490 matches found
10 SIM Swappers Arrested for Stealing $100M in Crypto from Celebrities
Ten people belonging to a criminal network have been arrested in connection with a series of SIM-swapping attacks that resulted in the theft of more than $100 million by hijacking the mobile phone accounts of high-profile individuals in the U.S. The Europol-coordinated year-long investigation was...
IBM API Connect 输入验证错误漏洞
IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from IBM USA. The product supports creating, running, managing, and securing APIs, microservices, and more. An input validation error vulnerability exists in IBM API Connect, which can be exploited by an...
Gaming Software Supply-Chain Attack Installs Spyware
Researchers allege, attackers have compromised the update mechanism of NoxPlayer, which is software that allows gamers to run Android apps on their PCs or Macs. They then installed malware onto victims’ devices with surveillance-related capabilities. NoxPlayer is developed by BigNox, which is a...
A New Software Supply‑Chain Attack Targeted Millions With Spyware
Cybersecurity researchers today disclosed a new supply chain attack targeting online gamers by compromising the update mechanism of NoxPlayer, a free Android emulator for PCs and Macs. Dubbed "Operation NightScout" by Slovak cybersecurity firm ESET, the highly-targeted surveillance campaign...
Arrest, Seizures Tied to Netwalker Ransomware
U.S. and Bulgarian authorities this week seized the darkweb site used by the NetWalker ransomware cybercrime group to publish data stolen from its victims. In connection with the seizure, a Canadian national suspected of extorting more than $27 million through the spreading of NetWalker was charg...
North Korea Targets—and Dupes—a Slew of Cybersecurity Pros
The sweeping campaign took advantage of the collaborative spirit among researchers, with an unknown number of victims...
Bosch PRAESIDEO and Bosch PRAESENSA Cross-Site Scripting Vulnerabilities
Bosch Praesideo and Bosch Praesensa are both products of Bosch, Germany.Bosch Praesideo is a device for digital broadcasting in public places. The device can provide daily information dissemination, emergency broadcasting, fire alarm and other functions for buildings and public places.Bosch...
Telegram Bots at Heart of Classiscam Scam-as-a-Service
A new automated scam-as-a-service has been unearthed, which leverages Telegram bots in order to steal money and payment data from European victims. The scam, which researchers call Classiscam, is being sold as a service by Russian-speaking cybercriminals, and has been used by at least 40 separate...
Activists Publish a Vast Trove of Ransomware Victims' Data
WikiLeaks successor DDoSecrets has amassed a controversial new collection of corporate secrets and is sharing them in the name of transparency...
A week in security (December 14 – December 20)
Last week on Malwarebytes Labs we kept you updated on the SolarWinds attack, we warned about the special dangers that come with the Christmas season, published a threat profile for the Egregor ransomware, warned how a lead generation scam was targeting potential Malwarebytes MSP partners, and...
How to Understand the Russia Hack Fallout
Not all SolarWinds victims are created equal...
Sunburst: connecting the dots in the DNS requests
On December 13, 2020 FireEye published important details of a newly discovered supply chain attack. An unknown attacker, referred to as UNC2452 or DarkHalo planted a backdoor in the SolarWinds Orion IT software. This backdoor, which comes in the form of a .NET module, has some really interesting...
Additional Analysis into the SUNBURST Backdoor | McAfee Blogs
ARCHIVED STORY Additional Analysis into the SUNBURST Backdoor Christiaan Beek · DEC 17, 2020 Executive Summary There has been considerable focus on the recent disclosures associated with SolarWinds, and while existing analysis on the broader campaign has resulted in detection against specific IoC...
Indian National Gets 20-Year Jail in United States for Running Scam Call Centers
An Indian national on Monday was sentenced to 20 years in prison in the Southern District of Texas for operating and funding India-based call centers that defrauded US victims out of millions of dollars between 2013 and 2016. Hitesh Madhubhai Patel aka Hitesh Hinglaj, who hails from the city of...
Chinese APT Hackers Target Southeast Asian Government Institutions
Cybersecurity researchers today unveiled a complex and targeted espionage attack on potential government sector victims in South East Asia that they believe was carried out by a sophisticated Chinese APT group at least since 2018. "The attack has a complex and complete arsenal of droppers,...
Ragnar Locker ransomware gang using Facebook ads to extort victims
By Deeba Ahmed Ragnar Locker ransomware gang has attacked multiple firms recently, but now it has taken extortion to the next level. This is a post from HackRead.com Read the original post: Ragnar Locker ransomware gang using Facebook ads to extort victims...
Maze ransomware gang announces retirement
The threat actors behind Maze ransomware have announced their retirement. On November 1, they posted the retirement announcement on the website where they would normally name and shame their victims that were unwilling to pay the ransom. image courtesy of Graham Cluley "The Project is closed. Maz...
Vulnerability fixed in Grafana
The vulnerability is known as a so-called Cross-Site Scripting. The vulnerability allows a remote malicious person to able to execute arbitrary code in the browser of the victim. Grafana Labs has released updates to fix the vulnerability. fix. More information can be found on the pages below:...
Microsoft warns of new Android ransomware blackmailing victims
By Waqas The AndroidOS/MalLocker.B Android ransomware is also capable of evading detection against several available protections. This is a post from HackRead.com Read the original post: Microsoft warns of new Android ransomware blackmailing victims...
New 'MosaicRegressor' UEFI Bootkit Malware Found Active in the Wild
Cybersecurity researchers have spotted a rare kind of potentially dangerous malware that targets a machine's booting process to drop persistent malware. The campaign involved the use of a compromised UEFI or Unified Extensible Firmware Interface containing a malicious implant, making it the secon...