Investigating APT36 or Earth Karkaddan’s Attack Chain and Malware Arsenal
We investigated the most recent activities of APT36, also known as Earth Karkaddan, a politically motivated advanced persistent threat (APT)...
News
Analysis and Impact of LockBit Ransomware’s First Linux and VMware ESXi Variant
LockBit ransomware's operators announced the release of its first Linux and ESXi variant in October. With samples also spotted in...
US-CERT Bulletin (SB22-024):Vulnerability Summary for the Week of January 17, 2022
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
Tens of AccessPress WordPress themes compromised as part of a supply chain attack
Threat actors planted a backdoor into multiple WordPress themes and plugins after compromising the website of their developer. In a...
Microsoft is now disabling Excel 4.0 macros by default
Back in October 2021, Microsoft announced in an email sent to customers that it planned to disable Excel 4.0 macros...
Warning issued over tampered QR codes
Avid readers of the Malwarebytes Labs blog are quite aware of QR code shenanigans—both within and outside of the United...
Dark Souls servers taken offline over hacking fears
There’s been trouble brewing over the weekend for players of the smash-hit Dark Souls series. PvP servers (player vs player)...
Russian authorities arrested the kingpin of cybercrime Infraud Organization
Russian authorities arrested four alleged members of the international cyber theft ring tracked as ‘Infraud Organization.’ In February 2008, the...
Emotet spam uses unconventional IP address formats to evade detection
Experts warn Emotet malware campaign using “unconventional” IP address formats in an attempt to evade detection. Threat actors behind a...
A week in security (January 17 — 23)
Last week on Malwarebytes Labs: CISA calls for urgent action against critical threatsRed Cross begs attackers to “Do the right...
Crooks tampering with QR Codes to steal victim money and info, FBI warns
The FBI warns that cybercriminals are using malicious QR codes to steal their credentials and financial info. The Federal Bureau of...
F5 fixes 25 flaws in BIG-IP, BIG-IQ, and NGINX products
Cybersecurity provider F5 released security patches to address 25 vulnerabilities affecting its BIG-IP, BIG-IQ, and NGINX products. Cybersecurity firm F5...
OpenSubtitles data breach impacted 7 million subscribers
OpenSubtitles has suffered a data breach, the maintainers confirmed that the incident impacted 7 Million subscribers. OpenSubtitles is a popular...
US CISA added 17 flaws to its Known Exploited Vulnerabilities Catalog
US CISA added seventeen new actively exploited vulnerabilities to the ‘Known Exploited Vulnerabilities Catalog’. The ‘Known Exploited Vulnerabilities Catalog‘ is...
Molerats cyberespionage group uses public cloud services as attack infrastructure
Cyberespionage group Molerats has been observed abusing legitimate cloud services, like Google Drive and Dropbox as attack infrastructure. Zscaler ThreatLabz...
Security Affairs newsletter Round 350
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free...
Data Privacy Day: Know your rights, and the right tools to stay private
Not all data privacy rights are the same. There’s the flimsy, the firm, the enforceable, and the antiquated, and, unfortunately,...
Pay attention to Log4j attacks, Dutch National Cybersecurity Centre (NCSC) warns
The Dutch National Cybersecurity Centre (NCSC) warns organizations of risks associated with cyberattacks exploiting the Log4J vulnerability. The Dutch National...
Vulnerabilities in Control Web Panel potentially expose Linux Servers to hack
Two critical security vulnerabilities in Control Web Panel potentially expose Linux servers to remote code execution attacks Researchers from Octagon Networks disclosed...
US Treasury Department sanctions 4 Ukrainian officials for working with Russian intelligence
The U.S. Treasury Department announced sanctions against four current and former Ukrainian government officials for collaborating with Russia. The U.S....
A bug in McAfee Agent allows running code with Windows SYSTEM privileges
McAfee addressed a security flaw in its McAfee Agent software for Windows that allows running arbitrary code with SYSTEM privileges. McAfee...
Experts warn of anomalous spyware campaigns targeting industrial firms
Researchers spotted several spyware campaigns targeting industrial enterprises to steal credentials and conduct financial fraud. Researchers from Kaspersky Lab have...
Google Project Zero discloses details of two Zoom zero-day flaws
Google Project Zero experts disclosed details of two zero-day flaws impacting Zoom clients and Multimedia Router (MMR) servers. Google Project Zero researchers...
MoonBounce UEFI implant spotted in a targeted APT41 attack
Researchers have spotted China-linked APT41 cyberespionage group using a UEFI implant, dubbed MoonBounce, to maintain persistence. Kaspersky researchers spotted the...
