Hundreds of thousands of routers exposed to Eternal Silence campaign via UPnP
A hacking campaign, tracked as Eternal Silence, is abusing UPnP to compromise routers and use them to carry out malicious...
News
How a few PhD students revealed that phishing trainings might just not work: Lock and Code S03E03
You’ve likely fallen for it before—a simulated test sent by your own company to determine whether or not its employees...
Hackers stole $80M worth of cryptocurrency from the Qubit DeFi platform
Threat actors stole $80M worth of cryptocurrency from the Qubit DeFi platform by exploiting a flaw in the smart contract...
DeepDotWeb admin sentenced to 97 months in prison for money laundering scheme
The administrator of the DeepDotWeb (DDW) has received a sentence of 97 months in prison for money laundering. Tal Prihar...
Expert earned $100,500 bounty to hack Apple MacBook webcam and microphone
Apple paid +$100K bounty for a macOS series of flaws that can allow threat actors to take over the microphone...
Actor’s verified Twitter profile hijacked to spam NFT giveaways
When we refer to hijacked verified profiles on Twitter, it’s most commonly some sort of Elon Musk themed scam. The...
A week in security (January 24 – 30)
Last week on Malwarebytes Labs: QNAP update stops Deadbolt ransomware, annoys some users, starts debateBig Mother is watching: What parents...
Americans lost $770 million from social media fraud in 2021, FTC reports
A report from the US Federal Trade Commission (FTC) revealed that in 2021 Americans lost $770 million from social media...
Hybrid cloud campaign OiVaVoii targets company executives
A new hacking campaign, tracked as ‘OiVaVoii’, is targeting company executives with malicious OAuth apps. Researchers from Proofpoint have uncovered...
Expert releases PoC for CVE-2022-21882 Windows local privilege elevation issue
A researcher disclosed an exploit for a Windows local privilege elevation issue (CVE-2022-21882) that allows anyone to gain admin privileges...
Security Affairs newsletter Round 351
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free...
Novel device registration trick enhances multi-stage phishing attacks
Microsoft has disclosed details of a large-scale phishing campaign using a novel device registration technique to target other enterprises. Microsoft...
QNAP force-installs update against the recent wave of DeadBolt ransomware infections
QNAP forces its customers to update the firmware of their Network Attached Storage (NAS) devices to protect against the DeadBolt...
US FCC bans China Unicom Americas telecom over national security risks
The Federal Communications Commission (FCC) revoked the license for the China Unicom Americas over serious national security concerns. The Federal...
NCSC warns UK entities of potential destructive cyberattacks from Russia
The UK’s National Cyber Security Centre (NCSC) urges organizations to improve cybersecurity due to the risk of imminent destructive cyberattacks...
This Week in Security News – January 28th, 2022
Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened...
3 Remote Work Security Tips for CISOs
How can CISOs manage remote work security? Explore 3 tips to secure networks, endpoints, and users. If you like the...
What is Cloud Native?
You’ve most likely heard the term “cloud native,” but what does it really mean? This article explores the five requirements...
QNAP update stops Deadbolt ransomware, annoys some users, starts debate
Earlier this week (25 January, 2022) news broke that a ransomware group was targeting QNAP Network Attached Storage (NAS) devices....
Finnish diplomats’ devices infected with Pegasus spyware
Finland Ministry for Foreign Affairs revealed that devices of Finnish diplomats have been infected with NSO Group’s Pegasus spyware. Finland’s...
Zerodium offers $400,000 for Microsoft Outlook RCE zero-day exploits
Zero-day exploit broker Zerodium announced it will pay $400,000 for zero-day RCE in Microsoft Outlook email client. The zero-day exploit...
Delta Electronics, a tech giants’ contractor, hit by Conti ransomware
Delta Electronics, a Taiwanese contractor for multiple tech giants such as Apple, Dell, HP and Tesla, was hit by Conti...
Experts devise a technique to bypass Microsoft Outlook Security feature
A researcher devised a technique to bypass a security feature of Microsoft Outlook and deliver a malicious link to the...
Big Mother is watching: What parents REALLY think about tracking their kids
Every year on Data Privacy Day, we’re greeted with countless arguments about the absolute merits of data privacy (protections good,...
