UNC3524 APT uses IP cameras to deploy backdoors and target Exchange
A new APT group, tracked as UNC3524, uses IP cameras to deploy backdoors and steal Microsoft Exchange emails. Mandiant researchers...
News
Package Analysis dynamic analyzes packages in open-source repositories
The Open Source Security Foundation (OpenSSF) is working on a tool to conduct a dynamic analysis of packages uploaded to...
AvosLocker Ransomware Variant Abuses Driver File to Disable Anti-Virus, Scans for Log4shell
We found an AvosLocker ransomware variant using a legitimate anti-virus component to disable detection and blocking solutions. If you like...
Car rental company Sixt hit by a cyberattack that caused temporary disruptions
The car rental company Sixt announced it was hit by a cyberattack that is causing temporary business disruptions at customer...
Watch out for these 3 small business cybersecurity mistakes
May 2 marks the start of National Small Business Week, a week that recognizes “the critical contributions of America’s entrepreneurs...
The mystery behind the samples of the new REvil ransomware operation
The REvil ransomware gang has resumed its operations, experts found a new encryptor and a new attack infrastructure. The REvil ransomware...
Group-IB CEO remains in prison – the Russian-led company has been ‘blacklisted’ in Italy
The latest executive order from the Italian ACN agency banned Group-IB, a Russian-led cybersecurity firm from working in the government...
A week in security (April 25 – May 1)
Last week on Malwarebytes Labs: Why MITRE matters to SMBsApple’s child safety features are coming to a Messages app near...
IoT and Cybersecurity: What’s the Future?
IoT gizmos make our lives easier, but we forget that these doohickeys are IP endpoints that act as mini-radios. They...
Russia-linked APT29 targets diplomatic and government organizations
Russia-linked APT29 (Cozy Bear or Nobelium) launched a spear-phishing campaign targeting diplomats and government entities. In mid-January 2022, security researchers...
Synology and QNAP warn of critical Netatalk flaws in some of their products
Synology warns customers that some of its NAS devices are affected by multiple critical Netatalk vulnerabilities. Synology has warned customers...
Hackers stole +80M from DeFi platforms Rari Capital and Fei Protocol
Threat actors exploited a bug in the Fuse protocol used by DeFi platforms Rari Capital and Fei Protocol and stole...
Apr 24 – Apr 30 Ukraine – Russia the silent cyber conflict
This post provides a timeline of the events related to the Russian invasion of Ukraine from the cyber security perspective....
Security Affairs newsletter Round 363 by Pierluigi Paganini
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free...
Microsoft Azure flaws could allow accessing PostgreSQL DBs of other customers
Researchers discovered flaws in the Azure Database for PostgreSQL Flexible Server that could result in unauthorized cross-account database access in...
Emotet tests new attack chain in low volume campaigns
Emotet operators are testing new attack techniques in response to Microsoft’s move to disable Visual Basic for Applications (VBA) macros...
Pro-Russian group Killnet launched DDoS attacks on Romanian govt sites
A series of DDoS attacks launched by Russian hacktivists are targeting several Romanian government websites. The Romanian national cyber security...
Update now! Critical patches for Chrome and Edge
Google has released an update for its Chrome browser that includes 30 security fixes. The latest version of the stable...
Russia continues digital onslaught against Ukrainian systems
According to Microsoft, at least six Kremlin-backed hacking groups have been attacking Ukraine in the digital space in an onslaught...
The top 5 most routinely exploited vulnerabilities of 2021
A joint Cybersecurity Advisory, coauthored by cybersecurity authorities of the United States (CISA, NSA, and FBI), Australia (ACSC), Canada (CCCS),...
Beware Twitter Messages claiming “Your blue badge Twitter account has been reviewed as spam”
Twitter verification is a two-edged sword. According to Twitter, it’s supposed to let people know “that an account of public...
Beware scammers disguised as fraud busters
Fraudsters like confusing and disorienting people. Successful ones avoid obvious lines of approach and try things you wouldn’t expect. A...
Warning! Instagram Stories hides a scam in plain sight
When someone finds their social media account compromised, they first think about letting their followers know. And they do. They...
Google Play’s Data safety section empowers Android users to make informed app choices
Google has launched its new “nutrition labels” for apps, a feature it promised in the spring of 2021. This release...
