Summary

Total Articles Found: 36

Top sources:

Top Keywords:

Top Authors

Top Articles:

  • Update now! Critical patches for Chrome and Edge
  • Maine governor signs ISP privacy bill
  • TikTok is being discouraged and the app may be banned
  • Zero-day vulnerabilities in Chrome and Android exploited by commercial spyware
  • Warning for WordPress admins: uninstall the Modern WPBakery plugin immediately!
  • Rocket Loader skimmer impersonates CloudFlare library in clever scheme
  • MEGA claims it can’t decrypt your files. But someone’s managed to…
  • LastPass was undone by an attack on a remote employee
  • Roblox breached: Internal documents posted online by unknown attackers
  • Phone screenshots accidentally leaked online by stalkerware-type company

"BingBang" flaw enabled altering of Bing search results, account takeover

Published: 2023-03-30 04:00:00

Popularity: 6

Author: None

Keywords:

  • News
  • bing
  • microsoft
  • azure
  • takeover
  • search
  • results
  • access
  • Categories: News Tags: bing Tags: microsoft Tags: azure Tags: takeover Tags: search Tags: results Tags: access We take a look at the BingBang flaw which allowed for search engine manipulation in Bing. (Read more...) The post "BingBang" flaw enabled altering of Bing search results, account takeover appeared first on Malwarebytes Labs.

    ...more

    GoDaddy says it's a victim of multi-year cyberattack campaign

    Published: 2023-02-20 07:00:00

    Popularity: 36

    Author: None

    Keywords:

  • News
  • GoDaddy
  • GoDaddy breach
  • Categories: News Tags: GoDaddy Tags: GoDaddy breach Hosting and domain name company GoDaddy says it believes a sophisticated threat actor group has been subjecting the company to a multi-year attack campaign. (Read more...) The post GoDaddy says it's a victim of multi-year cyberattack campaign appeared first on Malwarebytes Labs.

    ...more

    LastPass was undone by an attack on a remote employee

    Published: 2023-03-01 01:45:00

    Popularity: 70

    Author: None

    Keywords:

  • News
  • LastPass
  • remote
  • work
  • worker
  • VPN
  • media player
  • compromise
  • breach
  • AWS
  • cloud
  • storage
  • Categories: News Tags: LastPass Tags: remote Tags: work Tags: worker Tags: VPN Tags: media player Tags: compromise Tags: breach Tags: AWS Tags: cloud Tags: storage The attackers responsible for the LastPass breach compromised a remote worker's computer. (Read more...) The post LastPass was undone by an attack on a remote employee appeared first on Malwarebytes Labs.

    ...more

    WordPress sites backdoored with ad fraud plugin

    Published: 2023-02-16 06:00:00

    Popularity: 12

    Author: None

    Keywords:

  • Threat Intelligence
  • ad fraud
  • popunder
  • ads
  • fraud
  • wordpress
  • plugins
  • Categories: Threat Intelligence Tags: ad fraud Tags: popunder Tags: ads Tags: fraud Tags: wordpress Tags: plugins Popunders are the ideal vehicle to serve ad fraud. In this case, we investigate a scheme where a webpage you can't see is loading a bunch of ads while code mimics user activity by scrolling and visiting links. (Read more...) The post WordPress sites backdoored with ad fraud plugin appeared first on Malwarebytes Labs.

    ...more

    GitHub revokes several certificates after unauthorized access

    Published: 2023-02-01 11:00:00

    Popularity: 5

    Author: None

    Keywords:

  • News
  • GitHub
  • Atom
  • Desktop for Mac
  • Apple Developer ID
  • certificates
  • Digicert
  • sunset
  • Categories: News Tags: GitHub Tags: Atom Tags: Desktop for Mac Tags: Apple Developer ID Tags: certificates Tags: Digicert Tags: sunset After an unauthorized access incident, GitHub will revoke three certificates which will affect users of Atom and GitHub Desktop for Mac. (Read more...) The post GitHub revokes several certificates after unauthorized access appeared first on Malwarebytes Labs.

    ...more

    4 over-hyped security vulnerabilities of 2022

    Categories: Exploits and vulnerabilities Categories: News Tags: wormable Tags: zero-day Tags: spring4shell Tags: cve-2022-34718 Tags: log4j Tags: openssl Tags: cve-2022-36934 Tags: cve-2022-27492 Tags: cve-2022-22965 Tags: cve-2022-22963 What does it take to make the discussion of vulnerabilities useful? And where did this go wrong in 2022? (Read more...) The post 4 over-hyped security vulnerabilities of 2022 appeared first on Malwarebytes Labs.

    ...more

    Fake Proof-of-Concepts used to lure security professionals

    Published: 2022-10-27 16:45:00

    Popularity: 11

    Author: None

    Keywords:

  • Exploits and vulnerabilities
  • News
  • PoC
  • PoCs
  • Leiden
  • GitHub
  • VirusTotal
  • AbuseIPDB
  • 🤖: "Bait and switch"

    Categories: Exploits and vulnerabilities Categories: News Tags: PoC Tags: PoCs Tags: Leiden Tags: GitHub Tags: VirusTotal Tags: AbuseIPDB Researchers from Leiden University analyzed many thousands of Proof-of-Concepts and found that 10 percent of those they found on GitHub are malicious (Read more...) The post Fake Proof-of-Concepts used to lure security professionals appeared first on Malwarebytes Labs.

    ...more

    A Chrome fix for an in-the-wild exploit is out—Check your version

    Published: 2022-10-28 21:45:00

    Popularity: 36

    Author: None

    Keywords:

  • Exploits and vulnerabilities
  • News
  • Categories: Exploits and vulnerabilities Categories: News Google has issued an update for Chrome to fix an issue in the V8 JavaScript engine (Read more...) The post A Chrome fix for an in-the-wild exploit is out—Check your version appeared first on Malwarebytes Labs.

    ...more

    Critical WhatsApp vulnerabilities patched: Check you've updated!

    Published: 2022-09-26 10:00:00

    Popularity: 22

    Author: None

    Keywords:

  • Exploits and vulnerabilities
  • News
  • WhatsApp
  • CVE-2022-36934
  • CVE-2022-27492
  • 🤖: ""Warning: Update Now!""

    Categories: Exploits and vulnerabilities Categories: News Tags: WhatsApp Tags: CVE-2022-36934 Tags: CVE-2022-27492 Two RCE vulnerabilities were patched in WhatsApp. Both vulnerabilities were video related and could be used to compromise your device. (Read more...) The post Critical WhatsApp vulnerabilities patched: Check you've updated! appeared first on Malwarebytes Labs.

    ...more

    Update Firefox and Thunderbird now! Mozilla patches several high risk vulnerabilities

    Published: 2022-09-22 12:00:00

    Popularity: 32

    Author: None

    Keywords:

  • Exploits and vulnerabilities
  • News
  • CVE-2022-40959
  • CVE-2022-40960
  • CVE-2022-40962
  • CVE-2022-3033
  • Mozilla
  • Firefox
  • Thunderbird
  • Categories: Exploits and vulnerabilities Categories: News Tags: CVE-2022-40959 Tags: CVE-2022-40960 Tags: CVE-2022-40962 Tags: CVE-2022-3033 Tags: Mozilla Tags: Firefox Tags: Thunderbird Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird which could be exploited to take control of a system. (Read more...) The post Update Firefox and Thunderbird now! Mozilla patches several high risk vulnerabilities appeared first on Malwarebytes Labs.

    ...more

    Zero-day puts a dent in Chrome's mojo

    Published: 2022-09-05 16:30:00

    Popularity: 29

    Author: None

    Keywords:

  • Exploits and vulnerabilities
  • News
  • Categories: Exploits and vulnerabilities Categories: News The Google Chrome Team recently issued a fix for the CVE-2022-3075 zero-day. (Read more...) The post Zero-day puts a dent in Chrome's mojo appeared first on Malwarebytes Labs.

    ...more

    Bad rhythm: Janet Jackson song resonates poorly with some old hard drives

    Published: 2022-08-18 14:00:00

    Popularity: 7

    Author: None

    Keywords:

  • Business
  • Janet Jackson
  • music
  • rhythm nation
  • song
  • video
  • resonant frequency
  • hard drive
  • 🤖: "Disk crash"

    Categories: Business Tags: Janet Jackson Tags: music Tags: rhythm nation Tags: song Tags: video Tags: resonant frequency Tags: hard drive We take a look at news of the Janet Jackson smash Rhythm Nation causing bizarre issues for certain older hard drive models. (Read more...) The post Bad rhythm: Janet Jackson song resonates poorly with some old hard drives appeared first on Malwarebytes Labs.

    ...more

    TikTok vulnerability could have allowed hijackers to take over accounts

    Published: 2022-09-01 12:00:00

    Popularity: 18

    Author: None

    Keywords:

  • News
  • Exploit
  • vulnerability
  • Tik-Tok
  • Microsoft
  • JavaScript
  • 🤖: "TikTok hijacked"

    Categories: News Tags: Exploit Tags: vulnerability Tags: Tik-Tok Tags: Microsoft Tags: JavaScript We take a look at a TikTok exploit discovered by Microsoft and passed on to the social media giant to have fixed. (Read more...) The post TikTok vulnerability could have allowed hijackers to take over accounts appeared first on Malwarebytes Labs.

    ...more

    Update now! GitLab issues critical security release for RCE vulnerability

    Published: 2022-08-25 10:00:00

    Popularity: 4

    Author: None

    Keywords:

  • Exploits and vulnerabilities
  • News
  • GitLab
  • RCE
  • CVE-2022-2884
  • GitHub
  • import
  • 🤖: "Git it done"

    Categories: Exploits and vulnerabilities Categories: News Tags: GitLab Tags: RCE Tags: CVE-2022-2884 Tags: GitHub Tags: import GitLab has released important security fixes to patch for an RCE vulnerability, known as CVE-2022-2884. (Read more...) The post Update now! GitLab issues critical security release for RCE vulnerability appeared first on Malwarebytes Labs.

    ...more

    Warning for WordPress admins: uninstall the Modern WPBakery plugin immediately!

    Published: 2022-07-19 12:07:10

    Popularity: 92

    Author: Christopher Boyd

    Keywords:

  • Malwarebytes news
  • compromise
  • CVE
  • exploit
  • hijack
  • JavaScript
  • modern wpbakery
  • plugin
  • wordpress
  • 🤖: "Plugin fail"

    We take a look at a WordPress plugin, abandoned and open to JavaScript related exploitation. Uninstall it now! The post Warning for WordPress admins: uninstall the Modern WPBakery plugin immediately! appeared first on Malwarebytes Labs.

    ...more

    Roblox breached: Internal documents posted online by unknown attackers

    Published: 2022-07-19 11:12:11

    Popularity: 53

    Author: Christopher Boyd

    Keywords:

  • Cybercrime
  • compromise
  • data
  • employee
  • hack
  • roblox
  • 🤖: ""Hacked and Exposed""

    We take a look at reports that internal Roblox employee documents have been leaked by an as-yet unknown attacker. The post Roblox breached: Internal documents posted online by unknown attackers appeared first on Malwarebytes Labs.

    ...more

    HackerOne insider fired for trying to claim other people’s bounties

    Published: 2022-07-04 21:08:37

    Popularity: 29

    Author: Pieter Arntz

    Keywords:

  • Reports
  • bug bounty
  • disclosure
  • HackerOne
  • insider threat
  • rzlr
  • 🤖: ""Double agent fail""

    Bug bounty platform HackerOne has disclosed that it was the victim of a rogue insider. The post HackerOne insider fired for trying to claim other people’s bounties appeared first on Malwarebytes Labs.

    ...more

    MEGA claims it can’t decrypt your files. But someone’s managed to…

    Published: 2022-06-22 15:52:41

    Popularity: 73

    Author: Pieter Arntz

    Keywords:

  • Reports
  • ciphertext
  • curve25519
  • ed25519
  • encryption
  • MEGA
  • 🤖: "Megadelete"

    Swiss researchers debunked MEGA's claims that anyone that would be able to take over MEGA's infrastructure would still not have access to your information and files. The post MEGA claims it can’t decrypt your files. But someone’s managed to… appeared first on Malwarebytes Labs.

    ...more

    Zero-day vulnerabilities in Chrome and Android exploited by commercial spyware

    Published: 2022-05-24 09:55:59

    Popularity: 147

    Author: Pieter Arntz

    Keywords:

  • Privacy
  • Citizen Lab
  • CVE-2021-1048
  • cve-2021-37973
  • cve-2021-37976
  • cve-2021-38000
  • cve-2021-38002
  • Cytrox
  • edps
  • Pegasus
  • predator
  • TAG
  • verint
  • 🤖: ""Surveillance mode engaged""

    A spyware vendor called Cytrox was found to be using several zero-day vulnerabilities in Google's Chrome browser and the Android kernel component. The post Zero-day vulnerabilities in Chrome and Android exploited by commercial spyware appeared first on Malwarebytes Labs.

    ...more

    Update now! Critical patches for Chrome and Edge

    Published: 2022-04-30 13:44:04

    Popularity: 615

    Author: Pieter Arntz

    Keywords:

  • Exploits and vulnerabilities
  • cjhromium
  • edge chrome
  • use after free
  • Google has released an update for the Chrome browser that includes 30 security fixes. Edge and other Chromium-based browsers also need updating. The post Update now! Critical patches for Chrome and Edge appeared first on Malwarebytes Labs.

    ...more

    What are computer cookies?

    Published: 2021-09-16 16:08:54

    Popularity: 35

    Author: Malwarebytes Labs

    Keywords:

  • Malwarebytes news
  • computer cookies
  • cookies
  • persistent cookies
  • session cookies
  • super cookies
  • third-party cookies
  • What are cookies, are they good or bad, how do they work, and why are some browsers banning third-party cookies? Categories: Malwarebytes news Tags: computer cookiescookiespersistent cookiessession cookiessuper cookiesthird-party cookies (Read more...) The post What are computer cookies? appeared first on Malwarebytes Labs.

    ...more

    Phone screenshots accidentally leaked online by stalkerware-type company

    Published: 2021-09-28 12:47:55

    Popularity: 53

    Author: Malwarebytes Labs

    Keywords:

  • Stalkerware
  • Bryan Fleming
  • Jo Coscia
  • Lukas Stefanko
  • pcTattleTale
  • stalkerware
  • unsecure bucket
  • Stalkerware-type company pcTattleTale hasn't been very careful about securing the screenshots it sneakily takes from its victims' phones. Categories: Stalkerware Tags: Bryan FlemingJo CosciaLukas StefankopcTattleTalestalkerwareunsecure bucket (Read more...) The post Phone screenshots accidentally leaked online by stalkerware-type company appeared first on Malwarebytes Labs.

    ...more

    Microsoft, CISA and NSA offer security tools and advice, but will you take it?

    Microsoft, CISA, and the NSA are individually offering tools and advice that aim to improve security for organizations. But will the targeted audience have the time and resources to accept that help? Categories: Opinion Tags: cisaEMemergency mitigation serviceEOLexchangeinsider risk mitigation self-assessment toolinsider threatmicrosoftNSAnsssupply chain attackvpn (Read more...) The post Microsoft, CISA and NSA offer security tools and advice, but will you take it? appeared first on Malwarebytes Labs.

    ...more

    SonicWall warns users to patch critical vulnerability “as soon as possible”

    Published: 2021-09-24 11:09:10

    Popularity: 2

    Author: Pieter Arntz

    Keywords:

  • Exploits and vulnerabilities
  • cve-2021-20034
  • sma-100
  • snwlid-2021-0021
  • sonicwall
  • SonicWall is asking SMA 100 series customers to patch their appliances against a vulnerability that could give attackers administrator access. Categories: Exploits and vulnerabilities Tags: cve-2021-20034sma-100snwlid-2021-0021sonicwall (Read more...) The post SonicWall warns users to patch critical vulnerability “as soon as possible” appeared first on Malwarebytes Labs.

    ...more

    BrakTooth Bluetooth vulnerabilities, crash all the devices!

    Published: 2021-09-02 16:24:34

    Popularity: 10

    Author: Pieter Arntz

    Keywords:

  • Exploits and vulnerabilities
  • BLE
  • bluetooth
  • braktooth
  • cve-2021-28139
  • espressif
  • link manager
  • lmp
  • SOC
  • sweynttoth
  • Researchers have disclosed a set of 16 Bluetooth vulnerabilities that potentially affect billions of devices. Categories: Exploits and vulnerabilities Tags: BLEbluetoothbraktoothcve-2021-28139espressiflink managerlmpSOCsweynttoth (Read more...) The post BrakTooth Bluetooth vulnerabilities, crash all the devices! appeared first on Malwarebytes Labs.

    ...more

    PrintNightmare and RDP RCE among major issues tackled by Patch Tuesday

    Published: 2021-08-11 12:16:17

    Popularity: 3

    Author: Pieter Arntz

    Keywords:

  • Exploits and vulnerabilities
  • August 2021 Patch Tuesday has fewer bugs that we've gotten used to, but it includes some potential biggies. Categories: Exploits and vulnerabilities (Read more...) The post PrintNightmare and RDP RCE among major issues tackled by Patch Tuesday appeared first on Malwarebytes Labs.

    ...more

    Apple’s search for child abuse imagery raises serious privacy questions

    Published: 2021-08-06 21:10:54

    Popularity: 7

    Author: Thomas Reed

    Keywords:

  • Malwarebytes news
  • Apple
  • CSAM
  • icloud
  • iOS
  • iPadOS
  • iPhone
  • iMessage content, and photos sent to iCloud are going to be monitored for child sexual abuse material. Is it a great move, or a dangerous slide away from privacy? Categories: Malwarebytes news Tags: AppleCSAMicloudiOSiPadOSiPhone (Read more...) The post Apple’s search for child abuse imagery raises serious privacy questions appeared first on Malwarebytes Labs.

    ...more

    Beware password-spraying fancy bears

    Published: 2021-07-02 15:17:09

    Popularity: 11

    Author: Pieter Arntz

    Keywords:

  • Reports
  • A collection of three- and four- letter agencies have issued a report about a sustained GRU operation against "enterprise and cloud environments". Categories: Reports (Read more...) The post Beware password-spraying fancy bears appeared first on Malwarebytes Labs.

    ...more

    WhatsApp reverses course, will not limit app functionality

    Published: 2021-06-01 19:25:55

    Popularity: 28

    Author: David Ruiz

    Keywords:

  • Privacy
  • end-to-end encryption
  • facebook
  • whatsapp
  • whatsapp privacy policy
  • WhatsApp said it will no longer limit app functionality for users who refuse to share some data with Facebook. Categories: Privacy Tags: end-to-end encryptionfacebookwhatsappwhatsapp privacy policy (Read more...) The post WhatsApp reverses course, will not limit app functionality appeared first on Malwarebytes Labs.

    ...more

    Falsifying and weaponizing certified PDFs

    Published: 2021-05-27 16:55:30

    Popularity: 9

    Author: Pieter Arntz

    Keywords:

  • Exploits and vulnerabilities
  • bochum
  • certified pdf
  • digital signatures
  • eaa
  • JavaScript
  • PDF
  • SSA
  • Certified PDFs are supposed to control modifications so that recipients know they haven't been tampered with. It doesn't always work. Categories: Exploits and vulnerabilities Tags: bochumcertified pdfdigital signatureseaaJavaScriptPDFSSA (Read more...) The post Falsifying and weaponizing certified PDFs appeared first on Malwarebytes Labs.

    ...more

    Hat trick for Google as it patches two more zero-days in Chrome

    Published: 2020-11-12 21:16:34

    Popularity: 33

    Author: Pieter Arntz

    Keywords:

  • Exploits and vulnerabilities
  • chrome
  • cve-2020-16013
  • cve-2020-16017
  • Google
  • patches
  • site-isolation
  • Google has patched two more zero-day vulnerabilities that were actively being exploited in the wild. Update now! Categories: Exploits and vulnerabilities Tags: chromecve-2020-16013cve-2020-16017Googlepatchessite-isolation (Read more...) The post Hat trick for Google as it patches two more zero-days in Chrome appeared first on Malwarebytes Labs.

    ...more

    TikTok is being discouraged and the app may be banned

    Published: 2020-07-28 16:55:59

    Popularity: 214

    Author: Pieter Arntz

    Keywords:

  • Privacy
  • amazon
  • Australia
  • ban
  • bytedance
  • china
  • india
  • privacy
  • reddit
  • social media
  • tiktok
  • usa
  • Companies and organizations are dicouraging their employees to use TikTok, especially on work related devices. Will TikTok face a ban? Categories: Privacy Tags: amazonAustraliabanbytedancechinaindiaprivacyredditsocial mediatiktokusa (Read more...) The post TikTok is being discouraged and the app may be banned appeared first on Malwarebytes Labs.

    ...more

    Rocket Loader skimmer impersonates CloudFlare library in clever scheme

    Published: 2020-03-10 15:46:13

    Popularity: 89

    Author: Jérôme Segura

    Keywords:

  • Threat analysis
  • HTTPS
  • JavaScript
  • Magecart
  • skimmer
  • skimming
  • URLs can be deceiving, but the one used to mimic CloudFlare's Rocket Loader in the latest Magecart attack takes it to a whole new level. Categories: Threat analysis Tags: HTTPSJavaScriptMagecartskimmerskimming (Read more...) The post Rocket Loader skimmer impersonates CloudFlare library in clever scheme appeared first on Malwarebytes Labs.

    ...more

    Maine governor signs ISP privacy bill

    Less than one week after Maine Governor Janet Mills received one of the nation’s most privacy-protective state bills on her desk, she signed it into law. The move makes Maine the latest US state to implement its own online privacy protections. Categories: Privacy Tags: ACLU of MaineBangor Daily Newsdata privacy lawdata privacy legislationGovernor Janet MillsGSIinternet service providerISPJanet MillsLD 946MaineMaine State Chamber of Commerceonline privacyonline privacy lawonline privacy legislationSenator Shenna BellowsShenna Bellows (Read more...) The post Maine governor signs ISP privacy bill appeared first on Malwarebytes Labs.

    ...more

    Fortnite gamers targeted by data theft malware

    Published: 2019-03-07 22:08:28

    Popularity: None

    Author: None

    If you've ever been tempted to cheat at Fortnite, think again—with the release of season six of the popular video game, we found a data theft malware masquerading as a cheat tool, ready to steal your browser sessions, cookies, and even your Bitcoin.

    ...more

    New critical vulnerability discovered in open-source office suites

    Published: 2019-03-07 21:58:11

    Popularity: None

    Author: None

    A security researcher recently published a proof of concept exploit for open-source office software LibreOffice and OpenOffice. Will this new vulnerability be used in the wild?

    ...more

    end