Y2k22 bug in Microsoft Exchange causes failure in email delivery
Y2k22 bug is causing Microsoft Exchange on-premise servers to fail in delivering email starting on January 1st, 2022. Microsoft Exchange...
News
Security Affairs most-read cyber stories of 2021
Which are the most-read cyber stories of 2021? This post includes Top Posts for the last 365 days. Why Edward...
PulseTV discloses potential credit card breach
U.S. online store PulseTV disclosed a potential credit card data breach, more than 200,000 customers have been impacted. U.S. online...
The Have I Been Pwned service now includes 441K accounts stolen by RedLine malware
The Have I Been Pwned data breach notification service now includes credentials for 441K accounts that were stolen by RedLine...
Multiple flaws in Netgear Nighthawk R6700v3 router are still unpatched
Researchers discovered multiple high-risk vulnerabilities affecting the latest firmware version for the Netgear Nighthawk R6700v3 router. Researchers from Tenable have...
How to implant a malware in hidden area of SSDs with Flex Capacity feature
Researchers devised a series of attacks against SSDs that could allow to implant malware in a location that is not...
Flaws in DataVault encryption software impact multiple storage devices
Researchers found several vulnerabilities in third-party encryption software that is used by multiple storage devices from major vendors. Researcher Sylvain...
New iLOBleed Rootkit, the first time ever that malware targets iLO firmware
A previously unknown rootkit, dubbed iLOBleed, was used in attacks aimed at HP Enterprise servers that wiped data off the...
What is IP sniffing?
IP sniffers, also known as packet sniffers, network analyzers, or protocol analyzers, are tools which play an essential role in...
AvosLocker ransomware gang releases a free decryptor after an affiliate hit US gov agency
The AvosLocker ransomware operators released a free decryptor after they accidentally encrypted the system of US Government entity. The AvosLocker...
China-linked APT group Aquatic Panda leverages Log4Shell in recent attack
China-linked APT group Aquatic Panda is exploiting the Log4Shell vulnerability to compromise a large academic institution. China-linked cyberespionage group Aquatic...
Top 5 DevOps Resource Center Articles of 2021
We look back on the 5 most popular DevOps Resource Center articles in 2021 to help you build at your...
T-Mobile suffered a new data breach
T-Mobile discloses a new data breach that impacted a “very small number of customers” who were victim of SIM swap...
The three most significant cyberattacks of 2021?
People that predict tomorrow’s weather by looking at today’s are often right. Cloudy today? It’ll probably be cloudy tomorrow. The...
Apache Log4j 2.17.1 fixes new remote code execution flaw (CVE-2021-44832)
The Apache Software Foundation released Log4j 2.17.1 version to address recently discovered arbitrary code execution flaw tracked as CVE-2021-44832. The...
A cyber attack against Norwegian Media firm Amedia blocked newspaper publishing
A cyber attack hit Norwegian media company Amedia on Tuesday and forced it to shut down multiple systems. Amedia, one...
China-linked BlackTech APT uses new Flagpro malware in recent attacks
China-linked BlackTech cyberespionage group was targeting Japanese companies using new malware tracked as ‘Flagpro’. Researchers from NTT Security reported that China-linked...
LastPass investigated recent reports of blocked login attempts
Password manager app LastPass confirmed that threat actors have launched a credential stuffing attack against its users. While LastPass says...
Threat actors are abusing MSBuild to implant Cobalt Strike Beacons
Experts warn of malicious campaigns abusing Microsoft Build Engine (MSBuild) to execute a Cobalt Strike payload on compromised systems. Security...
Shutterfly hit by a Conti ransomware attack
Shutterfly, an online platform for photography and personalized products, has been affected by a ransomware attack. Shutterfly, is American photography, photography...
DoubleFeature, post-exploitation dashboard used by Equation Group APT
Researchers analyzed the DoubleFeature logging tool of DanderSpritz Framework that was used by the Equation Group APT group. Check Point...
A week in security (Dec 20 – 26)
Last week on Malwarebytes Labs: When a deepfake “empire” continues to growEverything you always wanted to know about NFTs (but...
Logistics giant D.W. Morgan exposed 100 GB worth of clients’ data, including Fortune 500 Clients
The Website Planet security team discovered a data breach suffered by the multinational logistics giant D.W. Morgan. The Website Planet security team discovered an Amazon...
US-CERT Bulletin (SB21-361):Vulnerability Summary for the Week of December 20, 2021
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
