Cars and hospital equipment running Blackberry QNX may be affected by BadAlloc vulnerability
Following an announcement by Blackberry the U.S. Food & Drug Administration (FDA) and the Cybersecurity & Infrastructure Security Agency (CISA)...
Security
How to spot a DocuSign phish and what to do about it
Phishing scammers love well known brand names, because people trust them, and their email designs are easy to rip off....
macOS 11’s hidden security improvements
A deep dive into macOS 11’s internals reveals some security surprises that deserve to be more widely known. Contents IntroductionDisclaimersmacOS...
65 Manufacturers Affected by Critical Security Flaws in Realtek Chipsets
Cybersecurity experts have unearthed critical security flaws in Realtek chips that affect more than 65 hardware vendors and several wireless...
TrickBot Employs Bogus 1Password Installer to Launch Cobalt Strike
The Institute AV-TEST records around 450,000 new critical programmings (malware) every day with several potentially unwanted applications (PUA). These are...
T-Mobile Acknowledged Breach of 100 Million Customers
T-Mobile announced a data breach on Monday after a hacking organization claimed to have gotten records of 100 million T-Mobile...
Jsleak – A Go Code To Detect Leaks In JS Files Via Regex Patterns
jsleak is a tool to identify sensitive data in JS files through regex patterns. Although it's built for this, you...
AuraBorealisApp – Do You Know What’s In Your Python Packages? A Tool For Visualizing Python Package Registry Security Audit Data
AuraBorealis is a web application for visualizing anomalous and potentially malicious code in Python package registries. It uses security audit...
Analysts “strongly believe” the Russian state colludes with ransomware gangs
“We have the smoke, the smell of gunpowder and a bullet casing. But we do not have the gun to...
Nearly 2 Million Records From Terrorist Watchlist Exposed Online
A terrorist watchlist comprising 1.9 million data remained open and unsecured on the internet for three weeks between July 19th...
Hacker gained access into a major CIS drug marketplace
Part of the database of the forum and its owners is available free of charge, the hackers offered to purchase...
Chaos Malware: The Amalgam of Ransomware and Wiper
A new strain of malware called Chaos, which is still under active development has been discovered by the security experts....
The number of cases of hacking smartphone games has increased in the world
In the first half of 2021, the Russian mobile games market was among the world's top five leaders in terms...
Retail Industry Suffered the most By Ransomware Attacks
The "Sophos state of Ransomware in Retail 2021" report issued by the software and hardware giant Sophos recently, examines the...
SGXRay – Automating Vulnerability Detection for SGX Apps
Intel SGX protects isolated application logic and sensitive data inside an enclave with hardware-based memory encryption. To use such hardware-based...
ReverseSSH – Statically-linked Ssh Server With Reverse Shell Functionality For CTFs And Such
A statically-linked ssh server with a reverse connection feature for simple yet powerful remote access. Most useful during HackTheBox challenges,...
Fortinet FortiWeb OS Command Injection allows takeover servers remotely
Fortinet addresses a command injection vulnerability that can allow attackers to take complete control of servers running vulnerable FortiWeb WAF...
1.9 million+ records from the FBI’s terrorist watchlist available online
A security researcher discovered that a secret FBI’s terrorist watchlist was accidentally exposed on the internet for three weeks between...
Colonial Pipeline discloses data breach after May ransomware attack
Colonial Pipeline discloses a data breach of the personal information of thousands of individuals after the ransomware attack that took...
T-Mobile confirms data breach that exposed customer personal info
T-Mobile confirms a breach after threat actors claimed to have obtained records of 100 million of its customers and offered...
Recent attacks on Iran were orchestrated by the Indra group
The recent attacks that targeted Iran’s transport ministry and national train system were conducted by a threat actor dubbed Indra. In...
Katie Moussouris hacked Clubhouse. Her emails went unanswered for weeks: Lock and Code S02E15
Nearly one year after the exclusive app Clubhouse launched on the iOS store, its popularity skyrocketed. The app, which is...
How to troubleshoot hardware problems that look like malware problems
Sometimes it’s hard to figure out what exactly is going wrong with your computer. What do you do if you’ve...
A week in security (August 9 – August 15)
Last week on Malwarebytes Labs: Home routers are being hijacked using a vulnerability disclosed just 2 beforeRansomware turncoat leaks Conti...
