: advertising Tags: tracking We take a look at what appears to be the beginning of the end for Meta’s behavioural advertising in Europe. (Read more…)…
Global ransomware attacks at an all-time high, shows latest 2023 State of Ransomware report
Categories: Threat Intelligence Ransomware gangs are also starting to focus on exploiting zero-days for initial access. (Read more…) The post Global ransomware attacks at an all-time high, shows latest 2023 State of Ransomware report appeared first on Malwarebytes Labs. This…
Hey, are you REALLY ready to go on vacation? (No, you aren’t)
Categories: Awareness Categories: Explained Categories: News We’ve made a handy flow chart to help IT and security folk decide if they’re ready to go on vacation. (Read more…) The post Hey, are you REALLY ready to go on vacation? (No,…
How to protect your child’s identity
Categories: News Categories: Personal Tags: Children Tags: identity Tags: theft Tags: protection Tags: SSN Tags: COPPA Identity theft is a serious problem, especially when it affects children. (Read more…) The post How to protect your child’s identity appeared first on…
FAQ: How does Malwarebytes ransomware rollback work?
Categories: Business Malwarebytes Ransomware Rollback rescues your data from encryption by effectively “turning back the clock” of a ransomware attack. But how does it work, exactly? (Read more…) The post FAQ: How does Malwarebytes ransomware rollback work? appeared first on…
Film companies lose battle to unmask Reddit users
Categories: Personal Tags: reddit Tags: copyright Tags: piracy Tags: court Tags: case Tags: movie Tags: film Tags: producer Tags: pirate Tags: torrent Tags: steal Tags: theft Tags: download Tags: IP A Judge has thrown out a case where multiple movie…
Ivanti patches second zero-day vulnerability being used in attacks
Categories: Exploits and vulnerabilities Categories: News Tags: Ivanti Tags: EPMM Tags: MobileIron Tags: CVE-2023-35081 Tags: CVE-2023-35078 Tags: tomcat Tags: arbitrary file write Tags: ACL Tags: upgrade Ivanti has issued a patch to address a second critical zero-day vulnerability (Read more…)…
Minecraft fans beware: Players and servers at risk from BleedingPipe vulnerability
Categories: Personal Tags: Minecraft Tags: mod Tags: forge Tags: players Tags: vulnerability Tags: RCE Tags: bleedingpipe Tags: malware Minecraft players interested in modding are at risk from a remote code execution vulnerability targeting both players and servers. (Read more…) The…
Public companies must now disclose breaches within 4 days
Categories: Business Tags: SEC Tags: filing Tags: file Tags: breach Tags: breaches Tags: US Tags: cyber attack Tags: disclosure Tags: notification Tags: public We take a look at news that a new SEC rule will require public organisations impacted by…
A week in security (July 24 – July 30)
Categories: News Tags: week Tags: security Tags: 2023 Tags: July A list of topics we covered in the week of July 24 to July 30 of 2023 (Read more…) The post A week in security (July 24 – July 30)…
Supply chain attacks disrupt emergency services communications
Categories: Business Tags: supply chain Tags: attack Tags: ambulance Tags: trust Tags: communications Tags: service Tags: disrupt We take a look at a supply chain attack which disrupted two UK-based ambulance service’s ability to access customer records. (Read more…) The…
Meta subsidiaries must pay $14m over misleading data collection disclosure
Categories: Business Tags: VPN Tags: meta Tags: Facebook Tags: data Tags: disclosure Tags: australia Tags: australian Tags: traffic We take a look at reports that Meta subsidiaries have been ordered to pay a sizeable fine relating to disclosure issues for…
Zimbra issues awaited patch for actively exploited vulnerability
Categories: Exploits and vulnerabilities Categories: News Tags: Zimbra Tags: ZCS Tags: CVE-2023-38750 Tags: CISA Tags: CVE-2023-0464 Tags: TAG Tags: XSS Tags: JSP Tags: XML Tags: Zimbra has released ZCS 10.0.2 that fixes two security issues, including the known bug that…
Patch now! Ivanti Endpoint Manager Mobile Authentication vulnerability used in the wild
Categories: Exploits and vulnerabilities Categories: News Tags: Norwegian ministries Tags: ivanti Tags: EPMM Tags: MobileIron Tags: CVE-2023-35078 Tags: patch A patch is now available for an Ivanti EPMM vulnerability that was used in a cyberattack on the ICT platform which…
Ransomware groups claim responsibility for double-attack on Yamaha
Categories: Business Tags: ransomware Tags: blackbyte Tags: Akira Tags: group Tags: compromised Tags: data Tags: blackmail Tags: extortion Tags: attack Tags: Yamaha Tags: Canada Tags: music Tags: audio We take a look at claims that Yamaha has been compromised by…
60,000 Androids have stalkerware-type app Spyhide installed
Categories: News Categories: Privacy Tags: stalkerware Tags: carew Tags: spyhide A hacktivist was able to grab all the data from a stalkerware operator and shared the method and the findings. (Read more…) The post 60,000 Androids have stalkerware-type app Spyhide…
Tampa General Hospital half thwarts ransomware attack, but still loses patient data
Categories: News Categories: Ransomware Tags: Tampa Tags: General Hospital Tags: Snatch Tags: ransomware Tags: RDP Tags: data breach The Tampa General Hospital has promised to reach out to the individuals whose information has been stolen by the Snatch ransomware group.…
How to set up computer security for your parents
Categories: News Categories: Personal Tags: parents Tags: cybersecurity Tags: chromebook Tags: auto updates Tags: urgent notifications Tags: remote desktop Tags: router Tags: block list Tags: encryption Here are some tips that you can use to set up a secure environment…
Update now! Apple fixes several serious vulnerabilities
Categories: Exploits and vulnerabilities Categories: News Tags: Apple Tags: WebKit Tags: CVE-2023-38606 Tags: CVE-2023-32409 Tags: CVE-2023-37450 Tags: CVE-2023-32416 Apple has released security updates for several products to address several serious vulnerabilities including some actively exploited zero-days. (Read more…) The post…
A week in security (July 17 – 23)
Categories: News Tags: week in security Tags: malwarebytes Tags: July Tags: 2023 A list of topics we covered in the week of July 17 to July 23 of 2023 (Read more…) The post A week in security (July 17 –…
Estée Lauder targeted by Cl0p and BlackCat ransomware groups
Categories: Business Tags: Estée Lauder Tags: Cl0p Tags: BlackCat Tags: ransomware Tags: compromise Tags: attack Tags: breach Tags: blackmail Tags: threat We take a look at reports of cosmetics firm Estée Lauder being attacked by the Cl0p and BlackCat ransomware…
CISA: You’ve got two weeks to patch Citrix NetScaler vulnerability CVE-2023-3519
Categories: Exploits and vulnerabilities Categories: News Tags: Citrix Tags: NetScaler Tags: CVE-2023-3519 Tags: web shell A critical unauthenticated remote code execution vulnerability in Citrix NetScaler ADC and Citrix NetScaler Gateway is being actively exploited (Read more…) The post CISA: You’ve…
Amazon in-van delivery driver footage makes its way online
Categories: News Tags: driver Tags: delivery Tags: amazon Tags: van Tags: camera Tags: recording Tags: footage Tags: online Tags: privacy In-van delivery driver footage is reportedly finding its way to the internet. Are privacy issues at play, or is a…
Accidental VirusTotal upload is a valuable reminder to double check what you share
Categories: Business Tags: upload Tags: download Tags: share Tags: data Tags: intelligence Tags: google Tags: virustotal Tags: social media Tags: sharing Tags: document Tags: file Tags: files We take a look at reports of a document being accidentally shared to…
Google fixes “Bad.Build” Cloud Build flaw, researchers say it’s not enough
Categories: Exploits and vulnerabilities Categories: News Researchers have uncovered a privilege escalation vulnerability in Google Cloud Build that could enable malicious actors tamper with application images and infect users. (Read more…) The post Google fixes “Bad.Build” Cloud Build flaw, researchers…
Microsoft validation error allowed state actor to access user email of government agencies and others
Categories: News Tags: Microsoft. MSA Tags: OWA Tags: validation token Tags: signing key Tags: Storm-0556 Tags: GetAccessTokensForResource Due to a validation error in Microsoft code, a suspected Chinese attacker was able to access user email from approximately 25 organizations, including…
Plane sailing for ticket scammers: How to keep your flight plans safe
Categories: Personal Tags: plane Tags: ticket Tags: holiday Tags: flight Tags: airplane Tags: aeroplane Tags: scam Tags: phish Tags: phishing Tags: social engineering We take a look at several scams targeting flyers off on their holidays, and how you can…
Docker Hub images found to expose secrets and private keys
Categories: Awareness Categories: News Tags: Docker Tags: Docker Hub Tags: containerization Tags: secrets Tags: exposed Researchers have found that numerous Docker images shared on Docker Hub expose sensitive data. (Read more…) The post Docker Hub images found to expose secrets…
FakeSG enters the ‘FakeUpdates’ arena to deliver NetSupport RAT
Categories: Threat Intelligence Tags: fakeupdates Tags: socgholish Tags: netsupport Tags: RAT A new campaign leveraging compromised WordPress sites emerges with another fake browser update. (Read more…) The post FakeSG enters the ‘FakeUpdates’ arena to deliver NetSupport RAT appeared first on…
A week in security (July 10 – 16)
Categories: News Tags: week Tags: security Tags: July Tags: 2023 A list of topics we covered in the week of July 10 to July 16 of 2023 (Read more…) The post A week in security (July 10 – 16) appeared…
Spy vs. spy: Exploring the LetMeSpy hack, with maia arson crimew
Categories: Podcast This week on Lock and Code, we speak with maia arson crimew about the hack of the monitoring app LetMeSpy, which many have labeled as stalkerware. (Read more…) The post Spy vs. spy: Exploring the LetMeSpy hack, with…
Act now! In-the-wild Zimbra vulnerability needs a workaround
Categories: Exploits and vulnerabilities Categories: News Tags: Zimbra Tags: MalasLocker Tags: vulnerability Tags: Google Tags: actively exploited Tags: fn:escapeXml Security experts are warning Zimbra users that a vulnerability for which there is no patch is being actively exploited in the…
Malwarebytes stops 100% of Advanced Threats in latest AV-Test assessment
Categories: Business The test evaluates products against the latest techniques used by data stealers and ransomware. (Read more…) The post Malwarebytes stops 100% of Advanced Threats in latest AV-Test assessment appeared first on Malwarebytes Labs. This article has been indexed…
Ransomware making big money through “big game hunting”
Categories: Business Tags: business Tags: ransomware Tags: crypto Tags: cryptocurrency Tags: digital Tags: payment Tags: extortion Tags: gang Tags: group Tags: big game hunting We take a look at reports that claim ransomware is making big money in 2023. (Read…
Tax preparation firms shared sensitive information with Meta
Categories: News Categories: Privacy Tags: tax preparation Tags: Meta Tags: Pixel Tags: Markup Tax preparation firms shared personal and financial information with social media giant Meta (Read more…) The post Tax preparation firms shared sensitive information with Meta appeared first…
Zero-day deploys remote code execution vulnerability via Word documents
Categories: Business Tags: microsoft Tags: zero-day Tags: exploit Tags: CVE-2023-36884 Tags: storm-0978 Tags: email Tags: phish Tags: phishing Tags: Ukraine We take a look at reports of an exploit being deployed via booby trapped Word documents. (Read more…) The post…
Ransomware review: July 2023
Categories: Threat Intelligence Following a three-month lull of activity, Cl0p returned with a vengeance in June and beat out LockBit as the month’s most active ransomware gang. (Read more…) The post Ransomware review: July 2023 appeared first on Malwarebytes Labs.…
From Malvertising to Ransomware: A ThreatDown webinar recap
Categories: Business Get the low-down on our recent webinar From Malvertising to Ransomware. (Read more…) The post From Malvertising to Ransomware: A ThreatDown webinar recap appeared first on Malwarebytes Labs. This article has been indexed from Malwarebytes Labs Read the…
Criminals target businesses with malicious extension for Meta’s Ads Manager and accidentally leak stolen accounts
Categories: Threat Intelligence Tags: Meta Tags: Facebook Tags: malware Tags: ads manager Tags: chrome Tags: extension A group of criminals is actively targeting Facebook business users to gain access to their advertising accounts via malicious Chrome extensions. But we spotted…
Proposed Massachusetts law to ban sale of your mobile location data
Categories: News Categories: Personal Tags: mobile Tags: cellphone Tags: location Tags: locational Tags: sale Tags: selling Tags: broker Tags: data Tags: tracking Tags: anonymous A proposed law would ban brokers from selling mobile location data in Massachusetts. (Read more…) The…
Update now! Microsoft patches a whopping 130 vulnerabilities
Categories: Exploits and vulnerabilities Categories: News Tags: Microsoft Tags: Adobe Tags: Apple Tags: Android Tags: Cisco Tags: Fortinet Tags: MOVEit Tags: Mozilla Tags: SAP Tags: VMware Tags: CVE-2023-32049 Tags: CVE-2023-35311 Tags: CVE-2023-32046 Tags: CVE-2023-36874 Tags: CVE-2023-36844 For the July 2023…
How to secure your business before going on vacation
Categories: Business Are you a critical security expert for your organization? Are you also going on vacation? Here’s how to ensure your time away from the office doesn’t get interrupted with a security incident. (Read more…) The post How to…
Threatening rogue finance apps removed from the Apple Store
Categories: Personal Tags: app Tags: finance Tags: india Tags: loan Tags: rogue Tags: Apple Store Tags: play store Tags: google Tags: threaten Tags: blackmail Tags: sextortion Tags: fake Tags: deepfake Tags: deepfakes Tags: morph Multiple finance apps have been removed…
“TootRoot” Mastodon vulnerabilities fixed: Admins, patch now!
Categories: Personal Tags: tootroot Tags: mastodon Tags: server Tags: patch Tags: update Tags: CVE Tags: flaw Tags: vulnerability Tags: social media Tags: network Tags: networking We take a look at a collection of issues (now patched) which were affecting Mastodon…
Apple issues Rapid Security Response for zero-day vulnerability
Categories: Exploits and vulnerabilities Categories: News Tags: Apple Tags: Safari Tags: WebKit Tags: macOS Tags: iOS Tags: iPadOs Tags: CVE-2023-37450 Tags: drive-by Tags: code execution Apple has issued an update for a zero-day vulnerability in the WebKit browser engine which…
A week in security (July 3 – 9)
Categories: News Tags: week Tags: security Tags: July 2023 A list of topics we covered in the week of July 3 to July 9 of 2023 (Read more…) The post A week in security (July 3 – 9) appeared first…