Telehealth: A New Frontier in Medicine—and Security
Telehealth today doesn’t just involve chatting with a doctor via a video-conferencing application. It’s become an entire collection of rapidly...
News
Massive social engineering waves have impacted banks in several countries
A massive social engineering campaign targeting banks has been delivered in the last two years in several countries. A massive...
US-CERT Bulletin (SB22-031):Vulnerability Summary for the Week of January 24, 2022
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
British Council exposed 144,000 files containing student details
Personal information belonging to British Council students was exposed online via an unsecured repository. The British Council is a British...
A cyber attack severely impacted the operations of German petrol distributor Oiltanking GmbH
German petrol distributor Oiltanking GmbH was a victim of a cyberattack that has a severe impact on its operations. A...
Samba patches critical vulnerability that allows remote code execution as root
Samba developers have patched a vulnerability that allows remote attackers to execute arbitrary code as root on affected Samba installations...
Duo of Android dropper and payload target certain countries and app users
After making its first in-the-wild appearance in March 2021, Vultur—an information-stealing RAT that runs on Android—is back. And its dropper...
Iran-linked MuddyWater APT group campaign targets Turkish entities
The Iran-linked MuddyWater APT group is targeting private Turkish organizations and governmental institutions. Researchers from Cisco Talos have uncovered a...
Android malware BRATA can wipe devices
Cleafy, a cybersecurity firm specializing in online fraud, has published new details about banking Trojan BRATA (Brazilian Remote Access Tool,...
Apply those updates now: CVE bypass offers up admin privileges for Windows 10
If you’re running Windows 10, it’s time to stop delaying those patches and bring your systems up to date as...
RCE in WordPress plugin Essential Addons for Elementor impacts hundreds of thousands of websites
A critical RCE in the popular WordPress plugin Essential Addons for Elementor impacts hundreds of thousands of websites. Essential Addons...
Samba fixed CVE-2021-44142 remote code execution flaw
Samba fixes a critical flaw, tracked as CVE-2021-44142, that can allow remote attackers to execute code with root privileges. Samba has...
CISA adds 8 new vulnerabilities to its Known Exploited Vulnerabilities Catalog
The US CISA added eight more flaws to its Known Exploited Vulnerabilities Catalog that are known to be used in...
Hundreds of thousands of routers exposed to Eternal Silence campaign via UPnP
A hacking campaign, tracked as Eternal Silence, is abusing UPnP to compromise routers and use them to carry out malicious...
How a few PhD students revealed that phishing trainings might just not work: Lock and Code S03E03
You’ve likely fallen for it before—a simulated test sent by your own company to determine whether or not its employees...
Hackers stole $80M worth of cryptocurrency from the Qubit DeFi platform
Threat actors stole $80M worth of cryptocurrency from the Qubit DeFi platform by exploiting a flaw in the smart contract...
DeepDotWeb admin sentenced to 97 months in prison for money laundering scheme
The administrator of the DeepDotWeb (DDW) has received a sentence of 97 months in prison for money laundering. Tal Prihar...
Expert earned $100,500 bounty to hack Apple MacBook webcam and microphone
Apple paid +$100K bounty for a macOS series of flaws that can allow threat actors to take over the microphone...
Actor’s verified Twitter profile hijacked to spam NFT giveaways
When we refer to hijacked verified profiles on Twitter, it’s most commonly some sort of Elon Musk themed scam. The...
A week in security (January 24 – 30)
Last week on Malwarebytes Labs: QNAP update stops Deadbolt ransomware, annoys some users, starts debateBig Mother is watching: What parents...
Americans lost $770 million from social media fraud in 2021, FTC reports
A report from the US Federal Trade Commission (FTC) revealed that in 2021 Americans lost $770 million from social media...
Hybrid cloud campaign OiVaVoii targets company executives
A new hacking campaign, tracked as ‘OiVaVoii’, is targeting company executives with malicious OAuth apps. Researchers from Proofpoint have uncovered...
Expert releases PoC for CVE-2022-21882 Windows local privilege elevation issue
A researcher disclosed an exploit for a Windows local privilege elevation issue (CVE-2022-21882) that allows anyone to gain admin privileges...
Security Affairs newsletter Round 351
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free...
