A week in security (January 8 – January 14)

Last week on Malwarebytes Labs: FCC wants cars to make life harder for stalkers Joomla! vulnerability is being actively exploited Act now! Ivanti vulnerabilities are being actively exploited Ransomware review: January 2024 Info-stealers can steal cookies for permanent access to your Google accoun...

Automatic Conditional Access policies in Microsoft Entra streamline identity protection

Extending our commitment to help customers be secure by default, today were announcing the auto-rollout of Microsoft Entra Conditional Access policies that will automatically protect tenants based on risk signals, licensing, and usage. Weve designed these policies based on our deep knowledge of t...

in cortezaproject/corteza-server

Description During testing it was found that if a user revoke his all active session, then also user is able to make changes to his account. Proof of Concept 1. Log in to the application 2. Go to profilelogin sessions and revoke all sessions. 3. You will see that all other sessions are still vali...

How Cybercriminals Abuse OpenBullet for Credential Stuffing

In this blog, we detail how cybercriminals exploit OpenBullet, a legitimate web-testing software, to brute-force their way into targeted accounts...

Deleted Facebook Cybercrime Groups Had 300,000 Members

Hours after being alerted by KrebsOnSecurity, Facebook last week deleted almost 120 private discussion groups totaling more than 300,000 members who flagrantly promoted a host of illicit activities on the social media network's platform. The scam groups facilitated a broad spectrum of shady...

Data Breaches Feed Password Reuse Crimes: No Simple Fixes

It was June 2012 when Dale Meredith was shopping online for a BBQ grill for Father’s Day and found one at Sears.com. The only snag, he had to create a username and password to buy it. That irked him. He was annoyed because it was literally the hundredth-plus service—including his local newspaper,...

1.8 Million Accounts Hacked from Square Enix Japanese Game Company

1.8 Million Accounts Hacked from Square Enix Japanese Game Company Square Enix stated yesterday that somebody "may have gained unauthorized access to a particular Square Enix server " and took its members service offline in both Japan and the U.S. Today, the company clarified that 1.8 million...

Facebook "Trusted friends" Security Feature Easily Exploitable

Facebook "Trusted friends " Security Feature Easily Exploitable Last week Facebook announced that in one day 600,000 accounts possibly get hacked. Another possible solution for Facebook to combat security issues is to find 3 to 5 "Trusted friends ". Facebook will be adding two new security featur...