Another French hospital hit by a ransomware attack
A ransomware attack hit the Oloron-Sainte-Marie hospital in southwest France, it is the third such attack in the last month....
News
Microsoft releases ProxyLogon patches for unsupported Microsoft Exchange versions
Microsoft released ProxyLogon security updates for Microsoft Exchange servers running vulnerable unsupported Cumulative Update versions. On March 2nd, Microsoft has...
REvil ransomware’s calling, and it’s not good news
The REvil ransomware (AKA Sodinokibi, which operates as a Ransomware as a Service) is adopting some outreach techniques after initial...
TinyCheck: Stalkerware detection that doesn’t leave a trace
In 2019, when Malwarebytes helped found the Coalition Against Stalkerware, which brings together cybersecurity vendors and nonprofits to detect and...
Microsoft Exchange attacks cause panic as criminals go shell collecting
Only last week we posted a blog about multiple zero-day exploits being used to attack on-premises versions of Microsoft Exchange...
U.S. Department of Justice Warns of Fake Unemployment Benefits Websites Stealing Data
Recently a department of United States Justice has warned its civilians against threat actors who are imitating state workforce...
Sunshuttle, the Latest Strain Allegedly Linked to SolarWinds Hackers
FireEye researchers have discovered a new strain of backdoor malware on the servers of an organization exploited by the SolarWinds...
Representative of the Russian Foreign Ministry announced the need for universal regulation of the Internet
According to the official representative of the Russian Foreign Ministry, Maria Zakharova, the actions of social networks that block political...
Guardian: Truecaller Fixes Location Vulnerabilty In Its New App
Caller ID and spam blocking company Truecaller recently launched its "Guardian" application that allows users to share their live locations...
Google reCAPTCHA used by Phishing Attackers
Thousands of phishing emails threaten Microsoft users to obtain their Office 365 credentials during an active attack. The attackers add...
Patch Tuesday – March 2021
Another Patch Tuesday (2021-Mar) is upon us and with this month comes a whopping 122 CVEs. As usual Windows tops...
What’s New in DivvyCloud by Rapid7: February 2021 Feature Releases
February was another busy month. Internally, as we work to improve our processes, we are still committed to maintaining our...
Apple fixes CVE-2021-1844 RCE that affects iOS, macOS, watchOS, and Safari
Apple released out-of-band patches to address a remote code execution, tracked as CVE-2021-1844, that affect iOS, macOS, watchOS, and Safari...
SUPERNOVA backdoor that emerged after SolarWinds hack is likely linked to Chinese actors
Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks Supernova malware spotted on compromised SolarWinds Orion installs...
UnityMiner targets unpatched QNAP NAS in cryptocurrency mining campaign
Experts warn of ongoing attacks targeting QNAP network-attached storage (NAS) devices to abuse them in cryptocurrency mining. Researchers at 360Netlab are...
SolarWinds spurs investment in threat hunting, supplier vetting
Organizations that boosted security budgets in response to the SolarWinds hack invested the most in threat hunting. (“SolarWinds letters” by sfoskett is licensed...
A week in security (March 1 – 7)
Last week on Malwarebytes Labs, our podcast featured Eva Galperin who talked to us about defending online anonymity and speech....
International Women’s Day: Women in tech name their heroes
Happy Monday! And if you haven’t yet checked the significance of this day—March 8—before grabbing coffee, today is International Women’s...
Supermicro and Pulse Secure Issue Advisories Regarding ‘TricBoot’ Assaults
Supermicro, a U.S.-based information technology firm and VPN provider Pulse Secure have released their advisories regarding the vulnerabilities of their...
Hacked SendGrid Accounts used In Phishing Attacks To Steal Logins
A new cyber campaign has come to known as a phishing attack. Outlook Web Access and Office 365 services...
Snort Vulnerability Leads Various Cisco Products Exposed to Vulnerabilities
Earlier this week, the company told its customers that several Cisco products have been exposed to DoS (Denial of Service)...
Researcher Laxman Muthiyah Awarded with $50,000 for Detecting a Flaw in Microsoft Account
A bug bounty hunter was awarded $50,000 by Microsoft for revealing a security vulnerability leading to account deprivation. The expert...
BEC Scammer Infects own Device, Exposes their Activity
In some media depictions, criminal and state-backed hackers are constantly portrayed as cunning and sophisticated, gliding inexorably toward their most...
How to Keep Up With Vulnerability Management Challenges in Ephemeral Cloud Environments
This blog is part of an ongoing series sharing key takeaways from Rapid7’s 2020 Cloud Security Executive Summit. Interested in...
