Mobile malware evolution 2021
These statistics are based on detection verdicts of Kaspersky products received from users who consented to providing statistical data. Figures...
News
Xenomorph Android banking trojan distributed via Google Play Store
Xenomorph Android trojan has been observed distributed via the official Google Play Store targeting 56 European banks. Researchers from ThreatFabric...
Latest Mac Coinminer Utilizes Open-Source Binaries and the I2P Network
A Mac coinminer has been spotted using open-source components in its routine and the I2P Network to hide its traffic....
US-CERT Bulletin (SB22-052):Vulnerability Summary for the Week of February 14, 2022
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
How SMS PVA services could undermine SMS-based verification
Crooks abuse some SMS PVA services that allow their customers to create disposable user accounts to conduct malicious activities. While...
CISA offers guidance on dealing with information manipulation
Malicious actors use influence operations, like spreading false information, to shape public opinion, undermine trust, amplify division, and create dissension....
Facebook sued for siphoning facial recognition data without consent
Ken Paxton, the Attorney General of Texas, recently filed a lawsuit against Facebook’s parent company, Meta, for harvesting the facial...
A week in security (February 14 – February 20)
Last week on Malwarebytes Labs: Adobe patches actively exploited Magento/Adobe Commerce zero-dayRansomware gang hits 49ers’ network before Super Bowl kick...
A flaw in the encryption algorithm of Hive Ransomware allows retrieving encrypted files
Researchers discovered a flaw in the encryption algorithm used by Hive ransomware that allowed them to decrypt data. Researchers discovered...
Threat Report Portugal: Q4 2021
The Threat Report Portugal: Q4 2021 compiles data collected on the malicious campaigns that occurred from July to September, Q4,...
BEC scammers impersonate CEOs on virtual meeting platforms
The FBI warned US organizations and individuals are being increasingly targeted in BECattacks on virtual meeting platforms The Federal Bureau...
Threat actors stole at least $1.7M worth of NFTs from tens of OpenSea users
Threat actors have stolen and flipped high-valued NFTs from the users of the world’s largest NFT exchange, OpenSea. The world’s...
Security Affairs newsletter Round 354
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free...
Trickbot operation is now controlled by Conti ransomware
The Conti ransomware group takes over TrickBot malware operation and plans to replace it with BazarBackdoor malware. TrickBot operation has...
Watch out for this bump in LinkedIn phishing
LinkedIn is sometimes forgotten about in more general coverage of phishing attacks. Social media sites such as Facebook, Twitter, and...
US senators introduce the Kids Online Safety Act (KOSA)
US Senators Richard Blumenthal of Connecticut and Marsha Blackburn of Tennessee have introduced the Kids Online Safety Act (KOSA), legislation...
CISA compiled a list of free cybersecurity tools and services
The U.S. CISA has created a list of free cybersecurity tools and services that can help organizations increase their resilience....
White House and UK Gov attribute DDoS attacks on Ukraine to Russia’s GRU
The White House has linked the recent DDoS attacks against Ukraine ‘s banks and defense agencies to Russia’s GRU. The...
UpdraftPlus WordPress plugin update forced for million sites
WordPress forces the update of the UpdraftPlus plugin patch on 3 million sites to fix a high-severity vulnerability. WordPress has...
This Week in Security News – February 18, 2022
SMS PVA services' use of infected Android phones reveals flaws in SMS verification, and 'Russian state-sponsored cyber actors' cited in...
Google Privacy Sandbox promises to protect user privacy online
Google introduces Privacy Sandbox on Android aimed at leading to more private advertising solutions for mobile users. Google announced Privacy...
Iran-linked TunnelVision APT is actively exploiting the Log4j vulnerability
Iran-linked TunnelVision APT group is actively exploiting the Log4j vulnerability to deploy ransomware on unpatched VMware Horizon servers. Researchers from SentinelOne...
CVE-2021-44731 Linux privilege escalation bug affects Canonical’s Snap Package Manager
Qualys experts found a new Linux privilege escalation vulnerability, tracked as CVE-2021-44731, in Canonical’s Snap Package Manager. Canonical’s Snap software packaging and deployment...
Researchers created a PoC exploit for recently disclosed critical Magento CVE-2022-24086 bug
Researchers developed an exploit code for CVE-2022-24086 vulnerability affecting Adobe Commerce and Magento Open Source. Positive Technologies researchers have created a working...
