ShadowPad Malware is Being Sold Privately to Chinese Espionage
Since 2017, five separate Chinese threat groups have used ShadowPad, an infamous Windows backdoor that allows attackers to download additional...
Security
SLSA – Supply-chain Levels For Software Artifacts
SLSA (pronounced "salsa") is security framework from source to service, giving anyone working with software a common language for increasing...
PSPKIAudit – PowerShell toolkit for auditing Active Directory Certificate Services (AD CS)
PowerShell toolkit for auditing Active Directory Certificate Services (AD CS). It is built on top of PKISolution's PSPKI toolkit (Microsoft...
ShinyHunters group claims to have data of 70M AT&T customers
Threat actors claim to have a database containing private information on roughly 70 million AT&T customers, but the company denies...
Modified version of Android WhatsApp installs Triada Trojan
Experts spotted a modified version of WhatsApp for Android, which offers extra features, but that installs the Triada Trojan on...
Samsung could use a TV Block feature to disable any of its TVs worldwide
The South Korean multinational Samsung revealed that it can disable its Samsung TV sets remotely using the TV Block feature. Samsung...
CVE-2021-3711 in OpenSSL can allow to change an application’s behavior
The OpenSSL Project patched a high-severity vulnerability, tracked as CVE-2021-3711, that can allow an attacker to change an application’s behavior...
New zero-click exploit used to target Bahraini activists’ iPhones with NSO spyware
Citizen Lab uncovered a new zero-click iMessage exploit that was used to deploy the NSO Group’s Pegasus spyware on devices belonging...
SubaGames – 6,137,666 breached accounts
In November 2016, the game developer Suba Games suffered a data breach which led to the exposure of 6.1M unique...
Eatigo – 2,789,609 breached accounts
In October 2018, the restaurant reservation service Eatigo suffered a data breach that exposed 2.8 million accounts. The data included...
Criminals exploited weak checks and old tech to pull off vast COVID benefit fraud
In life, when you encounter something momentuous—a sudden job loss, a routine check-up that revealed an illness you can’t afford...
Realtek-based routers, smart devices are being gobbled up by a voracious botnet
A few weeks ago we blogged about a vulnerability in home routers that was weaponized by the Mirai botnet just...
The Poly Network hack turned into career prospects
Cryptocurrency platforms have become an easy target for professional hackers. Only in the past month, there were several cases.Recall that...
US Military Personnel Lost Over $822m to Cyber Frauds
The US military personnel have lost over $822 million in different kinds of internet crimes and scams between 2017 and...
Razer Device Plug-In grants Admin Rights on Windows 10 OS
A zero-day vulnerability in Razer external device installation software – be it a razer mouse, a keyboard, or any other...
Triada Trojan in WhatsApp mod
WhatsApp users sometimes feel the official app is lacking a useful feature of one sort or another, be it animated...
DNSMonster – Passive DNS Capture/Monitoring Framework
Passive DNS collection and monitoring built with Golang, Clickhouse and Grafana: dnsmonster implements a packet sniffer for DNS traffic. It...
Git-Secret – Go Scripts For Finding An API Key / Some Keywords In Repository
Go scripts for finding an API key / some keywords in repository Update V1.0.1Removing some checkers Adding example file contains...
FBI flash alert warns on OnePercent Group Ransomware attacks
The FBI shared info about OnePercent Group that has been actively targeting US organizations in ransomware attacks since at least...
Realtek SDK flaws exploited to deliver Mirai bot variant
Researchers warn that threat actors are actively exploiting Realtek SDK vulnerabilities since their technical details were publicly disclosed. Researchers from SAM Seamless...
CISA recommends immediately patch Exchange ProxyShell flaws
US CISA issued an urgent alert to warn admins to address ProxyShell vulnerabilities on-premises Microsoft Exchange servers. The US Cybersecurity...
Patch now! Microsoft Exchange is being attacked via ProxyShell
Last Saturday the Cybersecurity and Infrastructure Security Agency issued an urgent warning that threat actors are actively exploiting three Microsoft...
A week in security (August 16 – August 22)
Last week on Malwarebytes Labs: Podcast: Katie Moussouris hacked Clubhouse. Her emails went unanswered for weeks.How to troubleshoot hardware problems...
New variant of Konni malware used in campaign targetting Russia
This blog post was authored by Hossein Jazi In late July 2021, we identified an ongoing spear phishing campaign pushing...
