UK NCSC shares guidance for organizations to secure their communications with customers
UK NCSC has published new guidance for organizations to secure their communications with customers via SMS or phone calls. UK’s...
News
CISA warns of potential critical threats following attacks against Ukraine
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned organizations about “potential critical threats” following the recent cyberattacks that hit...
Browsers on iOS, iPadOS and Mac leak your browsing activity and personal identifiers
Researchers at FingerprintJS, a Chicago-based firm that specializes in online fraud prevention, have published a software bug introduced in Safari...
Mac users, update now! “Powerdir” flaw could allow attackers to spy on you
If you have been forgoing updating your Mac, this article might make you think twice. The Microsoft 365 Defender Research...
Campaign launched to delay social media end-to-end encryption
The many issues surrounding end-to-end encryption (E2EE) are ever-present. They usually spring up when something that could potentially affect the...
Box flaw allowed to bypass MFA and takeover accounts
A vulnerability in the implementation of multi-factor authentication (MFA) for Box allowed threat actors to take over accounts. A vulnerability...
Cybercriminals’ friend VPNLab.net shut down by law enforcement
Europol has announced that law enforcement has seized or disrupted the 15 servers that hosted VPNLab.net’s service, rendering it no...
Is White Rabbit ransomware linked to FIN8 financially motivated group?
A new ransomware gang named White Rabbit appeared in the threat landscape, experts believe it is linked to the FIN8...
New Ransomware Spotted: White Rabbit and Its Evasion Tactics
We analyze the ransomware White Rabbit and bring into focus the familiar evasion tactics employed by this newcomer. If you...
AlphV/BlackCat ransomware gang published data stolen from fashion giant Moncler
Luxury fashion giant Moncler confirmed a data breach after a ransomware attack carried out by the AlphV/BlackCat. Moncler confirmed a data...
Financially motivated Earth Lusca threat actors targets organizations worldwide
A sophisticated threat actor, tracked as Earth Lusca, is targeting government and private organizations worldwide as for financial purposes. Trend Micro...
Why we don’t patch, with Jess Dodson: Lock and Code S03E02
In 2017, the largest ransomware attack ever recorded hit the world, infecting more than 230,000 computers across more than 150...
Law enforcement shutdown the VPN service VPNLab used by many cybercriminal gangs
Europol this week announced the shutdown of VPNLab, a VPN service that is very popular in the cybercrime ecosystem. An...
Nintendo warns of imitation websites and suspicious hardware
Brave indeed is the soul who decides to take on Nintendo with scam-filled behaviour online. The console legends have a...
Infamous dark net carding site UniCC to close
UniCC, the largest site on the dark web that sells credit card and debit card information, will close up shop...
Microsoft releases Windows out-of-band emergency fixes for Win Server, VPN issues
Microsoft released Windows emergency out-of-band (OOB) updates to fix multiple issues caused by January 2021 Patch Tuesday updates. Microsoft has...
A small number of Crypto.com users reported suspicious activity on their wallet
Several Crypto.com users reported suspicious transactions that stole thousands of dollars in Ethereum (ETH) from their wallets. Several Crypto.com users...
Oracle Critical Patch Update for January 2022 will fix 483 new flaws
The pre-release announcement for Critical Patch Update (CPU) for January 2022 states that Oracle will fix 483 new flaws. This...
Earth Lusca Employs Sophisticated Infrastructure, Varied Tools and Techniques
Our technical brief provides an in-depth look at Earth Lusca’s activities, the tools it employs in attacks, and the infrastructure...
US-CERT Bulletin (SB22-017):Vulnerability Summary for the Week of January 10, 2022
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
Zoho fixes a critical vulnerability (CVE-2021-44757) in Desktop Central solutions
Zoho addressed a new critical severity flaw (CVE-2021-44757) that affects its Desktop Central and Desktop Central MSP unified endpoint management...
REvil ransomware gang busted by Russian Federal Security Service
Eight members of the REvil ransomware group have been arrested in Russia and will be pressed with criminal charges. Russia’s...
High-Severity flaw in 3 WordPress plugins impacts 84,000 websites
Researchers discovered a high-severity vulnerability in three different WordPress plugins that impact over 84,000 websites. Researchers from WordPress security company...
A week in security (January 10 – 16)
Last week on Malwarebytes Labs: Ransomware cyberattack forces New Mexico jail to lock downSome Android users can disable 2G now...
