CISA adds Chrome, Redis bugs to the Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added Chrome and Redis flaws to its Known Exploited Vulnerabilities Catalog. The...
News
What is credential stuffing? And how to prevent it?
This post explains what is a credential stuffing attack and which are the countermeasures to prevent them. A credential stuffing...
Ukrtelecom, a major mobile service and internet provider in Ukraine, foiled a “massive” cyberattack that hit its infrastructure
Ukrtelecom, a major mobile service and internet provider in Ukraine, foiled a “massive” cyberattack that hit its infrastructure. On March...
Anonymous is working on a huge data dump that will blow Russia away
The Anonymous collective hacked the Russian construction company Rostproekt and announced that a leak that will Blow Russia Away. Anonymous...
Terraform Tutorial: Drift Detection Strategies
A fundamental challenge of architecture built using tools like Terraform is configuration drift. Check out these actionable strategies and steps...
US-CERT Bulletin (SB22-087):Vulnerability Summary for the Week of March 21, 2022
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
Hive ransomware ports its encryptor to Rust programming language
The Hive ransomware gang ported its encryptor to the Rust programming language and implemented new features. The Hive ransomware operation...
Telling stories securely, with Runa Sandvik: Lock and Code S03E07
In 2017, a former NSA contractor named Reality Winner was arrested for allegedly leaking an internal report to the online...
Muhstik Botnet Targeting Redis Servers Using Recently Disclosed Vulnerability
The Muhstik botnet has been observed targeting Redis servers exploiting the recently disclosed CVE-2022-0543 vulnerability. Muhstik is a botnet that is...
Update now! Google releases emergency patch for Chrome zero-day used in the wild
Google has urged its 3 billion+ users to update to Chrome version 99.0.4844.84 for Mac, Windows, and Linux to mitigate a...
Tech support fraud is still very much alive, says latest FBI report
The FBI’s Internet Crime Complaint Center (IC3) has released its annual report. In 2021, IC3 continued to receive a record...
While Twitter suspends Anonymous accounts, the group hacked VGTRK Russian Television and Radio
While Twitter suspends some Anonymous accounts, the collective hacked All-Russia State Television and Radio Broadcasting Company (VGTRK). On Friday, Anonymous...
A week in security (March 21 – 27)
Last week on Malwarebytes Labs: Anti-war open-source software developer targets Russians and Belarussians with “protestware”Elden Ring exploit traps players in...
GhostWriter APT targets state entities of Ukraine with Cobalt Strike Beacon
Ukraine CERT-UA warns that the Belarus-linked GhostWriter APT group is targeting state entities of Ukraine with Cobalt Strike Beacon. Ukraine...
Shopping trap: The online stores’ scam that hits users worldwide
Shopping trap: Criminal gangs from China have been using copies of online stores of popular brands to target users all...
Sophos Firewall affected by a critical authentication bypass flaw
Sophos has addressed a critical vulnerability, tracked as CVE-2022-1040, in its Sophos Firewall that allows remote code execution (RCE). Sophos has fixed an...
Mar 20- Mar 26 Ukraine – Russia the silent cyber conflict
This post provides a timeline of the events related to the Russian invasion of Ukraine from the cyber security perspective....
Western Digital addressed a critical bug in My Cloud OS 5
Western Digital fixed a critical flaw affecting My Cloud OS 5 devices that allowed attackers to gain remote code execution...
CISA adds 66 new flaws to the Known Exploited Vulnerabilities Catalog
The US Cybersecurity and Infrastructure Security Agency (CISA) added 66 new flaws to its Known Exploited Vulnerabilities Catalog. The U.S....
FCC adds Kaspersky to Covered List due to unacceptable risks to national security
The Federal Communications Commission (FCC) added Kaspersky to its Covered List because it poses unacceptable risks to U.S. national security....
Anonymous leaked 28GB of data stolen from the Central Bank of Russia
Anonymous announced that the affiliate group Black Rabbit World has leaked 28 GB of data stolen from the Central Bank...
This Week in Security News – March 25, 2022
An investigation of cryptocurrency scams and schemes, and Lapsus$: Oxford teen accused of being multi-millionaire cyber-criminal If you like the...
Purple Fox Uses New Arrival Vector and Improves Malware Arsenal
Purple Fox is an old threat that has been making waves since 2018. This most recent investigation covers Purple Fox’s...
Chrome emergency update fixes actively exploited a zero-day bug
Google addresses an actively exploited zero-day flaw with the release of Chrome 99.0.4844.84 for Windows, Mac, and Linux. Google fixed...
