Kronos crippled by ransomware, service may be out for weeks
Human resources platform provider UKG has put out a statement saying it’s fallen prey to ransomware that has disrupted the...
News
Google fixed the 17th zero-day in Chrome since the start of the year
Google has released Chrome 96.0.4664.110 to address a high-severity zero-day vulnerability, tracked as CVE-2021-4102, exploited in the wild. Google released security updates to address...
TinyNuke banking malware targets French organizations
The TinyNuke malware is back and now was used in attacks aimed at French users working in manufacturing, technology, construction, and...
CVE-2021-44228 vulnerability in Apache Log4j library
CVE-2021-44228 summary Last week information security media reported the discovery of the critical vulnerability CVE-2021-44228 in the Apache Log4j library...
US-CERT Bulletin (SB21-347):Vulnerability Summary for the Week of December 6, 2021
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
Practical coexistence attacks on billions of WiFi chips allow data theft and traffic manipulation
Boffins discovered bugs in WiFi chips that can be exploited to extract passwords and manipulate traffic by targeting a device’s...
Spear phish, whale phish, regular phish: What’s the difference?
There are many types of phishing attack nowadays, to the extent it can be tricky to keep up with them...
CISA adds Log4Shell Log4j flaw to the Known Exploited Vulnerabilities Catalog
The U.S. CISA added 13 new vulnerabilities to the Known Exploited Vulnerabilities Catalog, including Apache Log4Shell Log4j and Fortinet FortiOS issues....
A week in security (Dec 6 – 12)
Last week on Malwarebytes Labs: Log4j zero-day “Log4Shell” arrives just in time to ruin your weekendClick “OK” to defeat MFAFake...
Log4Shell was in the wild at least nine days before public disclosure
Threat actors are already abusing Log4Shell vulnerability in the Log4j library for malicious purposes such as deploying malware. A few...
Two Linux botnets already exploit Log4Shell flaw in Log4j
Immediately after the disclosure of the Log4Shell flaw in Log4j library threat actors started including the exploit code in Linux...
Quebec shuts down thousands of sites as disclosure of the Log4Shell flaw
Quebec shut down nearly 4,000 of its sites in response to the discovery of the Log4Shell flaw in the Apache Log4j Java-based logging...
Russian nation sentenced to 48 months in prison for helping Kelihos Botnet to evade detection
A United States court has sentenced to four years in prison for the Russian citizen Oleg Koshkin for his role...
A phishing campaign targets clients of German banks using QR codes
Cofense researchers discovered a new phishing campaign using QR codes targeting German e-banking users in the last weeks. Threat actors continue...
Security Affairs newsletter Round 344
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free...
Western Digital SanDisk SecureAccess flaws allow brute force and dictionary attacks
Vulnerabilities in the Western Digital SanDisk SecureAccess can be exploited to access user data through brute force and dictionary attacks....
New ‘Karakurt’ cybercrime gang focuses on data theft and extortion
Accenture researchers detailed the activity of a new sophisticated cybercrime group, called Karakurt, behind recent cyberattacks. Accenture researchers detailed the...
Cybereason released Logout4Shell, a vaccine for Log4Shell Apache Log4j RCE
Cybereason researchers released a “vaccine” that mitigates the critical ‘Log4Shell’ Apache Log4j code execution vulnerability. Chinese security researcher p0rz9 publicly...
Volvo Cars suffers a data breach. Is it a ransomware attack?
Swedish automotive manufacturer Volvo Cars revealed that has suffered a cyberattack that resulted in the theft of R&D data. Swedish...
Australian ACSC warns of Conti ransomware attacks against local orgs
The Australian Cyber Security Centre (ACSC) warns of Conti ransomware attacks again multiple Australian organizations. The Australian Cyber Security Centre...
Log4j zero-day “Log4Shell” arrives just in time to ruin your weekend
If you’re running a service that relies on Apache Struts or uses the popular Apache Log4j utility we hope you...
Click “OK” to defeat MFA
Researchers have discovered that Nobelium—the threat actor behind the infamous SolarWinds supply-chain attack, the Sunburst backdoor, TEARDROP malware, GoldMax malware,...
A zero-day exploit for Log4j Java library could have a tsunami impact on IT giants
Experts publicly disclose Proof-of-concept exploits for a critical zero-day vulnerability in the Apache Log4j Java-based logging library. Experts publicly disclose...
1.6 million WordPress sites targeted in the last couple of days
Wordfence experts detected a massive wave of attacks in the last couple of days that targeted over 1.6 million WordPress sites. Wordfence...
