US-CERT Bulletin (SB22-038):Vulnerability Summary for the Week of January 31, 2022
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
News
News Corp falls victim to cyberattack
Media giant News Corp says it has fallen victim to a cyberattack. First analysis indicates that the attack was a...
Avast released a free decryptor for TargetCompany ransomware
Cybersecurity firm Avast has released a decryption tool to allow victims of TargetCompany ransomware to recover their files for free. Czech...
Microsoft disables the ms-appinstaller protocol because it was abused to spread malware
Microsoft temporarily disabled the ms-appinstaller protocol for MSIX because it was abused by malware, such as Emotet. Microsoft announced to have temporarily...
US Telecom providers requested $5.6B to replace Chinese equipment
The Federal Communications Commission (FCC) says that small telecom providers have requested $5.6 billion to replace Chinese gear. The U.S....
How to avoid being scammed this Valentine’s Day
With Valentine’s Day approaching, you can be sure that the scammers will want to take advantage of lovebirds everywhere. From...
Hackers breached a server of National Games of China days before the event
An unnamed Chinese-language-speaking hacking group compromised systems at National Games of China in 2021. Researchers at cybersecurity firm Avast discovered...
Securitas breached, 3TB of airport employee records exposed
An unsecured AWS server, found open to the public Internet, is the root cause of a huge compromise of data...
A week in security (January 31 – February 6)
Last week on Malwarebytes Labs: Threat actor steals email with Zimbra zero-dayFBI warns of bogus job postings on recruitment sitesInvestment...
Russian Gamaredon APT is targeting Ukraine since October
Russia-linked APT group Gamaredon is behind spear-phishing attacks against Ukrainian entities and organizations since October 2021. Russia-linked cyberespionage group Gamaredon...
Israeli surveillance firm QuaDream emerges from the dark
One of the Apple iOS zero-day flaws exploited by the NSO group was also used by another surveillance firm named QuaDream....
Argo CD flaw could allow stealing sensitive data from Kubernetes Apps
A flaw in Argo CD tool for Kubernetes could be exploited by attackers to steal sensitive data from Kubernetes Apps....
Security Affairs newsletter Round 352
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free...
LockBit ransomware gang claims to have stolen data from PayBito crypto exchange
LockBit ransomware gang claims to have stolen customers’ data from the PayBito crypto exchange. PayBito is a bitcoin and cryptocurrency exchange for major...
FBI issued a flash alert on Lockbit ransomware operation
The FBI released a flash alert containing technical details associated with the LockBit ransomware operation. The Federal Bureau of Investigation...
CISA orders federal agencies to fix actively exploited CVE-2022-21882 Windows flaw
US CISA ordered federal agencies to patch their systems against actively exploited CVE-2022-21882 Windows flaw. The Cybersecurity and Infrastructure Security...
Cryptojacking Attacks Target Alibaba ECS Instances
Discover how some malicious groups disable features in Alibaba Cloud ECS instances for illicit mining of Monero. If you like...
This Week in Security News – February 4, 2022
Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened...
Over 500,000 people were impacted by a ransomware attack that hit Morley
Business services firm Morley was hit by a ransomware attack that may have exposed data of +500,000 individuals. Business services...
Ransomware attack hit Swissport International causing delays in flights
Aviation services company Swissport International was hit by a ransomware attack that impacted its operations. Swissport International Ltd. is an...
Threat actor steals email with Zimbra zero-day
Researchers have discovered a threat actor attempting to exploit a cross-site scripting (XSS) zero-day vulnerability in the Zimbra email platform....
A nation-state actor hacked media and publishing giant News Corp
American media and publishing giant News Corp revealed it was victim of a cyber attack from an advanced persistent threat...
Retail giant Target open sources Merry Maker e-skimmer detection tool
Retail giant Target is going to open-source an internal tool, dubbed Merry Maker, designed to detect e-skimming attacks. Retail giant Target...
FBI warns of bogus job postings on recruitment sites
Before Christmas was a busy time down at the fake job factory, with all manner of dubious antics out to...
