US CISA appointed Kiersten Todt as new chief of staff
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has appointed Kiersten Todt as its new chief of staff. The U.S....
News
Microsoft Patch Tuesday fixes CVE-2021-40444 MSHTML zero-day
Microsoft Patch Tuesday security updates for September 2021 addressed a high severity zero-day flaw actively exploited in targeted attacks. Microsoft Patch...
Mēris Bot infects MikroTik routers compromised in 2018
Latvian vendor MikroTik revealed that recently discovered Mēris botnet is targeting devices that were compromised three years ago. Last week, the Russian...
Millions of HP OMEN gaming PCs impacted by CVE-2021-3437 driver flaw
A high severity vulnerability, tracked as CVE-2021-3437, in HP OMEN laptop and desktop gaming computers exposes millions of systems to DoS...
Parts of the Dark Web “awash” with school children’s personal data
NBC News has collected and analyzed a trove of children’s personal information it discovered on the Dark Web. Even though...
Update now! Google Chrome fixes two in-the-wild zero-days
Google announced on Monday that it will be issuing patches for 11 high severity vulnerabilities found in Chrome, including two that...
Apple releases emergency update: Patch, but don’t panic
Spyware developed by the company NSO Group is back in the news today after Apple released an emergency fix for...
New Android Banking Malware Targeting Mexican Users to Steal Financial Credentials
McAfee Mobile Malware Research Team has discovered an android banking malware targeting Mexican users by posing as a security banking...
This Aspiring Hacker was Caught in a Quite Embarrassing Manner
The US Department of Justice (DoJ) has arrested a Ukrainian citizen for using a botnet to hack people's passwords. He...
Kumsong 121 North Korean Hacker Group Conducts Cyber Attacks via Social Media
Kumsong 121 the North Korean Hacker gang has unleashed a cyberattack employing social media in North Korea. The North Korean...
Hackers switched to combined cyber attacks on the Russian financial sector
Experts began to note the particular interest of cybercriminals in the Russian banking sector as early as mid-summer 2021. In...
1GB of Puma Data is Now Accessible on Marketo
Hackers have stolen data from Puma, a German sportswear firm, and are now attempting to extort money from the corporation...
Google addresses a new Chrome zero-day flaw actively exploited in the wild
Google Chrome 93.0.4577.82 for Windows, Mac, and Linux that addressed eleven security issues, including two zero-days actively exploited. Google released...
Vermilion Strike, a Linux implementation of Cobalt Strike Beacon used in attacks
Researchers discovered Linux and Windows implementations of the Cobalt Strike Beacon developed by attackers that were actively used in attacks in the...
Popular NPM package Pac-Resolver affected by a critical flaw
Experts found a critical flaw, tracked as CVE-2021-23406, in the popular NPM package ‘Pac-Resolver‘ that has millions of downloads every week....
Apple fixes actively exploited FORCEDENTRY zero-day flaws
Apple released security patches to fix two zero-day vulnerabilities in iOS and macOS that are actively exploited in attacks in...
Facebook announces WhatsApp end-to-end encrypted (E2EE) backups
Facebook announced it will allow WhatsApp users to encrypt their message history backups in the cloud. Facebook will continue to...
The many tentacles of Magecart Group 8
This blog post was authored by Jérôme Segura During the past couple of years online shopping has continued to increase...
Backups are not a simple ransomware defense, with Matt Crape: Lock and Code S02E17
A recent spate of ransomware attacks in the US and abroad have derailed major corporations, spurring a fuel shortage on...
A week in security (Sept 6 – Sept 12)
Last week on Malwarebytes Labs Apple delays plans to search devices for child abuse imagery.ProtonMail hands user’s IP address and...
GitHub Identifies Multiple Security Vulnerabilities in Node.js Packages
Cybersecurity researchers at GitHub have uncovered arbitrary code execution vulnerabilities in the open-source Node.js packages, "tar" and "@npmcli/arborist,". The tar package...
TESLA FSD Beta Software Leaked Days Before the Release of Version 10
Full Self Driving (FSD) beta software of the TESLA car has been leaked, and it is circulated in and around...
Microsoft Alerted Azure Customers of Bug That Could Have Allowed Hackers to Access Data
Microsoft alerted some Azure cloud computing users that a vulnerability uncovered by security experts might have given hackers access to...
Scammers in Russia Offer Free Bitcoin on a Hacked Government Website
The website of the Russian government was recently hacked. The fraudsters started a phoney Bitcoin (BTC) scheme, which they then...
