Necro botnet now targets Visual Tools DVRs
The FreakOut (aka Necro, N3Cr0m0rPh) Python botnet evolves, it now includes a recently published PoC exploit for Visual Tools DVR.
Read more
News
News
Adobe addresses four critical flaws in its products
Adobe addressed ten vulnerabilities across its Acrobat and Reader, Connect, Commerce, and Campaign Standard products. Adobe has released security updates
Read more
Ransom Disclosure Act would mandate ransomware payment reporting
In an effort to better understand and clamp down on the ransomware economy and its related use of cryptocurrencies, US
Read more
Olympus US was forced to take down computer systems due to cyberattack
Olympus US was forced to take down IT systems in the American region (U.S., Canada, and Latin America) following a
Read more
Update now! Apple patches another privilege escalation bug in iOS and iPadOS
Apple has released a security update for iOS and iPad that addresses a critical vulnerability reportedly being exploited in the
Read more
ExpressVPN made a choice, and so did I: Lock and Code S02E19
On September 14, the US Department of Justice announced that it had resolved an earlier investigation into an international cyber
Read more
GitKraken flaw lead to the generation of weak SSH keys
Git GUI client GitKraken team fixed a flaw that lead to the generation of weak SSH keys, users are recommended
Read more
The joy of phishing your employees
Many companies set up phishing test programs for their employees, often as part of a compliance requirement involving ongoing employee
Read more
Inside Apple: How macOS attacks are evolving
The start of fall 2021 saw the fourth Objective by the Sea (OBTS) security conference, which is the only security
Read more
Microsoft mitigated a record 2.4 Tbps DDoS attack in August
Microsoft Azure cloud service mitigated a massive DDoS attack of 2.4 terabytes per second (Tbps) at the end of August,
Read more
US-CERT Bulletin (SB21-284):Vulnerability Summary for the Week of October 4, 2021
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
Read more
Apple released emergency update to fix zero-day actively exploited
Apple released emergency updates for both iOS and iPadOS to address a zero-day flaw that is actively exploited in the
Read more
Security Service of Ukraine arrested a man operating a huge DDoS botnet
Ukrainian police arrested a cybercriminal who controlled a botnet composed of 100,000 devices that was available for rent to launch
Read more
Iran-linked DEV-0343 APT target US and Israeli defense technology firms
DEV-0343: Iran-linked threat actors are targeting US and Israeli defense technology companies leveraging password spraying attacks. Researchers at Microsoft Threat
Read more
Improper Certificate Validation issue in LibreOffice and OpenOffice allows signed docs spoofing
LibreOffice and OpenOffice released security updates to address a vulnerability that can be exploited by an attacker to spoof signed
Read more
Donot Team targets a Togo prominent activist with Indian-made spyware
A Togolese human rights advocate was hit by mobile spyware that has been allegedly developed by an Indian firm called
Read more
Google warns some users that FancyBear’s been prowling around
APT28, also known as FancyBear, is at the heart of another targeted campaign. This time, it’s sniffing around users of
Read more
A week in security (Oct 4 – Oct 10)
Last week on Malwarebytes Labs Does Cybersecurity Awareness Month actually improve security? Police take a piece out of a ransomware
Read more
NSA explains how to avoid dangers of Wildcard TLS Certificates and ALPACA attacks
The NSA issued a technical advisory to warn organizations against the use of wildcard TLS certificates and the new ALPACA
Read more
Medtronic recalls some controllers used with some of its insulin pumps over cyberattack risks
Medical device maker Medtronic recalled the remote controllers used with some of its insulin pumps because of dangerous vulnerabilities. Medical device maker
Read more
Security Affairs newsletter Round 335
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free
Read more
Previously undetected FontOnLake Linux malware used in targeted attacks
ESET researchers spotted a previously unknown, modular Linux malware, dubbed FontOnLake, that has been employed in targeted attacks. ESET researchers
Read more
Google addresses four high-severity flaws in Chrome
Google has addressed a total of four high-severity vulnerabilities in the Chrome version for Windows, Mac, and Linux. Google released
Read more
Security expert published NMAP script for Apache CVE-2021-41773 vulnerability
Security expert Dhiraj Mishra published an NMAP script for the CVE-2021-41773 Path Traversal vulnerability affecting Apache Web Server version 2.4.49. Security
Read more