AvosLocker ransomware now targets Linux systems, including ESXi servers
AvosLocker is the latest ransomware that implemented the capability to encrypt Linux systems including VMware ESXi servers. AvosLocker expands its...
News
WordPress 5.8.3 Security Release fixes four vulnerabilities
WordPress maintainers have released WordPress 5.8.3 that addresses four vulnerabilities and recommend admins to update their sites immediately The WordPress...
Uncovering and Defending Systems Against Attacks With Layers of Remote Control
The Trend Micro™ Managed XDR team addressed a stealthy multilayered attack that progressed from an exploited endpoint vulnerability to the...
US-CERT Bulletin (SB22-010):Vulnerability Summary for the Week of January 3, 2022
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
Several EA Sports FIFA 22 players have been hacked
Several EA Sports FIFA 22 players claim to have been hacked, they say to have lost access to their personal...
Abcbot and Xanthe botnets have the same origin, experts discovered
Experts linked the C2 infrastructure behind an the Abcbot botnet to a cryptocurrency-mining botnet attack that was uncovered in December...
Indian-linked Patchwork APT infected its own system revealing its ops
The India-linked threat actor Patchwork infected one of their own computers with its RAT revealing its operations to researchers. An...
A week in security (January 3 – 9)
Last week on Malwarebytes Labs: Ransomware attacks Finalsite, renders 8,000 school sites unreachable for daysPatchwork APT caught in its own...
New ZLoader malware campaign hit more than 2000 victims across 111 countries
A malware campaign spreads ZLoader malware by exploiting a Windows vulnerability that was fixed in 2013 but in 2014 Microsoft...
Cyber Defense Magazine – January 2022 has arrived. Enjoy it!
Cyber Defense Magazine January 2022 Edition has arrived. We hope you enjoy this month’s edition…packed with 155 pages of excellent...
US NCSC and DoS share best practices against surveillance tools
The US NCSC and the Department of State published joint guidance on defending against attacks using commercial surveillance tools. The US...
Swiss army asks its personnel to use the Threema instant-messaging app
The Swiss army has banned all instant messaging apps, including Signal, Telegram, and WhatsApp, recommending the use of the Threema...
Russian submarines threatening undersea cables, UK defence chief warns
Russian submarines threatening undersea network of undersea cables, says UK defence chief Sir Tony Radakin UK defence chief Sir Tony...
Security Affairs newsletter Round 348
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free...
Unauthenticated RCE in H2 Database Console is similar to Log4Shell
Researchers disclosed a critical RCE flaw in the H2 open-source Java SQL database which is similar to the Log4J vulnerability....
FluBot malware continues to evolve. What’s new in Version 5.0 and beyond?
Researchers warn of new campaigns distributing a new improved version of the FluBot malware posing as Flash Player. Researchers from...
Alfer Microsoft, also SonicWall confirmed that its products were affected by Y2K22 bug
SonicWall confirmed that some of its Email Security and firewall products have been impacted by the Y2K22 bug. Security vendor...
FIN7 group continues to target US companies with BadUSB devices
The Federal Bureau of Investigation (FBI) warns US companies that the FIN7 cybercriminals group is targeting the US defense industry...
This Week in Security News – January 7th, 2022
This week, read about Log4j vulnerabilities in connected cars and charging stations and how iOS malware can fake iPhone shutdowns...
Codex Exposed: Exploring the Capabilities and Risks of OpenAI’s Code Generator
The first of a series of blog posts examines the security risks of Codex, a code generator powered by the...
This Week in Security News – January 7, 2022
This week, read about Log4j vulnerabilities in connected cars and charging stations and how iOS malware can fake iPhone shutdowns...
Organized Cybercrime Cases: What CISOs Need to Know
Jon Clay, VP of Threat Intelligence at Trend Micro, explores the latest Trend Micro Research covering Access as a Service...
Ransomware attacks Finalsite, renders 8,000 school sites unreachable for days
Finalsite, a popular platform for creating school websites, appears to have recovered significant functionality after being attacked by a still-unknown...
How to secure QNAP NAS devices? The vendor’s instructions
QNAP is warning customers of ransomware attacks targeting network-attached storage (NAS) devices exposed online. Taiwanese vendor QNAP has warned customers...
