Categories: News Tags: bing Tags: microsoft Tags: azure Tags: takeover Tags: search Tags: results Tags: access We take a look at the BingBang flaw which allowed for search engine manipulation in Bing. (Read more...) The post "BingBang" flaw enabled altering of Bing search results, account takeover appeared first on Malwarebytes Labs.

...more

GoDaddy says it's a victim of multi-year cyberattack campaign

Published: 2023-02-20 07:00:00

Popularity: 36

Author: None

Keywords:

News

GoDaddy

GoDaddy breach

Categories: News Tags: GoDaddy Tags: GoDaddy breach Hosting and domain name company GoDaddy says it believes a sophisticated threat actor group has been subjecting the company to a multi-year attack campaign. (Read more...) The post GoDaddy says it's a victim of multi-year cyberattack campaign appeared first on Malwarebytes Labs.

...more

LastPass was undone by an attack on a remote employee

Published: 2023-03-01 01:45:00

Popularity: 70

Author: None

Keywords:

VPN

AWS

Categories: News Tags: LastPass Tags: remote Tags: work Tags: worker Tags: VPN Tags: media player Tags: compromise Tags: breach Tags: AWS Tags: cloud Tags: storage The attackers responsible for the LastPass breach compromised a remote worker's computer. (Read more...) The post LastPass was undone by an attack on a remote employee appeared first on Malwarebytes Labs.

...more

WordPress sites backdoored with ad fraud plugin

Published: 2023-02-16 06:00:00

Popularity: 12

Author: None

Keywords:

ads

Categories: Threat Intelligence Tags: ad fraud Tags: popunder Tags: ads Tags: fraud Tags: wordpress Tags: plugins Popunders are the ideal vehicle to serve ad fraud. In this case, we investigate a scheme where a webpage you can't see is loading a bunch of ads while code mimics user activity by scrolling and visiting links. (Read more...) The post WordPress sites backdoored with ad fraud plugin appeared first on Malwarebytes Labs.

...more

GitHub revokes several certificates after unauthorized access

Published: 2023-02-01 11:00:00

Popularity: 5

Author: None

Keywords:

Categories: News Tags: GitHub Tags: Atom Tags: Desktop for Mac Tags: Apple Developer ID Tags: certificates Tags: Digicert Tags: sunset After an unauthorized access incident, GitHub will revoke three certificates which will affect users of Atom and GitHub Desktop for Mac. (Read more...) The post GitHub revokes several certificates after unauthorized access appeared first on Malwarebytes Labs.

...more

4 over-hyped security vulnerabilities of 2022

Published: 2022-12-19 01:00:00

Popularity: 10

Author: None

Keywords:

Exploits and vulnerabilities

Categories: Exploits and vulnerabilities Categories: News Tags: wormable Tags: zero-day Tags: spring4shell Tags: cve-2022-34718 Tags: log4j Tags: openssl Tags: cve-2022-36934 Tags: cve-2022-27492 Tags: cve-2022-22965 Tags: cve-2022-22963 What does it take to make the discussion of vulnerabilities useful? And where did this go wrong in 2022? (Read more...) The post 4 over-hyped security vulnerabilities of 2022 appeared first on Malwarebytes Labs.

...more

Fake Proof-of-Concepts used to lure security professionals

Published: 2022-10-27 16:45:00

Popularity: 11

Author: None

Keywords:

Exploits and vulnerabilities

PoC

LLM Says: "Bait and switch"

Categories: Exploits and vulnerabilities Categories: News Tags: PoC Tags: PoCs Tags: Leiden Tags: GitHub Tags: VirusTotal Tags: AbuseIPDB Researchers from Leiden University analyzed many thousands of Proof-of-Concepts and found that 10 percent of those they found on GitHub are malicious (Read more...) The post Fake Proof-of-Concepts used to lure security professionals appeared first on Malwarebytes Labs.

...more

A Chrome fix for an in-the-wild exploit is out—Check your version

Published: 2022-10-28 21:45:00

Popularity: 36

Author: None

Keywords:

Exploits and vulnerabilities

News

Categories: Exploits and vulnerabilities Categories: News Google has issued an update for Chrome to fix an issue in the V8 JavaScript engine (Read more...) The post A Chrome fix for an in-the-wild exploit is out—Check your version appeared first on Malwarebytes Labs.

...more

Critical WhatsApp vulnerabilities patched: Check you've updated!

Published: 2022-09-26 10:00:00

Popularity: 22

Author: None

Keywords:

Exploits and vulnerabilities

News

CVE-2022-36934

CVE-2022-27492

LLM Says: ""Warning: Update Now!""

Categories: Exploits and vulnerabilities Categories: News Tags: WhatsApp Tags: CVE-2022-36934 Tags: CVE-2022-27492 Two RCE vulnerabilities were patched in WhatsApp. Both vulnerabilities were video related and could be used to compromise your device. (Read more...) The post Critical WhatsApp vulnerabilities patched: Check you've updated! appeared first on Malwarebytes Labs.

...more

Update Firefox and Thunderbird now! Mozilla patches several high risk vulnerabilities

Published: 2022-09-22 12:00:00

Popularity: 32

Author: None

Keywords:

Exploits and vulnerabilities

Categories: Exploits and vulnerabilities Categories: News Tags: CVE-2022-40959 Tags: CVE-2022-40960 Tags: CVE-2022-40962 Tags: CVE-2022-3033 Tags: Mozilla Tags: Firefox Tags: Thunderbird Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird which could be exploited to take control of a system. (Read more...) The post Update Firefox and Thunderbird now! Mozilla patches several high risk vulnerabilities appeared first on Malwarebytes Labs.

...more

Zero-day puts a dent in Chrome's mojo

Published: 2022-09-05 16:30:00

Popularity: 29

Author: None

Keywords:

Exploits and vulnerabilities

News

Categories: Exploits and vulnerabilities Categories: News The Google Chrome Team recently issued a fix for the CVE-2022-3075 zero-day. (Read more...) The post Zero-day puts a dent in Chrome's mojo appeared first on Malwarebytes Labs.

...more

Bad rhythm: Janet Jackson song resonates poorly with some old hard drives

Published: 2022-08-18 14:00:00

Popularity: 7

Author: None

Keywords:

LLM Says: "Disk crash"

Categories: Business Tags: Janet Jackson Tags: music Tags: rhythm nation Tags: song Tags: video Tags: resonant frequency Tags: hard drive We take a look at news of the Janet Jackson smash Rhythm Nation causing bizarre issues for certain older hard drive models. (Read more...) The post Bad rhythm: Janet Jackson song resonates poorly with some old hard drives appeared first on Malwarebytes Labs.

...more

TikTok vulnerability could have allowed hijackers to take over accounts

Published: 2022-09-01 12:00:00

Popularity: 18

Author: None

Keywords:

LLM Says: "TikTok hijacked"

Categories: News Tags: Exploit Tags: vulnerability Tags: Tik-Tok Tags: Microsoft Tags: JavaScript We take a look at a TikTok exploit discovered by Microsoft and passed on to the social media giant to have fixed. (Read more...) The post TikTok vulnerability could have allowed hijackers to take over accounts appeared first on Malwarebytes Labs.

...more

Update now! GitLab issues critical security release for RCE vulnerability

Published: 2022-08-25 10:00:00

Popularity: 4

Author: None

Keywords:

Exploits and vulnerabilities

RCE

LLM Says: "Git it done"

Categories: Exploits and vulnerabilities Categories: News Tags: GitLab Tags: RCE Tags: CVE-2022-2884 Tags: GitHub Tags: import GitLab has released important security fixes to patch for an RCE vulnerability, known as CVE-2022-2884. (Read more...) The post Update now! GitLab issues critical security release for RCE vulnerability appeared first on Malwarebytes Labs.

...more

Warning for WordPress admins: uninstall the Modern WPBakery plugin immediately!

Published: 2022-07-19 12:07:10

Popularity: 92

Author: Christopher Boyd

Keywords:

CVE

LLM Says: "Plugin fail"

We take a look at a WordPress plugin, abandoned and open to JavaScript related exploitation. Uninstall it now! The post Warning for WordPress admins: uninstall the Modern WPBakery plugin immediately! appeared first on Malwarebytes Labs.

...more

Roblox breached: Internal documents posted online by unknown attackers

Published: 2022-07-19 11:12:11

Popularity: 53

Author: Christopher Boyd

Keywords:

LLM Says: ""Hacked and Exposed""

We take a look at reports that internal Roblox employee documents have been leaked by an as-yet unknown attacker. The post Roblox breached: Internal documents posted online by unknown attackers appeared first on Malwarebytes Labs.

...more

HackerOne insider fired for trying to claim other people’s bounties

Published: 2022-07-04 21:08:37

Popularity: 29

Author: Pieter Arntz

Keywords:

LLM Says: ""Double agent fail""

Bug bounty platform HackerOne has disclosed that it was the victim of a rogue insider. The post HackerOne insider fired for trying to claim other people’s bounties appeared first on Malwarebytes Labs.

...more

MEGA claims it can’t decrypt your files. But someone’s managed to…

Published: 2022-06-22 15:52:41

Popularity: 73

Author: Pieter Arntz

Keywords:

LLM Says: "Megadelete"

Swiss researchers debunked MEGA's claims that anyone that would be able to take over MEGA's infrastructure would still not have access to your information and files. The post MEGA claims it can’t decrypt your files. But someone’s managed to… appeared first on Malwarebytes Labs.

...more

Zero-day vulnerabilities in Chrome and Android exploited by commercial spyware

Published: 2022-05-24 09:55:59

Popularity: 147

Author: Pieter Arntz

Keywords:

TAG

LLM Says: ""Surveillance mode engaged""

A spyware vendor called Cytrox was found to be using several zero-day vulnerabilities in Google's Chrome browser and the Android kernel component. The post Zero-day vulnerabilities in Chrome and Android exploited by commercial spyware appeared first on Malwarebytes Labs.

...more

Update now! Critical patches for Chrome and Edge

Published: 2022-04-30 13:44:04

Popularity: 615

Author: Pieter Arntz

Keywords:

Exploits and vulnerabilities

cjhromium

edge chrome

use after free

Google has released an update for the Chrome browser that includes 30 security fixes. Edge and other Chromium-based browsers also need updating. The post Update now! Critical patches for Chrome and Edge appeared first on Malwarebytes Labs.

...more

What are computer cookies?

Published: 2021-09-16 16:08:54

Popularity: 35

Author: Malwarebytes Labs

Keywords:

What are cookies, are they good or bad, how do they work, and why are some browsers banning third-party cookies? Categories: Malwarebytes news Tags: computer cookiescookiespersistent cookiessession cookiessuper cookiesthird-party cookies (Read more...) The post What are computer cookies? appeared first on Malwarebytes Labs.

...more

Phone screenshots accidentally leaked online by stalkerware-type company

Published: 2021-09-28 12:47:55

Popularity: 53

Author: Malwarebytes Labs

Keywords:

Stalkerware-type company pcTattleTale hasn't been very careful about securing the screenshots it sneakily takes from its victims' phones. Categories: Stalkerware Tags: Bryan FlemingJo CosciaLukas StefankopcTattleTalestalkerwareunsecure bucket (Read more...) The post Phone screenshots accidentally leaked online by stalkerware-type company appeared first on Malwarebytes Labs.

...more

Microsoft, CISA and NSA offer security tools and advice, but will you take it?

Published: 2021-09-29 13:23:50

Popularity: None

Author: Pieter Arntz

Keywords:

Opinion

cisa

emergency mitigation service

EOL

exchange

insider risk mitigation self-assessment tool

insider threat

microsoft

NSA

nss

supply chain attack

vpn

Microsoft, CISA, and the NSA are individually offering tools and advice that aim to improve security for organizations. But will the targeted audience have the time and resources to accept that help? Categories: Opinion Tags: cisaEMemergency mitigation serviceEOLexchangeinsider risk mitigation self-assessment toolinsider threatmicrosoftNSAnsssupply chain attackvpn (Read more...) The post Microsoft, CISA and NSA offer security tools and advice, but will you take it? appeared first on Malwarebytes Labs.

...more

SonicWall warns users to patch critical vulnerability “as soon as possible”

Published: 2021-09-24 11:09:10

Popularity: 2

Author: Pieter Arntz

Keywords:

Exploits and vulnerabilities

SonicWall is asking SMA 100 series customers to patch their appliances against a vulnerability that could give attackers administrator access. Categories: Exploits and vulnerabilities Tags: cve-2021-20034sma-100snwlid-2021-0021sonicwall (Read more...) The post SonicWall warns users to patch critical vulnerability “as soon as possible” appeared first on Malwarebytes Labs.

...more

BrakTooth Bluetooth vulnerabilities, crash all the devices!

Published: 2021-09-02 16:24:34

Popularity: 10

Author: Pieter Arntz

Keywords:

Exploits and vulnerabilities

BLE

lmp

SOC

sweynttoth

Researchers have disclosed a set of 16 Bluetooth vulnerabilities that potentially affect billions of devices. Categories: Exploits and vulnerabilities Tags: BLEbluetoothbraktoothcve-2021-28139espressiflink managerlmpSOCsweynttoth (Read more...) The post BrakTooth Bluetooth vulnerabilities, crash all the devices! appeared first on Malwarebytes Labs.

...more

PrintNightmare and RDP RCE among major issues tackled by Patch Tuesday

Published: 2021-08-11 12:16:17

Popularity: 3

Author: Pieter Arntz

Keywords:

Exploits and vulnerabilities

August 2021 Patch Tuesday has fewer bugs that we've gotten used to, but it includes some potential biggies. Categories: Exploits and vulnerabilities (Read more...) The post PrintNightmare and RDP RCE among major issues tackled by Patch Tuesday appeared first on Malwarebytes Labs.

...more

Apple’s search for child abuse imagery raises serious privacy questions

Published: 2021-08-06 21:10:54

Popularity: 7

Author: Thomas Reed

Keywords:

iOS

iMessage content, and photos sent to iCloud are going to be monitored for child sexual abuse material. Is it a great move, or a dangerous slide away from privacy? Categories: Malwarebytes news Tags: AppleCSAMicloudiOSiPadOSiPhone (Read more...) The post Apple’s search for child abuse imagery raises serious privacy questions appeared first on Malwarebytes Labs.

...more

Beware password-spraying fancy bears

Published: 2021-07-02 15:17:09

Popularity: 11

Author: Pieter Arntz

Keywords:

Reports

A collection of three- and four- letter agencies have issued a report about a sustained GRU operation against "enterprise and cloud environments". Categories: Reports (Read more...) The post Beware password-spraying fancy bears appeared first on Malwarebytes Labs.

...more

WhatsApp reverses course, will not limit app functionality

Published: 2021-06-01 19:25:55

Popularity: 28

Author: David Ruiz

Keywords:

Privacy

end-to-end encryption

facebook

whatsapp privacy policy

WhatsApp said it will no longer limit app functionality for users who refuse to share some data with Facebook. Categories: Privacy Tags: end-to-end encryptionfacebookwhatsappwhatsapp privacy policy (Read more...) The post WhatsApp reverses course, will not limit app functionality appeared first on Malwarebytes Labs.

...more

Falsifying and weaponizing certified PDFs

Published: 2021-05-27 16:55:30

Popularity: 9

Author: Pieter Arntz

Keywords:

Exploits and vulnerabilities

eaa

PDF

SSA

Certified PDFs are supposed to control modifications so that recipients know they haven't been tampered with. It doesn't always work. Categories: Exploits and vulnerabilities Tags: bochumcertified pdfdigital signatureseaaJavaScriptPDFSSA (Read more...) The post Falsifying and weaponizing certified PDFs appeared first on Malwarebytes Labs.

...more

Hat trick for Google as it patches two more zero-days in Chrome

Published: 2020-11-12 21:16:34

Popularity: 33

Author: Pieter Arntz

Keywords:

Exploits and vulnerabilities

Google has patched two more zero-day vulnerabilities that were actively being exploited in the wild. Update now! Categories: Exploits and vulnerabilities Tags: chromecve-2020-16013cve-2020-16017Googlepatchessite-isolation (Read more...) The post Hat trick for Google as it patches two more zero-days in Chrome appeared first on Malwarebytes Labs.

...more

TikTok is being discouraged and the app may be banned

Published: 2020-07-28 16:55:59

Popularity: 214

Author: Pieter Arntz

Keywords:

ban

usa

Companies and organizations are dicouraging their employees to use TikTok, especially on work related devices. Will TikTok face a ban? Categories: Privacy Tags: amazonAustraliabanbytedancechinaindiaprivacyredditsocial mediatiktokusa (Read more...) The post TikTok is being discouraged and the app may be banned appeared first on Malwarebytes Labs.

...more

Rocket Loader skimmer impersonates CloudFlare library in clever scheme

Published: 2020-03-10 15:46:13

Popularity: 89

Author: Jérôme Segura

Keywords:

URLs can be deceiving, but the one used to mimic CloudFlare's Rocket Loader in the latest Magecart attack takes it to a whole new level. Categories: Threat analysis Tags: HTTPSJavaScriptMagecartskimmerskimming (Read more...) The post Rocket Loader skimmer impersonates CloudFlare library in clever scheme appeared first on Malwarebytes Labs.

...more

Maine governor signs ISP privacy bill

Published: 2019-06-11 16:57:38

Popularity: 241

Author: David Ruiz

Keywords:

data privacy legislation

Governor Janet Mills

GSI

internet service provider

ISP

Janet Mills

LD 946

Maine

Maine State Chamber of Commerce

online privacy

online privacy law

online privacy legislation

Senator Shenna Bellows

Shenna Bellows

Less than one week after Maine Governor Janet Mills received one of the nation’s most privacy-protective state bills on her desk, she signed it into law. The move makes Maine the latest US state to implement its own online privacy protections. Categories: Privacy Tags: ACLU of MaineBangor Daily Newsdata privacy lawdata privacy legislationGovernor Janet MillsGSIinternet service providerISPJanet MillsLD 946MaineMaine State Chamber of Commerceonline privacyonline privacy lawonline privacy legislationSenator Shenna BellowsShenna Bellows (Read more...) The post Maine governor signs ISP privacy bill appeared first on Malwarebytes Labs.

...more

Fortnite gamers targeted by data theft malware

Published: 2019-03-07 22:08:28

Popularity: None

Author: None

If you've ever been tempted to cheat at Fortnite, think again—with the release of season six of the popular video game, we found a data theft malware masquerading as a cheat tool, ready to steal your browser sessions, cookies, and even your Bitcoin.

...more

New critical vulnerability discovered in open-source office suites

Published: 2019-03-07 21:58:11

Popularity: None

Author: None

A security researcher recently published a proof of concept exploit for open-source office software LibreOffice and OpenOffice. Will this new vulnerability be used in the wild?

...more