Ransomware and wiper signed with stolen certificates
Introduction On July 17, 2022, Albanian news outlets reported a massive cyberattack that affected Albanian government e-services. A few weeks later, it was revealed that the cyberattacks were part of a coordinated effort likely intended to cripple the country's computer systems. On September 10,...
1.1AI Score
7.8CVSS
7.6AI Score
0.076EPSS
Threat Spotlight: XLLing in Excel - threat actors using malicious add-ins
Microsoft is phasing out support for executing VBA macros in downloaded Office documents. Cisco Talos investigates another vector for introduction of malicious code to Microsoft Excel--malicious add-ins, specifically XLL files. Although XLL files were supported since early versions of Excel,...
0.1AI Score
Is an outsourced SOC worth it? Looking at the ROI of MDR
In the turbulent world of cybersecurity, one thing is for certain: Threats are evolving in ways that make them harder for organizations to predict--and stop. For businesses with scarce security staff resources and disconnected, complex toolsets, keeping up with today's cyberthreats is even harder.....
-0.1AI Score
Ho, ho, no! Scams to avoid this festive season
Whether you've been naughty or nice, someone will try and stuff a scam down your chimney either way. The FBI is warning of several likely ways to be parted from your funds or logins, and we're going to give some additional context along with tips to avoid these digital lumps of coal. Social media.....
-0.3AI Score
Indicators of compromise (IOCs): how we collect and use them
It would hardly be an exaggeration to say that the phrase "indicators of compromise" (or IOCs) can be found in every report published on the Securelist. Usually after the phrase there are MD5 hashes[1], IP addresses and other technical data that should help information security specialists to...
-0.6AI Score
A remote, unauthenticated attacker could cause a denial-of-service of PHOENIX CONTACT FL MGUARD and TC MGUARD devices below version 8.9.0 by sending a larger number of unauthenticated HTTPS connections originating from different source IP’s. Configuring firewall limits for incoming connections...
7.5CVSS
7.6AI Score
0.002EPSS
CVE-2022-3480 Denial-of-Service vulnerability in PHOENIX CONTACT mGuard product family
A remote, unauthenticated attacker could cause a denial-of-service of PHOENIX CONTACT FL MGUARD and TC MGUARD devices below version 8.9.0 by sending a larger number of unauthenticated HTTPS connections originating from different source IP’s. Configuring firewall limits for incoming connections...
7.5CVSS
7.8AI Score
0.002EPSS
container-tools:3.0 security update
buildah [1.19.9-6] - update to the latest content of https://github.com/containers/buildah/tree/release-1.19 (https://github.com/containers/buildah/commit/6d7f496) - Related: #2061390 [1.19.9-5] - update to the latest content of https://github.com/containers/buildah/tree/release-1.19 ...
7.5CVSS
-0.2AI Score
0.005EPSS
In Phoenix Contact: FL MGUARD DM version 1.12.0 and 1.13.0 access to the Apache web server being installed as part of the FL MGUARD DM on Microsoft Windows does not require login credentials even if configured during installation.Attackers with network access to the Apache web server can download.....
7.5CVSS
7.4AI Score
0.002EPSS
Raccoon Stealer is back on the news again. US officials arrested Mark Sokolovsky, one of the malware actors behind this program. In July 2022, after several months of the shutdown, a Raccoon Stealer V2 went viral. Last week, the Department of Justice's press release stated that the malware...
0.3AI Score
The Hunt for the Kingpin Behind AlphaBay, Part 1: The Shadow
AlphaBay was the largest online drug bazaar in history, run by a technological mastermind who seemed untouchable—until his tech was turned against...
0.8AI Score
Healthcare site leaks personal health information via Google and Meta tracking pixels
Advocate Aurora Health has disclosed that by visiting its websites users may have shared personal information, and possibly protected health information (PHI), with Google and Meta (Facebook). Advocate Aurora Health is the 11th largest not-for-profit, integrated health system in the US and...
0.6AI Score
5 tips for embedding security into your workflows
Now, more than ever, the world needs innovation. From climate change to pandemics to food insecurity, we face many pressing realities that businesses can help us solve. Especially tech-related businesses. Technology can help drive progress on devastating conditions—like how Biorock can help...
-0.3AI Score
Threat Actors Exploiting F5 BIG-IP CVE-2022-1388
Summary Actions for administrators to take today: • Do not expose management interfaces to the internet. • Enforce multi-factor authentication. • Consider using CISA’s Cyber Hygiene Services. The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing...
9.8CVSS
10AI Score
0.975EPSS
Attack Analytics Helps You Find the Monsters Under the Bed
Alert fatigue kills data breach detection efforts Is there anything more frightening than missing a cyber attack? For most organizations, the answer is no. However, for many security teams, it’s challenging to tune alerts properly to minimize false positives and still be alerted to potential...
AI Score
Phoenix Contact FL IL 24 BK-PAC allows remote attackers to cause a denial of service (hang) via (1) unspecified manipulations as demonstrated by a Nessus scan or (2) malformed input to TCP port...
7AI Score
0.002EPSS
A week in security (September 26 – October 2)
Last week on Malwarebytes Labs: Why (almost) everything we told you about passwords was wrong Two new Exchange Server zero-days in the wild Local government cybersecurity: 5 best practices Optus data breach "attacker" says sorry, it was a mistake Fast Company hacked to send obscene and racist...
2.9AI Score
WP ALL Export Pro < 1.7.9 - Authenticated Code Injection
The plugin does not limit some functionality during exports only to users with the Administrator role, allowing any logged in user which has been given privileges to perform exports to execute arbitrary code on the site. By default only administrators can run exports, but the privilege can be...
7.2CVSS
0.7AI Score
0.001EPSS