Addressing Cyber Risk with a Unified Platform
Hear from guest speaker, Forrester analyst, Allie Mellen, as she shares insights and advice on the factors firms should consider...
News
Karakurt extortion group: Threat profile
The FBI (Federal Bureau of Investigation), together with CISA (Cybersecurity and Infrastructure Security Agency) and other federal agencies, recently released...
Instagram scam steals your selfies to trick your friends
What would you do if a friend of yours set up a NSFW account, and then used it to follow...
“Multiple adversaries” exploiting Confluence vulnerability, warns Microsoft
Microsoft has warned that “multiple adversaries and nation-state actors” are making use of the recent Atlassian Confluence RCE vulnerability. A...
Introducing Malwarebytes Vulnerability Assessment for OneView: How to check for Common Vulnerabilities and Exposures (CVEs)
Malwarebytes is happy to announce our Vulnerability Assessment module for OneView, our multi-tenant console where you can manage Malwarebytes Nebula...
Don’t panic! “Unpatchable” Mac vulnerability discovered
Researchers at MIT’s Computer Science & Artificial Intelligence Lab (CSAIL) found an attack surface in a hardware-level security mechanism utilized...
API Security Best Practices
Organizations face the constant need to protect these APIs from attacks so they can protect organizational data. Organizations are rapidly...
SeaFlower campaign distributes backdoored versions of Web3 wallets to steal seed phrases
Chinese cybercriminals are using SeaFlower backdoored versions of iOS and Android Web3 wallets to steal users’ seed phrase. Researchers from...
Experts spotted Syslogk, a Linux rootkit under development
Experts spotted a new Linux rootkit, dubbed ‘Syslogk,’ that uses specially crafted “magic packets” to activate a dormant backdoor on the...
US-CERT Bulletin (SB22-164):Vulnerability Summary for the Week of June 6, 2022
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
Russia-linked APT targets Ukraine by exploiting the Follina RCE vulnerability
Ukraine’s Computer Emergency Response Team (CERT) warns that the Russia-linked Sandworm APT group may exploit the Follina RCE vulnerability. Ukraine’s...
Taking down the IP2Scam tech support campaign
Tech support scams follow a simple business model that has not changed much over the years. After all, why change...
GALLIUM APT used a new PingPull RAT in recent campaigns
China-linked Gallium APT employed a previously undocumented RAT, tracked as PingPull, in recent cyber espionage campaign targeting South Asia, Europe,...
Update Chrome now: Four high risk vulnerabilities found
Users of Chrome have been advised to apply updates as soon as possible related to seven security vulnerabilities. CISA has...
HelloXD Ransomware operators install MicroBackdoor on target systems
Experts observed the HelloXD ransomware deploying a backdoor to facilitate persistent remote access to infected hosts. The HelloXD ransomware first appeared...
Serious vulnerabilities found in ITarian software, patches available for SaaS products
Dutch research group DIVD has identified multiple vulnerabilities in ITarian products. In cooperation with DIVD, ITarian has made patches available...
A week in security (June 6 – June 12)
Last week on Malwarebytes Labs: FBI warns of scammers soliciting donations for UkraineMicrosoft autopatch is here…but can you use it?Prometheus...
Using WiFi connection probe requests to track users
Researchers at the University of Hamburg demonstrated that WiFi connection probe requests expose users to track. A group of academics...
Security Affairs newsletter Round 369 by Pierluigi Paganini
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for...
Ransomware gangs are exploiting CVE-2022-26134 RCE in Atlassian Confluence servers
Ransomware gangs are actively exploiting CVE-2022-26134 remote code execution (RCE) flaw in Atlassian Confluence Server and Data Center. Multiple ransomware...
HID Mercury Access Controller flaws could allow to unlock Doors
Experts found vulnerabilities in HID Mercury Access Controllers can be exploited by attackers to remotely unlock doors. Researchers from security...
Iran-linked Lyceum APT adds a new .NET DNS Backdoor to its arsenal
Iran-linked Lyceum APT group uses a new .NET-based DNS backdoor to target organizations in the energy and telecommunication sectors. The...
PACMAN, a new attack technique against Apple M1 CPUs
PACMAN is a new attack technique demonstrated against Apple M1 processor chipsets that could be used to hack macOS systems....
Amazon EKS vs Azure Kubernetes Service
Managed Kubernetes services help organizations deploy, configure, and manage Kubernetes clusters. This article compares two of the biggest service providers:...
