Are cybercriminals turning away from the US and targeting Europe instead?

Significant cyberattacks against critical targets in Europe have doubled in the past year, according to EU figures obtained by CNN. And with the announced pressure from the US against major ransomware gangs we can expect these figures to go up even more. Its also clear from recent attacks that th...

Ukraine Identifies Russian FSB Officers Hacking As Gamaredon Group

Ukraine's premier law enforcement and counterintelligence agency on Thursday disclosed the real identities of five individuals allegedly involved in digital intrusions attributed to a cyber-espionage group named Gamaredon, linking the members to Russia's Federal Security Service FSB. Calling the...

Recent NPM package hack is an alarming reminder of the risks of website supply-chain fraud

There are over 1.8 billion websites online today. Almost 98% of them are powered by JavaScript, and for a good reason: JavaScript’s flexibility and portability enable the rich online functionality we’ve all come to know and love. But when that same functionality becomes a significant vector for...

FBI Raids Chinese Point-of-Sale Giant PAX Technology

U.S. federal investigators today raided the Florida offices of PAX Technology, a Chinese provider of point-of-sale devices used by millions of businesses and retailers globally. KrebsOnSecurity has learned the raid is tied to reports that PAXs systems may have been involved in cyberattacks on U.S...

Groove Calls for Cyberattacks on US as REvil Payback

UPDATE: Subsequent reporting and disclosures show “Groove” was a hoax intended to lure media outlets into reporting on fake potential threats against U.S. government interests. Threatpost regrets falling for a troll. Lesson learned and apologies to our readers. Following the recent international...

SolarWinds APT Targets Tech Resellers in Latest Supply-Chain Cyberattacks

The SolarWinds attackers – an advanced persistent threat APT known as Nobelium – have started a new wave of supply-chain intrusions, this time using the technology reseller/service provider community to attack their targets. The activity has affected victims in North America and Europe thus far,...

2022 Planning: Designing Effective Strategies to Manage Supply Chain Risk

Supply chains are on everyone's mind right now — from consumer-tech bottlenecks to talks of holiday-season toy shortages. Meanwhile, cyberattacks targeting elements of the supply chain have become increasingly common and impactful — making this area of security a top priority as organizations...

TikTok Serves Up Fresh Gamer Targets

TikTok has made people do all sorts of wild things — eat frozen honey, work on their choreography and even fall for malicious malvertising campaigns. The latest TikTok attacks are getting served to gamers on the platform disguised as “free” or “hacked” versions of games like Among Us, free Steam...

The Ultimate SaaS Security Posture Management (SSPM) Checklist

Cloud security is the umbrella that holds within it: IaaS, PaaS and SaaS. Gartner created the SaaS Security Posture Management SSPM category for solutions that continuously assess security risk and manage the SaaS applications' security posture. With enterprises having 1,000 or more employees...

OpenSea ‘Free Gift’ NFTs Drain Cryptowallet Balances

Users of OpenSea, the world’s largest digital-collectible marketplace, have found their cryptocurrency wallets ripped off thanks to cyberattackers weaponizing security bugs that allowed them to highjack user accounts. The attacks revolved around boobytrapped art files, which circulated in the for...

Office 365 Spy Campaign Targets US Military Defense

A new threat actor, dubbed DEV-0343, has been spotted attacking U.S. and Israeli defense technology companies, Persian Gulf ports of entry and global maritime transportation companies with ties to the Middle East. The threat actor’s goal is Microsoft Office 365 account takeovers. Microsoft, which...

How cyberattacks are changing according to new Microsoft Digital Defense Report

In 2021, cybercrime has become more sophisticated, widespread, and relentless. Criminals have targeted critical infrastructure—healthcare,1 information technology,2 financial services,3 energy sectors4—with headline-grabbing attacks that crippled businesses and harmed consumers. But there are...

A week in security (Oct 4 – Oct 10)

Last week on Malwarebytes Labs Does Cybersecurity Awareness Month actually improve security? Police take a piece out of a ransomware gang, but won’t say which one Neiman Marcus data breach affects millions Windows 11 is out. Is it any good for security? Criminals were inside Syniverse for 5 years...

A10: Insufficient logging and monitoring ❗️ — Top 10 OWASP 2017

A10: Insufficient logging and monitoring ❗️ — Top 10 OWASP 2017 Introduction Insufficient logging and monitoring is in the Top 10 OWASP for many different reasons. Not only is it hard to detect but it’s also hard to protect from. There are several ways we can protect ourselves from this...

Dune Foresaw—and Influenced—Half a Century of Global Conflict

From Afghanistan to cyberattacks, Frank Herbert’s novel anticipated and shaped warfare as we know it...

EU: Russia Behind ‘Ghostwriter’ Campaign Against Germany

In the wake of cyberattacks targeting the recently held German elections, the European Union has blamed Russia for an ongoing disinformation campaign called “Ghostwriter.” Germany is the latest target in an effort that for years has tried to discredit NATO, and which has both smeared and...

Malwarebytes research shows an unequal, unsafe Internet

If the Internet was as safe and as private as it is essential for everyday life—increasingly required for job applications, bank transfers, doctor’s appointments, and filing taxes—then we’d likely have fewer online scams, better privacy protections, smaller data breaches, and a lower overall risk...

100M IoT Devices Exposed By Zero-Day Bug

A flaw in a widely used internet-of-things IoT infrastructure code left more than 100 million devices across 10,000 enterprises vulnerable to attacks. Researchers at Guardara used their technology to find a zero-day vulnerability in NanoMQ, an open-source platform from EMQ that monitors IoT devic...

Cyberattacks from all Angles: 2021 Midyear Report

We look at the most pertinent cybersecurity issues organizations across the globe faced in the first half of 2021...

3 trends shaping identity as the center of modern security

I recently returned from Kenya, where I visited our Microsoft Nairobi development center. Like many of you, I’ve mostly worked from home for the past year and more, so it was refreshing to meet members of our global team and inspiring to feel their passion for our mission: delivering identity...