Bug or Feature? Hidden Web Application Vulnerabilities Uncovered
Web Application Security consists of a myriad of security controls that ensure that a web application: Functions as expected. Cannot...
News
New NKAbuse Malware Exploits NKN Blockchain Tech for DDoS Attacks
A novel multi-platform threat called NKAbuse has been discovered using a decentralized, peer-to-peer network connectivity protocol known as NKN (short...
Active Exploitation of Critical Vulnerability in JetBrains TeamCity On-Premises
JetBrains has released updates addressing a critical vulnerability (CVE-2023-42793) in their TeamCity On-Premises. The vulnerability is reportedly being actively exploited...
Hong Kong Residents Targeted In Malvertising Campaigns For Whatsapp Telegram
Malvertising is a powerful malware or scam delivery mechanism that makes it easy to target specific geographies or even users....
Malvertising Via Dynamic Search Ads Delivers Malware Bonanza
Most, if not all malvertising incidents result from a threat actor either injecting code within an existing ad, or intentionally...
Malvertiser Copies Pc News Site To Deliver Infostealer
The majority of malvertising campaigns delivering malicious utilities that we have tracked so far typically deceive victims with pages that...
Credit Card Skimming On The Rise For The Holiday Shopping Season
As we head into shopping season, customers aren’t the only ones getting excited. More online shopping means more opportunities for...
Atomic Stealer Distributed To Mac Users Via Fake Browser Updates
Atomic Stealer, also known as AMOS, is a popular stealer for Mac OS. Back in September, we described how malicious...
Malvertisers Zoom In On Cryptocurrencies And Initial Access
During the past month, we have observed an increase in the number of malicious ads on Google searches for “Zoom”,...
Ransomware Review December 2023
This article is based on research by Marcelo Rivero, Malwarebytes’ ransomware specialist, who monitors information published by ransomware gangs on...
Associated Press Espn Cbs Among Top Sites Serving Fake Virus Alerts
ScamClub is a threat actor who’s been involved in malvertising activities since 2018. Chances are you probably ran into one...
Ransomware Review November 2023
This article is based on research by Marcelo Rivero, Malwarebytes’ ransomware specialist, who monitors information published by ransomware gangs on...
Ten New Android Banking Trojans Targeted 985 Bank Apps In 2023
This year has seen the emergence of ten new Android banking malware families, which collectively target 985 bank and fintech/trading...
New Nkabuse Malware Abuses Nkn Blockchain For Stealthy Comms
A new Go-based multi-platform malware identified as 'NKAbuse' is the first malware abusing NKN (New Kind of Network) technology for...
Ledger Dapp Supply Chain Attack Steals 600k From Crypto Wallets
Ledger is warnings users not to use web3 dApps after a supply chain attack on the 'Ledger dApp Connect Kit'...
Microsoft Disrupts Cybercrime Gang Behind 750 Million Fraudulent Accounts
Microsoft's Digital Crimes Unit seized multiple domains used by a Vietnam-based cybercrime group (Storm-1152) that registered over 750 million fraudulent...
Ubiquiti Users Report Having Access To Others Unifi Routers Cameras
12/14/23 update with information from Ubiquiti added below. Since yesterday, users of Ubiquiti networking devices, ranging from routers to security...
Discord Adds Security Key Support For All Users To Enhance Security
Discord has made security key multi-factor authentication (MFA) available for all accounts on the platform, bringing significant security and anti-phishing...
Us Nuclear Research Lab Data Breach Impacts 45 000 People
The Idaho National Laboratory (INL) confirmed that attackers stole the personal information of more than 45,000 individuals after breaching its...
Kraft Heinz Investigates Hack Claims Says Systems Operating Normally
Kraft Heinz has confirmed that their systems are operating normally and that there is no evidence they were breached after...
Protect Your Active Directory From These Password Based Vulnerabilities
Active Directory (AD) is a highly attractive target for threat actors due to its critical role as the identity (or...
Google’s New Tracking Protection in Chrome Blocks Third-Party Cookies
Google on Thursday announced that it will start testing a new feature called "Tracking Protection" starting January 4, 2024, to...
New Pierogi++ Malware by Gaza Cyber Gang Targeting Palestinian Entities
A pro-Hamas threat actor known as Gaza Cyber Gang is targeting Palestinian entities using an updated version of a backdoor...
Microsoft Targets Prolific Outlook Fraudster Storm-1152
Microsoft has gone after a prolific Vietnam-based threat group it describes as “the number one seller and creator” of fake...
