Tech support fraud is still very much alive, says latest FBI report
The FBI’s Internet Crime Complaint Center (IC3) has released its annual report. In 2021, IC3 continued to receive a record...
News
While Twitter suspends Anonymous accounts, the group hacked VGTRK Russian Television and Radio
While Twitter suspends some Anonymous accounts, the collective hacked All-Russia State Television and Radio Broadcasting Company (VGTRK). On Friday, Anonymous...
A week in security (March 21 – 27)
Last week on Malwarebytes Labs: Anti-war open-source software developer targets Russians and Belarussians with “protestware”Elden Ring exploit traps players in...
GhostWriter APT targets state entities of Ukraine with Cobalt Strike Beacon
Ukraine CERT-UA warns that the Belarus-linked GhostWriter APT group is targeting state entities of Ukraine with Cobalt Strike Beacon. Ukraine...
Shopping trap: The online stores’ scam that hits users worldwide
Shopping trap: Criminal gangs from China have been using copies of online stores of popular brands to target users all...
Sophos Firewall affected by a critical authentication bypass flaw
Sophos has addressed a critical vulnerability, tracked as CVE-2022-1040, in its Sophos Firewall that allows remote code execution (RCE). Sophos has fixed an...
Mar 20- Mar 26 Ukraine – Russia the silent cyber conflict
This post provides a timeline of the events related to the Russian invasion of Ukraine from the cyber security perspective....
Western Digital addressed a critical bug in My Cloud OS 5
Western Digital fixed a critical flaw affecting My Cloud OS 5 devices that allowed attackers to gain remote code execution...
CISA adds 66 new flaws to the Known Exploited Vulnerabilities Catalog
The US Cybersecurity and Infrastructure Security Agency (CISA) added 66 new flaws to its Known Exploited Vulnerabilities Catalog. The U.S....
FCC adds Kaspersky to Covered List due to unacceptable risks to national security
The Federal Communications Commission (FCC) added Kaspersky to its Covered List because it poses unacceptable risks to U.S. national security....
Anonymous leaked 28GB of data stolen from the Central Bank of Russia
Anonymous announced that the affiliate group Black Rabbit World has leaked 28 GB of data stolen from the Central Bank...
This Week in Security News – March 25, 2022
An investigation of cryptocurrency scams and schemes, and Lapsus$: Oxford teen accused of being multi-millionaire cyber-criminal If you like the...
Purple Fox Uses New Arrival Vector and Improves Malware Arsenal
Purple Fox is an old threat that has been making waves since 2018. This most recent investigation covers Purple Fox’s...
Chrome emergency update fixes actively exploited a zero-day bug
Google addresses an actively exploited zero-day flaw with the release of Chrome 99.0.4844.84 for Windows, Mac, and Linux. Google fixed...
Chinese threat actor Scarab targets Ukraine, CERT-UA warns
Ukraine CERT (CERT-UA) released details about a campaign that SentinelLabs linked with the suspected Chinese threat actor tracked as Scarab....
UK police arrested 7 alleged members of Lapsus$ extortion gang
UK police suspect that a 16-year-old from Oxford is one of the leaders of the popular Lapsus$ extortion group. The...
US indicted 4 Russian government employees for attacks on critical infrastructure
The U.S. has indicted four Russian government employees for their involvement in attacks on entities in critical infrastructure. The U.S....
Phishing-kit market: what’s inside “off-the-shelf” phishing packages
What are phishing kits? One of the most common tricks scammers use in phishing attacks is to create a fake...
Anti-war open-source software developer targets Russians and Belarussians with “protestware”
Russia is in the midst of its fourth week of attack against Ukraine. People worldwide have been increasingly and passionately...
Experts explained how to hack a building controller widely adopted in Russia
A researcher discovered critical flaws that can be exploited by remote attackers to hack a building controller popular in Russia....
An Investigation of Cryptocurrency Scams and Schemes
We provide an overview of the diverse range of NFT- and cryptocurrency-related scams that malicious actors use to steal assets...
Cyber Threat Intelligence: Risk Management Strategies
The ever-expanding attack surface of the cloud calls for effective cyber risk management to enable enterprises to innovate and meet...
Anonymous targets western companies still active in Russia, including Auchan, Leroy Merlin e Decathlon
Anonymous launches its offensive against Wester companies still operating in Russia, it ‘DDoSed’ Auchan, Leroy Merlin e Decathlon websites. Since...
VMware Issues Patches for Critical Flaws Affecting Carbon Black App Control
VMware addressed two critical arbitrary code execution vulnerabilities affecting its Carbon Black App Control platform. VMware released this week, software...
