Google launches Open Source Vulnerabilities (OSV) database
Google announced the launch of OSV (Open Source Vulnerabilities), a vulnerability database and triage infrastructure for open source projects. Google...
News
Android devices caught in Matryosh botnet
Researchers at Netlab have discovered a new botnet that re-uses the Mirai framework to pull vulnerable Android devices into DDoS...
How NOT to fail at PDF redaction
The heated spat between Europe and AstraZeneca over a contract has segued into an unexpected blunder that left many of...
A week in security (February 1 – February 7)
Last week on Malwarebytes Labs, we dug into a load of security events. We first peered into how Fonix ransomware...
Domestic Kitten – An Iranian Surveillance Operation
Check Point researchers as of late revealed the full degree of Domestic Kitten's broad surveillance operation against Iranian residents that...
Experts Confirm Shady Ransomware Business, Block-chain Transactions on Rise
Chainalysis, a blockchain investment firm, recently published a report that confirms that ransomware operating cybercrime groups don't always work in...
Nespresso Prepaid Vending Machines Hacked by a Belgian Researcher for Free Coffee
Polle Vanhoof, a Belgian cybersecurity researcher discovered there a flaw in the older Nespresso prepaid coffee machine smart cards and...
Plex Media Servers Actively Abused To Amplify DDoS Attacks
Research workers with NetScout's Atlas Security Engineering and Response Team have warned against the threat actors campaign, they said that...
Hackers Used Internet Explorer Zero-Day Vulnerability To Target Security Researchers
In recent times, during the attacks against the security and vulnerability researchers in North Korea, an Internet Explorer zero-day vulnerability...
Domestic Kitten has been conducting surveillance targeting over 1,000 individuals
Iran-linked APT group Domestic Kitten, also tracked as APT-C-50, has been conducting widespread surveillance targeting over 1,000 individuals. Domestic Kitten,...
Novel phishing technique uses Morse code to compose malicious URLs
Cybercriminals devised a new phishing technique that leverages the Morse code to hide malicious URLs and bypass defense. Experts spotted...
Victims of Ziggy ransomware can recover their files for free
The Ziggy ransomware gang has shut down its operations and released the decryption keys fearing the ongoing investigation of law enforcement....
COMB breach: 3.2B email and password pairs leaked online
The Largest compilation of emails and passwords (COMB), more than 3.2 billion login credentials, has been leaked on a popular...
Hacking Nespresso machines to have unlimited funds to purchase coffee
Some commercial Nespresso machines that are used in Europe could be hacked to add unlimited funds to purchase coffee. Some...
Operation LadyBird: International Law Enforcement Agencies Crackdown Emotet
European and US law agencies earlier this week directed a brilliant crackdown on Emotet. Emotet is a botnet of corrupted...
Webdev Tutorials Site ‘SitePoint’ has Disclosed a Data Breach
The website Sitepoint, which provides access to online study and information on web development content tutorials and books, reported...
SolarWinds CEO: “SolarWinds Orion Development Program was Exploited by the Hackers”
Sudhakar Ramakrishna, CEO of SolarWinds confirmed that ‘suspicious activity’ was spotted in its Office 365 environment which permitted threat actors...
Malicious Operations Hide Under The Google Chrome Sync Feature
Lately, the threat actors have detected a technique where they can use the sync feature of Google Chrome to transmit...
Microsoft Office Phishing Attack Hosted on Google Firebase
A phishing campaign set on stealing Microsoft login credentials is utilizing Google Firebase to bypass email security efforts in Microsoft...
The number of ICS flaws in 2020 was 24,72% higher compared to 2019
The number of vulnerabilities discovered in industrial control system (ICS) products surged in 2020, security firm Claroty reports. According to...
Security Affairs newsletter Round 300
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
Web developers SitePoint discloses a data breach
The website, and publisher of books, courses and articles for web developers, SitePoint discloses a data breach that impacted 1M...
Experts found critical flaws in Realtek Wi-Fi Module
Critical flaws in the Realtek RTL8195A Wi-Fi module could have been exploited to gain root access and take over devices’...
Spotify Suffers Second Credential-Stuffing Cyberattack in 3 Months
Spotify, which has become a very popular online streaming music platform, is suffering from a second cyber credential attack...
