Microsoft Patch Tuesday fixes critical Office RCE
Microsoft Patch Tuesday security updates fix a critical Office flaw that can allow remote attackers to execute malicious code on...
News
Night Sky ransomware operators exploit Log4Shell to target hack VMware Horizon servers
Another gang, Night Sky ransomware operation, started exploiting the Log4Shell vulnerability in the Log4j library to gain access to VMware...
The Facebook Pixel Hunt aims to unravel Facebook’s tracking methods. Will you join?
Browser developer Mozilla has announced a research project to provide insights into, and data about, a space that’s opaque to...
How to share your Wi-Fi password safely
You may not have as many people visiting your home due to the pandemic, but restrictions are a hit-and-miss affair....
Night Sky: the new corporate ransomware demanding a sky high ransom
There’s a new ransomware in town—isn’t there always?—and it’s, unsurprisingly, after corporation-sized businesses. It’s called Night Sky, and it was...
Attackers are mailing USB sticks to drop ransomware on victims’ computers
Physical objects as security threats are in the news at the moment. The oft-touched upon tale of rogue USB sticks...
AvosLocker ransomware now targets Linux systems, including ESXi servers
AvosLocker is the latest ransomware that implemented the capability to encrypt Linux systems including VMware ESXi servers. AvosLocker expands its...
WordPress 5.8.3 Security Release fixes four vulnerabilities
WordPress maintainers have released WordPress 5.8.3 that addresses four vulnerabilities and recommend admins to update their sites immediately The WordPress...
Uncovering and Defending Systems Against Attacks With Layers of Remote Control
The Trend Micro™ Managed XDR team addressed a stealthy multilayered attack that progressed from an exploited endpoint vulnerability to the...
US-CERT Bulletin (SB22-010):Vulnerability Summary for the Week of January 3, 2022
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
Several EA Sports FIFA 22 players have been hacked
Several EA Sports FIFA 22 players claim to have been hacked, they say to have lost access to their personal...
Abcbot and Xanthe botnets have the same origin, experts discovered
Experts linked the C2 infrastructure behind an the Abcbot botnet to a cryptocurrency-mining botnet attack that was uncovered in December...
Indian-linked Patchwork APT infected its own system revealing its ops
The India-linked threat actor Patchwork infected one of their own computers with its RAT revealing its operations to researchers. An...
A week in security (January 3 – 9)
Last week on Malwarebytes Labs: Ransomware attacks Finalsite, renders 8,000 school sites unreachable for daysPatchwork APT caught in its own...
New ZLoader malware campaign hit more than 2000 victims across 111 countries
A malware campaign spreads ZLoader malware by exploiting a Windows vulnerability that was fixed in 2013 but in 2014 Microsoft...
Cyber Defense Magazine – January 2022 has arrived. Enjoy it!
Cyber Defense Magazine January 2022 Edition has arrived. We hope you enjoy this month’s edition…packed with 155 pages of excellent...
US NCSC and DoS share best practices against surveillance tools
The US NCSC and the Department of State published joint guidance on defending against attacks using commercial surveillance tools. The US...
Swiss army asks its personnel to use the Threema instant-messaging app
The Swiss army has banned all instant messaging apps, including Signal, Telegram, and WhatsApp, recommending the use of the Threema...
Russian submarines threatening undersea cables, UK defence chief warns
Russian submarines threatening undersea network of undersea cables, says UK defence chief Sir Tony Radakin UK defence chief Sir Tony...
Security Affairs newsletter Round 348
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free...
Unauthenticated RCE in H2 Database Console is similar to Log4Shell
Researchers disclosed a critical RCE flaw in the H2 open-source Java SQL database which is similar to the Log4J vulnerability....
FluBot malware continues to evolve. What’s new in Version 5.0 and beyond?
Researchers warn of new campaigns distributing a new improved version of the FluBot malware posing as Flash Player. Researchers from...
Alfer Microsoft, also SonicWall confirmed that its products were affected by Y2K22 bug
SonicWall confirmed that some of its Email Security and firewall products have been impacted by the Y2K22 bug. Security vendor...
FIN7 group continues to target US companies with BadUSB devices
The Federal Bureau of Investigation (FBI) warns US companies that the FIN7 cybercriminals group is targeting the US defense industry...
