EUVD-2022-47533

Malicious code in bioql PyPI...

EUVD-2024-37392

Malicious code in bioql PyPI...

SIM swapper jailed for 18 months over crypto heist

Nicholas Truglia 25 from Florida was sentenced to 18 months on Thursday for his involvement in a digital heist that cost Michael Terpin @michaelterpin, a renowned personality in the cryptocurrency space, $23.8M. The theft happened on January 2018, where Truglia and his co-conspirators targeted...

CVE-2022-3031

An issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. It may be possible for an attacker to guess a user's password by brute force by sending crafted requests to a specific...

Twilio Breach Also Compromised Authy Two-Factor Accounts of Some Users

Twilio, which earlier this month became a sophisticated phishing attack, disclosed last week that the threat actors also managed to gain access to the accounts of 93 individual users of its Authy two-factor authentication 2FA service. The communication tools company said the unauthorized access...

RUSTSEC-2022-0018 Timing attack

Affecting versions did not compare tokens in constant time, which could make it possible for an attacker to guess the 2fa token of a user. This has been fixed by using using the crate constanttimeeq for comparison...

Get a head start on defending against tax scams

It may not be tax season in your part of the world right now but you’ll no doubt be pleased to know a prolific tax scammer is on their way to jail for 20 years. If you’re annoyed by tax scam missives, or had the misfortune to hand money over, this is probably satisfying news. Between 2013 and 201...

A week in security (September 10 – 16)

Last week on Malwarebytes Labs, we assessed the security of a portable router, identified ways to waste a scammer's time, named the many faces of omnichannel fraud, questioned the security of 2FAs, profiled a massive tech support scam operation, and exposed a new HMRC phishing campaign. Other...

Uber dismissive about security flaw that lets hackers bypass its 2FA

By Waqas Uber has no plans to fix a critical security flaw This is a post from HackRead.com Read the original post: Uber dismissive about security flaw that lets hackers bypass its 2FA...

That's A Clever Hack! How anyone could make Money from Google and Microsoft

Smart hackers could exploit a loophole that could allow them to steal a significant amount of cash from Google, Microsoft and Instagram using a Premium rate phone number. Security researcher Arne Swinnen from Belgium has discovered an ingenious way to steal money from big tech companies like...