Apple patches ‘worst macOS bug in recent memory’ after it was used in the wild
A newly discovered bug, patched in macOS 11.3, allowed hackers to circumvent much of Apple’s built-in malware detection for programs...
Security
Password manager hijacked to deliver malware in supply chain attack
In the latest example of a supply chain attack, cybercriminals delivered malware to customers of the business password manager Passwordstate...
Zoom deepfaker fools politicians…twice
We recently said deepfakes “remain the weapon of choice for malign interference campaigns, troll farms, revenge porn, and occasionally humorous...
Breaking free from the VirusTotal silo: Lock and Code S02E07
This week on Lock and Code, we speak to Malwarebytes Chief Information Security Officer John Donovan about the flaws in...
11-13 year old girls most likely to be targeted by online predators
The Internet Watch Foundation (IWF), a not-for-profit organization in England whose mission is “to eliminate child sexual abuse imagery online”,...
Threat Actors are Using YouTube to Lure Users into their Trap
Fortinet security researcher ‘accidentally discovered a unique way of tricking YouTube users. Due to Covid-19, as well as the recent...
A Ransomware Group Made $260,000 in 5 Days
A ransomware group made $260,000 by remotely encrypting files on QNAP computers using the 7zip archive software in an interval...
BigBasket: Data Breach Leaks 20 Million User Data
A threat actor dropped about 20 million Big Basket user reports containing personally identifiable details and hashed passwords on a...
Cook – A Customizable Wordlist And Password Generator
Easily create permutations and combinations of words with predefined sets of extensions, words and patterns/function. You can use this tool...
Profil3r – OSINT Tool That Allows You To Find A Person’S Accounts And Emails + Breached Emails
Profil3r is an OSINT tool that allows you to find potential profiles of a person on social networks, as well...
Bye Bye Emotet, law enforcement pushed the uninstall code via the botnet
European law enforcement has conducted an operation aimed at performing a mass-sanitization of computers infected with the infamous Emotet Windows...
Prometei botnet is targeting ProxyLogon Microsoft Exchange flaws
Attackers are exploiting the ProxyLogon flaws in Microsoft Exchange to recruit machines in a cryptocurrency botnet tracked as Prometei. Experts...
A supply chain attack compromised the update mechanism of Passwordstate Password Manager
The software company Click Studios was the victim of a supply chain attack, hackers compromised its Passwordstate password management application. Another...
bigbasket – 24,500,011 breached accounts
In October 2020, the Indian grocery platform bigbasket suffered a data breach that exposed over 20 million customer records. The...
MangaDex – 2,987,329 breached accounts
In March 2021, the manga fan site MangaDex suffered a data breach that resulted in the exposure of almost 3...
A week in security (April 19 – 25)
Last week on Malwarebytes Labs, we interviewed Youssef Sammouda, a 21-year-old bug bounty hunter who is focused on finding vulnerabilities...
Flubot can Spy on Phones and can Gather Online Banking Details
Experts cautioned that a text message scam infecting Android phones is expanding across the UK. The message, which appears to...
Here’s a Quick Look at the Role of ‘Covalent BlockChain Data API’ in Terms of Data Gathering
In this article, we’re going to deep dive into the role of Covalent, the unified blockchain API. So, the first...
Hackers Demand $50 Million Ransom From Apple
A Russian hacking group claims to have obtained schematics for some yet-to-be-released Apple products. The hackers have demanded a $50...
Concerns Raised as Postal Service of America Monitors Social Media Accounts of the Natives
A program that monitors and collects the Social Media posts of the American public even on issues related to planned...
ClickStudios told Clients to Change Passwords After a Cyberattack
Following a cyberattack on the corporate password manager Passwordstate, Click Studios, an Australian software house, has advised consumers to reset...
Tscopy – Tool to parse the NTFS $MFT file to locate and copy specific files
Introducing TScopyIt is a requirement during an Incident Response (IR) engagement to have the ability to analyze files on the...
Posta – Cross-document Messaging Security Research Tool
Posta is a tool for researching Cross-document Messaging communication. It allows you to track, explore and exploit postMessage vulnerabilities, and...
Hackers are targeting Soliton FileZen file-sharing servers
Threat actors are exploiting two flaws in the popular file-sharing server FileZen to steal sensitive data from businesses and government...
