Globant suffers network breach due to LAPSUS$ compromise
Globant, an IT and software development firm with offices all around the globe, recently admitted in a press statement Wednesday...
News
Update now! Apple patches two zero-day vulnerabilities that may have been actively exploited
Apple has released security updates for macOS Monterey 12.3.1, iOS 15.4.1, iPadOS 15.4.1, tvOS 15.4.1, and watchOS 8.5.1. The update...
Hive ransomware impacts California non-profit health organisation
Ransomware authors are once again targeting health services, holding important files to ransom and impacting potentially vital services. On this...
Anonymous targets oligarchs’ Russian businesses: Marathon Group hacked
Anonymous continues its operations against Russia, the group announced the hack of the Russian investment firm Marathon Group. Anonymous continues...
AcidRain, a wiper that crippled routers and modems in Europe
Researchers spotted a new destructive wiper, tracked as AcidRain, that is likely linked to the recent attack against Viasat. Security...
Zyxel fixes a critical bug in its business firewall and VPN devices
Zyxel issued security updates for a critical vulnerability that affects some of its business firewall and VPN devices. Networking equipment...
CISA adds Sophos firewall bug to Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Sophos firewall flaw and seven other issues to...
Flaws in Wyze cam devices allow their complete takeover
Wyze Cam devices are affected by three security vulnerabilities that can allow attackers to takeover them and access camera feeds....
Lazarus Trojanized DeFi app for delivering malware
For the Lazarus threat actor, financial gain is one of the prime motivations, with a particular emphasis on the cryptocurrency...
MITRE ATT&CK® Evaluation results: Malwarebytes’ efficiency, delivered simply, earns high marks
Cybersecurity can be complex work, as security teams need to regularly decipher and prioritize alerts, protect against daily threats, and...
Apple issues emergency patches to fix actively exploited zero-days
Apple released emergency patches to address two zero-day vulnerabilities actively exploited to compromise iPhones, iPads, and Macs. Apple has released...
Phishers make a date with your calendar apps
Calendars are a rich source of bad behaviour for scammers and spammers. They’re one of the most prolific tools the...
Tech support scam campaign targets Japanese visitors to PornHub
The Malwarebytes Threat Intelligence team has identified a malvertising campaign targeting Japanese users. The campaign they discovered was found to...
URI spoofing flaw could phish WhatsApp, Signal, Instagram, and iMessage users
There’s a flaw in the way many of the world’s most popular messaging and email platforms—such as Facebook Messenger, Instagram,...
Google TAG details cyber activity with regard to the invasion of Ukraine
The Google TAG uses uncovered phishing attacks targeting Eastern European and NATO countries, including Ukraine. The Google Threat Analysis Group (TAG) provided...
Anonymous hacked Russian Thozis Corp, but denies attacks on Rosaviatsia
The Anonymous collective hacked the Russian investment firm Thozis Corp, but it’s a mystery the attack against the Russian Civil...
Ukraine shuts down disinformation bot farm
Given current world events, there’s an incredible amount of misinformation and disinformation around at the moment. Whether we’re talking 5G,...
Mysterious disclosure of a zero-day RCE flaw Spring4Shell in Spring
An unauthenticated zero-day RCE vulnerability in the Spring Core Java framework called ‘Spring4Shell’ has been publicly disclosed. Researchers disclosed a...
Bad OPSEC allowed researchers to uncover Mars stealer operation
The Morphisec Labs researchers analyzed a new malware, tracked as Mars stealer, which is based on the older Oski Stealer. Morphisec...
An In-Depth Look at ICS Vulnerabilities Part 1
In this blog series our team examined various ICS vulnerabilities using the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK)...
A critical RCE vulnerability affects SonicWall Firewall appliances
SonicWall released security updates to address a remote code execution vulnerability that affects multiple firewall appliances. SonicWall has released security...
CISA and DoE warns of attacks targeting UPS devices
The US CISA and the Department of Energy issued guidance on mitigating attacks against uninterruptible power supply (UPS) devices. The...
Lapsus$ extortion gang claims to have hacked IT Giant Globant
The Lapsus$ extortion group claims to have hacked IT giant Globant and leaked tens of gigabytes of stolen data. The...
Update now! Google launches Chrome version 100 and fixes 28 vulnerabilities
Google has launched Chrome version 100 which, among other things, fixes 28 vulnerabilities. Other new security features include Safety Check,...
