Gmail-linked Facebook accounts vulnerable to attack using a chain of bugs—now fixed
A security researcher has disclosed how he chained together multiple bugs in order to take over Facebook accounts that were...
News
Long lost @ symbol gets new life obscuring malicious URLs
Threat actors have rediscovered an old and little-used feature of web URLs, the innocuous @ symbol we usually see in...
AirTag stalking: What is it, and how can I avoid it?
More voices are being raised against the use of everyday technology repurposed to attack and stalk people. Most recently, it’s...
Over 200 Apps on Play Store were distributing Facestealer info-stealer
Experts spotted over 200 Android apps on the Play Store distributing spyware called Facestealer used to steal sensitive data. Trend Micro researchers...
“Look what I found here” phish targets Facebook users
Facebook-themed messages are a frequent source of bogus links from both spam and compromised accounts. Whether you receive the messages...
CISA adds CVE-2022-30525 flaw in Zyxel Firewalls to its Known Exploited Vulnerabilities Catalog
US Critical Infrastructure Security Agency (CISA) adds critical CVE-2022-30525 RCE flaw in Zyxel Firewalls to its Known Exploited Vulnerabilities Catalog....
A custom PowerShell RAT uses to target German users using Ukraine crisis as bait
Researchers spotted a threat actor using a custom PowerShell RAT targeting German users to gain intelligence on the Ukraine crisis....
HTML attachments in phishing e-mails
The use of embedded HTML documents in phishing e-mails is a standard technique employed by cybercriminals. It does away with...
Fake Mobile Apps Steal Facebook Credentials, Cryptocurrency-Related Keys
We recently observed a number of apps on Google Play designed to perform malicious activities such as stealing user credentials...
Apple fixes the sixth zero-day since the beginning of 2022
Apple released security updates to address a zero-day bug actively exploited in attacks against Macs and Apple Watch devices. Apple...
Experts show how to run malware on chips of a turned-off iPhone
Researchers devised an attack technique to tamper the firmware and execute a malware onto a Bluetooth chip when an iPhone...
Why MRG-Effitas matters to SMBs
When selecting the right cybersecurity vendor to protect their operations, small- and medium-sized businesses (SMBs) can lean on several third-party...
How COVID-19 fuelled a surge in malware
2021 saw a massive surge in detections of malware, adware, and Potentially Unwanted Programs (PUPs). It didn’t matter what the...
Fake reCAPTCHA forms dupe users via compromised WordPress sites
Researchers at Sucuri investigated a number of WordPress websites complaining about unwanted redirects and found websites that use fake CAPTCHA...
Ukrainian national sentenced to 4 years in prison for selling access to hacked servers
A 28-year-old Ukrainian national has been sentenced to four years in prison for selling access to hacked servers. Glib Oleksandr...
A week in security (May 9 – 15)
Last week on Malwarebytes Labs: How to spot the signs of a virtual kidnap scamVirtual credit cards coming to Chrome:...
Custom PowerShell RAT targets Germans seeking information about the Ukraine crisis
This blog post was authored by Hossein Jazi and Jérôme Segura Populations around the world—and in Europe in particular—are following...
Eternity Project: You can pay $260 for a stealer and $490 for a ransomware
Researchers from threat intelligence firm Cyble analyzed the Eternity Project Tor website which offers any kind of malicious code. Researchers...
How to spot the signs of a virtual kidnap scam
Threats and bluster play a key role in most online attacks: Ransomware has its ransom note; trolls threaten to ramp...
May 08 – May 14 Ukraine – Russia the silent cyber conflict
This post provides a timeline of the events related to Russia invasion of Ukraine from the cyber security perspective. Below...
Security Affairs newsletter Round 365 by Pierluigi Paganini
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for...
Ukraine CERT-UA warns of new attacks launched by Russia-linked Armageddon APT
Ukraine Computer Emergency Response Team (CERT-UA) reported a phishing campaign conducted by Armageddon APT using GammaLoad.PS1_v2 malware. Ukraine Computer Emergency...
Sysrv-K, a new variant of the Sysrv botnet includes new exploits
Microsoft reported that the Sysrv botnet is targeting Windows and Linux servers exploiting flaws in the Spring Framework and WordPress. Microsoft Security...
The LEGION collective calls to action to attack the final of the Eurovision song contest
The Pro-Russian volunteer movement known as LEGION is calling to launch DDoS attacks against the final of the Eurovision song...
