NetGalley – 1,436,435 breached accounts
In December 2020, the book promotion site NetGalley suffered a data breach. The incident exposed 1.4 million unique email addresses...
threatintel
A week in security (February 15 – February 21)
Last week on Malwarebytes Labs, the spotlight fell on the State of Malware 2021 report, wherein we have seen cyberthreats...
Fraudsters are Exploiting Google Apps to Steal Credit Card Details
Threat actors are using a novel approach to steal the credit card details of e-commerce shoppers by exploiting Google’s Apps...
US Agencies Publish Advisory on North Korean Cryptocurrency Malware, AppleJeus
The Federal Bureau of Investigation (FBI) jointly with the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of the...
Remote-Method-Guesser – Tool For Java RMI Enumeration And Bruteforce Of Remote Methods
remote-method-guesser (rmg) is a command line utility written in Java and can be used to identify security vulnerabilities on Java...
Horusec – An Open Source Tool That Improves Identification Of Vulnerabilities In Your Project With Just One Command
Horusec is an open source tool that performs static code analysis to identify security flaws during the development process. Currently,...
How to Combat Alert Fatigue With Cloud-Based SIEM Tools
Today’s security teams are facing more complexity than ever before. IT environments are changing and expanding rapidly, resulting in proliferating...
NSA Equation Group tool was used by Chinese hackers years before it was leaked online
The Chinese APT group had access to an NSA Equation Group, NSA hacking tool and used it years before it...
An attacker was able to siphon audio feeds from multiple Clubhouse rooms
An attacker demonstrated this week that Clubhouse chats are not secure, he was able to siphon audio feeds from “multiple...
Researchers uncovered a new Malware Builder dubbed APOMacroSploit
Researchers spotted a new Office malware builder, tracked as APOMacroSploit, that was employed in a campaign targeting more than 80...
Experts warn of threat actors abusing Google Alerts to deliver unwanted programs
Experts warn of threat actors using Google Alerts to promote a fake Adobe Flash Player updater that delivers unwanted programs....
Bug bounty hacker earned $5,000 reporting a Stored XSS flaw in iCloud.com
A white hat hacker has earned a $5,000 reward from Apple for reporting a stored cross-site scripting (XSS) vulnerability on...
Darknet Markets are Scrambling to Attract Joker’s Stash Clients
The administrator behind Joker's Stash professes to have formally closed down the operation on 15th February. Meanwhile, criminal gangs offering...
Russian state systems are in danger because of Internet Explorer
This year, many government agencies will have to spend several hundred million rubles on updating their information systems due to...
Cyber Attack: Computer Systems of Lakehead University Remains Offline
Lakehead University (LU) based in Ontario; Canada is currently dealing with the cyber-attack that hit the institution on Tuesday; Consequently,...
Sequoia Capital Told Investors it was Hacked
Sequoia Capital told its investors on Friday that some personal and financial data may have been accessed by a third...
Bug in Brave Browser Expose Users’ Dark Web History
Brave, the web browser that insists on privacy, exposes users' activities to its Internet Service Providers on Tor's secret servers,...
Perfusion – Exploit For The RpcEptMapper Registry Key Permissions Vulnerability (Windows 7 / 2088R2 / 8 / 2012)
On Windows 7, Windows Server 2008R2, Windows 8, and Windows Server 2012, the registry key of the RpcEptMapper and DnsCache...
PE-Packer – A Simple Windows X86 PE File Packer Written In C And Microsoft Assembly
PE-Packer is a simple packer for Windows PE files. The new PE file after packing can obstruct the process of...
FBI warns of the consequences of telephony denial-of-service (TDoS) attacks
The Federal Bureau of Investigation (FBI) has issued a warning about the risks of telephony denial-of-service (TDoS) attacks on call centers....
Security Affairs newsletter Round 302
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
The US Government is going to respond to the SolarWinds hack very soon
The US is going to respond to the SolarWinds supply chain attack within weeks, national security adviser Jake Sullivan told...
Sequoia Capital Venture Capital firm discloses a data breach
Sequoia Capital, one of the most prominent venture capital firms, told its investors that an unauthorized third party had access to...
Omegle investigation raises new concerns for kids’ safety
Social media site Omegle is under fire after an investigation found boys using the platform to expose themselves on camera,...
