Interview with a bug bounty hunter: Youssef Sammouda
Behind the scenes there are many people working in cyber-security that make the internet a safer place. Youssef Sammouda is...
News
Fake Microsoft Store, Spotify Distribute Malware to Steal User Data
Attackers are promoting sites that imitate the Microsoft Store, Spotify, and an online document converter to spread malware that steals...
Positive Technologies rejected accusations of the U.S. Department of the Treasury of Russia’s cooperation with intelligence services
Russian cyber security company Positive Technologies rejected the accusations of interference in the American elections, made by the U.S. Treasury...
Two Outdated Software Bug Patched, Says WhatsApp
WhatsApp on Monday stated that it has addressed two bugs that existed on its outdated software program and that it...
Zero Trust & Basic Cyber Hygiene: Best Defense Against Third-Party Attacks
Since the beginning of the year, there has been a slew of third-party cybersecurity attacks, with the repercussions affecting a...
OTP Generating Firm at a Risk, as Hacker Claims to have Sold its Sensitive Data
A hacker seems to sell confidential information that is claimed to have been robbed from an OTP firm. And this...
North Korea-linked Lazarus APT hides malicious code within BMP image to avoid detection
North Korea-linked Lazarus APT group is abusing bitmap (.BMP) image files in a recent spear-phishing campaign targeting entities in South...
Watch out, hackers can take over your Cosori Smart Air Fryer
Watch out, hackers could breach into your house by exploiting two remote code execution (RCE) vulnerabilities in the Cosori Smart...
WeChat users targeted by hackers using recently disclosed Chromium exploit
Threat actors used the Chrome exploit publicly disclosed last week in attacks aimed at WeChat users in China, researchers warn....
Crooks stole driver’s license numbers from Geico auto insurer
Car insurance provider Geico has suffered a data breach, attackers have stolen the driver’s licenses for policyholders for several weeks. Geico,...
Experts demonstrated how to hack a utility and take over a smart meter
Researchers from the FireEye’s Mandiant team have breached the network of a North American utility and turn off one of...
Crooks made more than $560K with a simple clipboard hijacker
Avast researchers analyzed the activity of a simple cryptocurrency malware dubbed HackBoss that allowed its operators to earn over $560K....
A week in security (April 12 – 18)
Last week on Malwarebytes Labs, our podcast featured Troy Hunt, Chloé Messdaghi, and Tanya Janca who discussed security fatigue with...
Lazarus APT conceals malicious code within BMP image to drop its RAT
This blog was authored by Hossein Jazi Lazarus APT is one of the most sophisticated North Korean Threat Actors that...
Threat Actors Target Covid-19 Vaccine Cold Chain Via Spear-Phishing Campaign
Cybercriminals are continuing to target the COVID-19 vaccine cold chain, the means of delivering and storing vaccines at safe temperatures,...
Nagios XI Servers: Seems to be Turning Into Cryptocurrency Miners for Attackers
Nagios XI is a popular enterprise server and network monitoring solutions. The feature “Configuration Wizard: Windows Management Instrumentation (WMI)” is...
Customers Deceived by Google for Collection of User Location Data
The Federal Court of Australia observed that somewhere between January 2017 and December 2018, Google LLC and Google Australia Pty...
Hackers have Access to Domino’s India 13TB of Internal Data
Popular pizza outlet Domino's India appears to have succumbed to a cyber assault. As per Alon Gal co-founder of an...
Targeted Malware Reverse Engineering Workshop follow-up. Part 1
On April 8, 2021, we conducted a webinar with Ivan Kwiatkowski and Denis Legezo, Senior Security Researchers from our Global...
Here’s a Quick Look at How Pakistani Counterfeiters Helped Russian Operatives
One company stood out in a cascade of U.S. sanctions imposed on Thursday on Russian cybersecurity companies and officials allegedly...
BazarLoader Malware: Abuses Slack and BaseCamp Clouds
The primary feature of the BazarLoader downloader, which is written in C++, is to download and execute additional modules. BazarLoader...
The Code Testing Company CodeCov Suffers a Data Breach Which Went Undetected for Months
U.S. federal authorities are investigating a safety violation at Codecov, which works on selling a tool that allows developers to...
CERT-In Issues “High” Severity Rating Advisory for WhatsApp Threats
The Indian Computer Emergency Response Team (CERT-In) has cautioned WhatsApp clients in India of various vulnerabilities it identified in the...
A member of the FIN7 group was sentenced to 10 years in prison
Fedir Hladyr (35), a Ukrainian national was sentenced today to 10 years in prison for his role in the financially...
