Iran-linked MuddyWater APT group campaign targets Turkish entities
The Iran-linked MuddyWater APT group is targeting private Turkish organizations and governmental institutions. Researchers from Cisco Talos have uncovered a...
News
Android malware BRATA can wipe devices
Cleafy, a cybersecurity firm specializing in online fraud, has published new details about banking Trojan BRATA (Brazilian Remote Access Tool,...
Apply those updates now: CVE bypass offers up admin privileges for Windows 10
If you’re running Windows 10, it’s time to stop delaying those patches and bring your systems up to date as...
RCE in WordPress plugin Essential Addons for Elementor impacts hundreds of thousands of websites
A critical RCE in the popular WordPress plugin Essential Addons for Elementor impacts hundreds of thousands of websites. Essential Addons...
Samba fixed CVE-2021-44142 remote code execution flaw
Samba fixes a critical flaw, tracked as CVE-2021-44142, that can allow remote attackers to execute code with root privileges. Samba has...
CISA adds 8 new vulnerabilities to its Known Exploited Vulnerabilities Catalog
The US CISA added eight more flaws to its Known Exploited Vulnerabilities Catalog that are known to be used in...
Hundreds of thousands of routers exposed to Eternal Silence campaign via UPnP
A hacking campaign, tracked as Eternal Silence, is abusing UPnP to compromise routers and use them to carry out malicious...
How a few PhD students revealed that phishing trainings might just not work: Lock and Code S03E03
You’ve likely fallen for it before—a simulated test sent by your own company to determine whether or not its employees...
Hackers stole $80M worth of cryptocurrency from the Qubit DeFi platform
Threat actors stole $80M worth of cryptocurrency from the Qubit DeFi platform by exploiting a flaw in the smart contract...
DeepDotWeb admin sentenced to 97 months in prison for money laundering scheme
The administrator of the DeepDotWeb (DDW) has received a sentence of 97 months in prison for money laundering. Tal Prihar...
Expert earned $100,500 bounty to hack Apple MacBook webcam and microphone
Apple paid +$100K bounty for a macOS series of flaws that can allow threat actors to take over the microphone...
Actor’s verified Twitter profile hijacked to spam NFT giveaways
When we refer to hijacked verified profiles on Twitter, it’s most commonly some sort of Elon Musk themed scam. The...
A week in security (January 24 – 30)
Last week on Malwarebytes Labs: QNAP update stops Deadbolt ransomware, annoys some users, starts debateBig Mother is watching: What parents...
Americans lost $770 million from social media fraud in 2021, FTC reports
A report from the US Federal Trade Commission (FTC) revealed that in 2021 Americans lost $770 million from social media...
Hybrid cloud campaign OiVaVoii targets company executives
A new hacking campaign, tracked as ‘OiVaVoii’, is targeting company executives with malicious OAuth apps. Researchers from Proofpoint have uncovered...
Expert releases PoC for CVE-2022-21882 Windows local privilege elevation issue
A researcher disclosed an exploit for a Windows local privilege elevation issue (CVE-2022-21882) that allows anyone to gain admin privileges...
Security Affairs newsletter Round 351
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free...
Novel device registration trick enhances multi-stage phishing attacks
Microsoft has disclosed details of a large-scale phishing campaign using a novel device registration technique to target other enterprises. Microsoft...
QNAP force-installs update against the recent wave of DeadBolt ransomware infections
QNAP forces its customers to update the firmware of their Network Attached Storage (NAS) devices to protect against the DeadBolt...
US FCC bans China Unicom Americas telecom over national security risks
The Federal Communications Commission (FCC) revoked the license for the China Unicom Americas over serious national security concerns. The Federal...
NCSC warns UK entities of potential destructive cyberattacks from Russia
The UK’s National Cyber Security Centre (NCSC) urges organizations to improve cybersecurity due to the risk of imminent destructive cyberattacks...
This Week in Security News – January 28th, 2022
Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened...
3 Remote Work Security Tips for CISOs
How can CISOs manage remote work security? Explore 3 tips to secure networks, endpoints, and users. If you like the...
What is Cloud Native?
You’ve most likely heard the term “cloud native,” but what does it really mean? This article explores the five requirements...
