AcidRain, a wiper that crippled routers and modems in Europe
Researchers spotted a new destructive wiper, tracked as AcidRain, that is likely linked to the recent attack against Viasat. Security...
News
Zyxel fixes a critical bug in its business firewall and VPN devices
Zyxel issued security updates for a critical vulnerability that affects some of its business firewall and VPN devices. Networking equipment...
CISA adds Sophos firewall bug to Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Sophos firewall flaw and seven other issues to...
Flaws in Wyze cam devices allow their complete takeover
Wyze Cam devices are affected by three security vulnerabilities that can allow attackers to takeover them and access camera feeds....
Lazarus Trojanized DeFi app for delivering malware
For the Lazarus threat actor, financial gain is one of the prime motivations, with a particular emphasis on the cryptocurrency...
MITRE ATT&CK® Evaluation results: Malwarebytes’ efficiency, delivered simply, earns high marks
Cybersecurity can be complex work, as security teams need to regularly decipher and prioritize alerts, protect against daily threats, and...
Apple issues emergency patches to fix actively exploited zero-days
Apple released emergency patches to address two zero-day vulnerabilities actively exploited to compromise iPhones, iPads, and Macs. Apple has released...
Phishers make a date with your calendar apps
Calendars are a rich source of bad behaviour for scammers and spammers. They’re one of the most prolific tools the...
Tech support scam campaign targets Japanese visitors to PornHub
The Malwarebytes Threat Intelligence team has identified a malvertising campaign targeting Japanese users. The campaign they discovered was found to...
URI spoofing flaw could phish WhatsApp, Signal, Instagram, and iMessage users
There’s a flaw in the way many of the world’s most popular messaging and email platforms—such as Facebook Messenger, Instagram,...
Google TAG details cyber activity with regard to the invasion of Ukraine
The Google TAG uses uncovered phishing attacks targeting Eastern European and NATO countries, including Ukraine. The Google Threat Analysis Group (TAG) provided...
Anonymous hacked Russian Thozis Corp, but denies attacks on Rosaviatsia
The Anonymous collective hacked the Russian investment firm Thozis Corp, but it’s a mystery the attack against the Russian Civil...
Ukraine shuts down disinformation bot farm
Given current world events, there’s an incredible amount of misinformation and disinformation around at the moment. Whether we’re talking 5G,...
Mysterious disclosure of a zero-day RCE flaw Spring4Shell in Spring
An unauthenticated zero-day RCE vulnerability in the Spring Core Java framework called ‘Spring4Shell’ has been publicly disclosed. Researchers disclosed a...
Bad OPSEC allowed researchers to uncover Mars stealer operation
The Morphisec Labs researchers analyzed a new malware, tracked as Mars stealer, which is based on the older Oski Stealer. Morphisec...
An In-Depth Look at ICS Vulnerabilities Part 1
In this blog series our team examined various ICS vulnerabilities using the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK)...
A critical RCE vulnerability affects SonicWall Firewall appliances
SonicWall released security updates to address a remote code execution vulnerability that affects multiple firewall appliances. SonicWall has released security...
CISA and DoE warns of attacks targeting UPS devices
The US CISA and the Department of Energy issued guidance on mitigating attacks against uninterruptible power supply (UPS) devices. The...
Lapsus$ extortion gang claims to have hacked IT Giant Globant
The Lapsus$ extortion group claims to have hacked IT giant Globant and leaked tens of gigabytes of stolen data. The...
Update now! Google launches Chrome version 100 and fixes 28 vulnerabilities
Google has launched Chrome version 100 which, among other things, fixes 28 vulnerabilities. Other new security features include Safety Check,...
“A little gift for you” SMS spam appears to come from your own phone number
If you’ve received a spam SMS message sent from your own phone number, don’t panic. No, you weren’t hacked. And...
Watch out for LinkedIn fakes who want to get connected
Despite continued warnings of deepfake chaos during major events, things haven’t worked out the way some thought. Those video deepfakes...
Threat actors actively exploit recently fixed Sophos firewall bug
Cybersecurity firm Sophos warned that the recently addressed CVE-2022-1040 flaw in Sophos Firewall is actively exploited in attacks. Sophos has recently fixed...
$625M stolen from Axie Infinity ‘s Ronin bridge, the largest ever crypto hack
Threat actors have stolen approximately $625 million worth of Ethereum and USDC tokens from Axie Infinity ‘s Ronin network bridge....
