A week in security (April 12 – 18)
Last week on Malwarebytes Labs, our podcast featured Troy Hunt, Chloé Messdaghi, and Tanya Janca who discussed security fatigue with...
News
Lazarus APT conceals malicious code within BMP image to drop its RAT
This blog was authored by Hossein Jazi Lazarus APT is one of the most sophisticated North Korean Threat Actors that...
Threat Actors Target Covid-19 Vaccine Cold Chain Via Spear-Phishing Campaign
Cybercriminals are continuing to target the COVID-19 vaccine cold chain, the means of delivering and storing vaccines at safe temperatures,...
Nagios XI Servers: Seems to be Turning Into Cryptocurrency Miners for Attackers
Nagios XI is a popular enterprise server and network monitoring solutions. The feature “Configuration Wizard: Windows Management Instrumentation (WMI)” is...
Customers Deceived by Google for Collection of User Location Data
The Federal Court of Australia observed that somewhere between January 2017 and December 2018, Google LLC and Google Australia Pty...
Hackers have Access to Domino’s India 13TB of Internal Data
Popular pizza outlet Domino's India appears to have succumbed to a cyber assault. As per Alon Gal co-founder of an...
Targeted Malware Reverse Engineering Workshop follow-up. Part 1
On April 8, 2021, we conducted a webinar with Ivan Kwiatkowski and Denis Legezo, Senior Security Researchers from our Global...
Here’s a Quick Look at How Pakistani Counterfeiters Helped Russian Operatives
One company stood out in a cascade of U.S. sanctions imposed on Thursday on Russian cybersecurity companies and officials allegedly...
BazarLoader Malware: Abuses Slack and BaseCamp Clouds
The primary feature of the BazarLoader downloader, which is written in C++, is to download and execute additional modules. BazarLoader...
The Code Testing Company CodeCov Suffers a Data Breach Which Went Undetected for Months
U.S. federal authorities are investigating a safety violation at Codecov, which works on selling a tool that allows developers to...
CERT-In Issues “High” Severity Rating Advisory for WhatsApp Threats
The Indian Computer Emergency Response Team (CERT-In) has cautioned WhatsApp clients in India of various vulnerabilities it identified in the...
A member of the FIN7 group was sentenced to 10 years in prison
Fedir Hladyr (35), a Ukrainian national was sentenced today to 10 years in prison for his role in the financially...
Security Affairs newsletter Round 310
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
Is BazarLoader malware linked to Trickbot operators?
Experts warn of malware campaigns delivering the BazarLoader malware abusing popular collaboration tools like Slack and BaseCamp. Since January, researchers...
Google Project Zero updates vulnerability disclosure policy moving to a “90+30” model
Google Project Zero security team has updated its vulnerability disclosure policy, it gives users 30 days to patch flaws before...
Database containing e-mail addresses of Navalny’s supporters leaked onto the Internet
Navalny's team is now investigating and identifying the source of the leak. The team assured them that they did not...
The United States imposes sanctions against 25 Russian companies for cyber attacks and Crimea
On 15 April, the US Treasury Department put 25 Russian companies, six of which are IT companies, on its sanctions...
Online Learning of University of Hertfordshire Disrupted Due to a Major Cyber-Attack
By now it's a well-known fact that most of the students are relying on online learning and video-conferencing apps due...
IBM: Flags More Cyber Attacks on COVID-19 Vaccine Infrastructure
On Wednesday, IBM reported that its cyber-security unit has discovered more digital attacks targeting the global COVID-19 vaccine supply chain...
Crypto Lending Service, Celsius Suffers Third Party Data Breach
Cryptocurrency rewards portal, Celsius has witnessed a data breach, with the personal details of its clients disclosed by a third-party...
6 out of 11 EU agencies running Solarwinds Orion software were hacked
SolarWinds supply chain attack also impacted six European Union institutions, European Commissioner for Budget and Administration confirmed. European Commissioner for...
Critical RCE can allow attackers to compromise Juniper Networks devices
Cybersecurity provider Juniper Networks addressed a critical vulnerability that could be exploited by attackers to remotely hijack or disrupt vulnerable...
Shady scam bots trick Omegle users into nonconsensual video sex recordings
14-year old Michael (not his real name) from Scandinavia first visited Omegle, the video online chat that has become hugely...
Patch now! NSA, CISA, and FBI warn of Russian intelligence exploiting 5 vulnerabilities
The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) have...
