Watch out for LinkedIn fakes who want to get connected
Despite continued warnings of deepfake chaos during major events, things haven’t worked out the way some thought. Those video deepfakes...
News
Threat actors actively exploit recently fixed Sophos firewall bug
Cybersecurity firm Sophos warned that the recently addressed CVE-2022-1040 flaw in Sophos Firewall is actively exploited in attacks. Sophos has recently fixed...
$625M stolen from Axie Infinity ‘s Ronin bridge, the largest ever crypto hack
Threat actors have stolen approximately $625 million worth of Ethereum and USDC tokens from Axie Infinity ‘s Ronin network bridge....
Why Organizations Should Take Cloud-Based Cryptocurrency-Mining Attacks Seriously
One of the recent trends we’ve observed is the rise of cloud-based cryptocurrency-mining groups that exploit cloud resources, specifically the...
How CISOs can Mitigate Cryptomining Malware
Learn more about cloud-based cryptomining, its repercussions, and how CISOs can create an effective risk mitigation strategy for this threat....
New spear phishing campaign targets Russian dissidents
This blog post was authored by Hossein Jazi. Several threat actors have taken advantage of the war in Ukraine to...
Compromised WordPress sites launch DDoS on Ukrainian websites
Threat actors compromised WordPress sites to deploy a script that was used to launch DDoS attacks, when they are visited,...
Attacks on Ukraine communications are a major part of the war
Since the start of the Russian invasion of Ukraine, the war on the battlefield has been accompanied by cyber attacks....
Looking over your shoulder: when small mistakes have big consequences
People up to no good get themselves caught in an endless number of ways. This has always been the case...
Satellites are critical infrastructure and need to be cybersecured
In the context of this article we will use the term satellite for a machine that is launched into space...
CISA adds Chrome, Redis bugs to the Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added Chrome and Redis flaws to its Known Exploited Vulnerabilities Catalog. The...
What is credential stuffing? And how to prevent it?
This post explains what is a credential stuffing attack and which are the countermeasures to prevent them. A credential stuffing...
Ukrtelecom, a major mobile service and internet provider in Ukraine, foiled a “massive” cyberattack that hit its infrastructure
Ukrtelecom, a major mobile service and internet provider in Ukraine, foiled a “massive” cyberattack that hit its infrastructure. On March...
Anonymous is working on a huge data dump that will blow Russia away
The Anonymous collective hacked the Russian construction company Rostproekt and announced that a leak that will Blow Russia Away. Anonymous...
Terraform Tutorial: Drift Detection Strategies
A fundamental challenge of architecture built using tools like Terraform is configuration drift. Check out these actionable strategies and steps...
US-CERT Bulletin (SB22-087):Vulnerability Summary for the Week of March 21, 2022
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
Hive ransomware ports its encryptor to Rust programming language
The Hive ransomware gang ported its encryptor to the Rust programming language and implemented new features. The Hive ransomware operation...
Telling stories securely, with Runa Sandvik: Lock and Code S03E07
In 2017, a former NSA contractor named Reality Winner was arrested for allegedly leaking an internal report to the online...
Muhstik Botnet Targeting Redis Servers Using Recently Disclosed Vulnerability
The Muhstik botnet has been observed targeting Redis servers exploiting the recently disclosed CVE-2022-0543 vulnerability. Muhstik is a botnet that is...
Update now! Google releases emergency patch for Chrome zero-day used in the wild
Google has urged its 3 billion+ users to update to Chrome version 99.0.4844.84 for Mac, Windows, and Linux to mitigate a...
Tech support fraud is still very much alive, says latest FBI report
The FBI’s Internet Crime Complaint Center (IC3) has released its annual report. In 2021, IC3 continued to receive a record...
While Twitter suspends Anonymous accounts, the group hacked VGTRK Russian Television and Radio
While Twitter suspends some Anonymous accounts, the collective hacked All-Russia State Television and Radio Broadcasting Company (VGTRK). On Friday, Anonymous...
A week in security (March 21 – 27)
Last week on Malwarebytes Labs: Anti-war open-source software developer targets Russians and Belarussians with “protestware”Elden Ring exploit traps players in...
GhostWriter APT targets state entities of Ukraine with Cobalt Strike Beacon
Ukraine CERT-UA warns that the Belarus-linked GhostWriter APT group is targeting state entities of Ukraine with Cobalt Strike Beacon. Ukraine...
