CISA recommends immediately patch Exchange ProxyShell flaws
US CISA issued an urgent alert to warn admins to address ProxyShell vulnerabilities on-premises Microsoft Exchange servers. The US Cybersecurity...
News
Patch now! Microsoft Exchange is being attacked via ProxyShell
Last Saturday the Cybersecurity and Infrastructure Security Agency issued an urgent warning that threat actors are actively exploiting three Microsoft...
A week in security (August 16 – August 22)
Last week on Malwarebytes Labs: Podcast: Katie Moussouris hacked Clubhouse. Her emails went unanswered for weeks.How to troubleshoot hardware problems...
New variant of Konni malware used in campaign targetting Russia
This blog post was authored by Hossein Jazi In late July 2021, we identified an ongoing spear phishing campaign pushing...
Hacker Behind $600 Million Crypto Heist Returned Stolen Funds
The hacker behind the biggest cryptocurrency heist of all time has finally handed access to the final tranche of stolen...
38 Million Records Exposed Due to Microsoft Misconfiguration
According to experts, some 38 million records from over a thousand web apps that use Microsoft's Power Apps portals platform...
Private Details of 70M AT&T Users Offered For Sale on Underground Hacking Forum
A notorious hacking group, known as Shiny Hunters, is reportedly selling a database containing private details of 70 million AT&T...
Google Docs Scam Still Pose a Risk
A phishing attack known as the "Google Docs worm" proliferated over the internet in May 2017. It impersonated Google Docs...
Internet Browser Vulnerabilities Exploited by North Korean Hackers to Implant Malware
A threat actor from North Korea has indeed been found exploiting two flaws in the Internet Explorer to attack individuals...
Gaming-related cyberthreats in 2020 and 2021
The video game industry is soaring, not in the least thanks to the lockdowns, which forced people to look for...
US-CERT Bulletin (SB21-235):Vulnerability Summary for the Week of August 16, 2021
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
Are you using a Sophos UTM appliance? Be sure it is up to date!
A researcher disclosed technical details of a critical remote code execution vulnerability, tracked as CVE-2020-25223, patched last year. In September,...
LPE zero-day flaw in Razer Synapse allows attackers to take over Windows PCs
A zero-day vulnerability in Razer Synapse could allow threat actors to gain Windows admin privileges by plugging in a Razer...
Memorial Health System forced to cancel surgeries after ransomware attack
Health organization Memorial Health System was hit by a disruptive cyber attack that forced it to cancel surgeries and divert...
Google discloses unpatched Microsoft WFP Default Rules AppContainer Bypass EoP
Google disclosed the details of a Windows AppContainer vulnerability because Microsoft initially had no plans to fix it. Google Project...
The US State Department was Recently Hit by a Cyber Attack
According to a Fox News correspondent, the US State Department was hit by a cyberattack, and the Department of Defense...
The average price of access to a hacked company in the darknet reached $5,400
Specialists of the Israeli company Kela analyzed more than 1 thousand ads for the sale of initial access to the...
Ransomware on a Charge: Another Wake-Up Call for U.S. Shipping Industry
As the threat of ransomware attacks increases, the U.S. shipping industry is facing a particularly high resistance in safeguarding its...
Flubot Malware Targets Australians, Spreads Via SMS
Muddled phone SMSs and phantom calls attack smartphones in a new wave of hoaxes throughout Australia, including the one that...
Pegasus iPhone Hacks Used as Bait in Extortion Scam
A new extortion fraud attempts to profit from the recent Pegasus iOS spyware attacks to threaten victims to pay a...
Security Affairs newsletter Round 328
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free...
T-Mobile data breach could be worse than initially thought, 54 million customers impacted
T-Mobile data breach could be worse than initially thought, an update to the investigation reveals that over 54 million individuals...
U.S. State Department was recently hit by a cyber attack
The U.S. State Department was recently hit by a cyber attack, the Department of Defense Cyber Command might have suffered...
New LockFile ransomware gang uses ProxyShell and PetitPotam exploits
A new ransomware gang named LockFile targets Microsoft Exchange servers exploiting the recently disclosed ProxyShell vulnerabilities. A new ransomware gang...
