US-CERT Bulletin (SB23-037):Vulnerability Summary for the Week of January 30, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
News
Ransomware review: February 2023
Malwarebytes Threat Intelligence builds a monthly picture of ransomware activity by monitoring the information published by ransomware gangs on their...
Researchers Uncover New Bugs in Popular ImageMagick Image Processing Utility
Cybersecurity researchers have disclosed details of two security flaws in the open source ImageMagick software that could potentially lead...
New Threat: Stealthy HeadCrab Malware Compromised Over 1,200 Redis Servers
At least 1,200 Redis database servers worldwide have been corralled into a botnet using an "elusive and severe threat"...
North Korean Hackers Exploit Unpatched Zimbra Devices in ‘No Pineapple’ Campaign
A new intelligence gathering campaign linked to the prolific North Korean state-sponsored Lazarus Group leveraged known security flaws in...
Experts Warn of ‘Ice Breaker’ Cyberattacks Targeting Gaming and Gambling Industry
A new attack campaign has been targeting the gaming and gambling sectors since at least September 2022, just as...
New Russian-Backed Gamaredon’s Spyware Variants Targeting Ukrainian Authorities
The State Cyber Protection Centre (SCPC) of Ukraine has called out the Russian state-sponsored threat actor known as Gamaredon...
CISA Alert: Oracle E-Business Suite and SugarCRM Vulnerabilities Under Attack
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on February 2 added two security flaws to its Known Exploited...
Atlassian’s Jira Software Found Vulnerable to Critical Authentication Vulnerability
Atlassian has released fixes to resolve a critical security flaw in Jira Service Management Server and Data Center that...
Cybersecurity Budgets Are Going Up. So Why Aren’t Breaches Going Down?
Over the past few years, cybersecurity has become a major concern for businesses around the globe. With the total cost...
New High-Severity Vulnerabilities Discovered in Cisco IOx and F5 BIG-IP Products
F5 has warned of a high-severity flaw impacting BIG-IP appliances that could lead to denial-of-service (DoS) or arbitrary code...
Ransomware in December 2022
Malwarebytes Threat Intelligence builds a monthly picture of ransomware activity by monitoring the information published by ransomware gangs on their...
US-CERT Bulletin (SB23-030):Vulnerability Summary for the Week of January 23, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
Analyzing and remediating a malware infested T95 TV box from Amazon
A couple of weeks ago, security news outlets made their rounds reporting on an Android TV box available on Amazon...
Winnti APT group docks in Sri Lanka for new campaign
In early August, the Malwarebytes Threat Intelligence team identified a new attack targeting government entities in Sri Lanka. The threat...
U.S. sues Google for abusing dominance over online ad market
The U.S. Justice Department has filed a federal lawsuit today against Google for abusing its dominant position in the online...
Riot Games receives ransom demand from hackers, refuses to pay
Riot Games says it will not pay a $10 million ransom demanded by attackers who stole League of Legends source code...
Ransomware access brokers use Google ads to breach your network
A threat actor tracked as DEV-0569 uses Google Ads in widespread, ongoing advertising campaigns to distribute malware, steal victims' passwords,...
FBI: North Korean hackers stole $100 million in Harmony crypto hack
The FBI has confirmed that the North Korean state-sponsored 'Lazarus' and APT38 hacking groups were behind the theft of $100...
Russia’s largest ISP says 2022 broke all DDoS attack records
Russia's largest internet service provider Rostelecom says 2022 was a record year for Distributed denial of service attacks (DDoS) targeting...
75k WordPress sites impacted by critical online course plugin flaws
The WordPress online course plugin 'LearnPress' was vulnerable to multiple critical-severity flaws, including pre-auth SQL injection and local file inclusion....
VMware fixes critical security bugs in vRealize log analysis tool
VMware released security patches on Tuesday to address vRealize Log Insight vulnerabilities that could enable attackers to gain remote execution...
Microsoft shares workaround for unresponsive Windows Start Menu
Microsoft has confirmed an issue causing the Windows Start menu to become unresponsive and some applications to no longer launch....
Hackers use Golang source code interpreter to evade detection
A Chinese-speaking hacking group tracked as ‘DragonSpark’ was observed employing Golang source code interpretation to evade detection while launching espionage...
