Microsoft Says Its Systems Were Also Breached in Massive SolarWinds Hack

The massive state-sponsored espionage campaign that compromised software maker SolarWinds also targeted Microsoft, as the unfolding investigation into the hacking spree reveals the incident may have been far more wider in scope, sophistication, and impact than previously thought. News of...

New Evidence Suggests SolarWinds' Codebase Was Hacked to Inject Backdoor

The investigation into how the attackers managed to compromise SolarWinds' internal network and poison the company's software updates is still underway, but we may be one step closer to understanding what appears to be a very meticulously planned and highly-sophisticated supply chain attack. A ne...

SolarWinds Issues Second Hotfix for Orion Platform Supply Chain Attack

Network monitoring services provider SolarWinds officially released a second hotfix to address a critical vulnerability in its Orion platform that was exploited to insert malware and breach public and private entities in a wide-ranging espionage campaign. In a new update posted to its advisory...

SolarWinds Issues Second Hotfix for Orion Platform Supply Chain Attack

Network monitoring services provider SolarWinds officially released a second hotfix to address a critical vulnerability in its Orion platform that was exploited to insert malware and breach public and private entities in a wide-ranging espionage campaign. In a new update posted to its advisory...

Russia's FireEye Hack Is a Statement—but Not a Catastrophe

The fallout from the attack may not be as dire as it first sounds...

Congrats to the winners of the 2020 December Metasploit community CTF

Thank you all that participated in the 2020 December Metasploit community CTF! The four day CTF was well received by the community, with 874 teams and 1903 users registered! We’ve included the high-level stats and the competition winners below. If you played the CTF and want to let the Metasploit...

The US Used the Patriot Act to Justify Logging Website Users

Plus: Better Twitter two-factor, a Spotify hack, and more of the week’s top security news...

Zero-Click exploit allowed attackers to hack any targeted iPhone

By Deeba Ahmed The iOS vulnerability allowed hackers to control your iPhone within radio proximity using AWDL. Here's its demo video. This is a post from HackRead.com Read the original post: Zero-Click exploit allowed attackers to hack any targeted iPhone...

Account Hijacking Site OGUsers Hacked, Again

For at least the third time in its existence, OGUsers -- a forum overrun with people looking to buy, sell and trade access to compromised social media accounts -- has been hacked. An offer by the apparent hackers of OGUsers, offering to remove account information from the eventual database leak i...

Tesla Hacked and Stolen Again Using Key Fob

Researchers have demonstrated for the third time how hacking into the key fob of a Tesla can allow someone to access and steal the car in minutes. The new attack again shows a security vulnerability in the keyless entry system of one of the most expensive electric vehicles EVs on the market...

Manchester United: IT Systems Disrupted in Cyberattack

The Manchester United football club in the U.K. has confirmed that the team fell victim to a cyberattack on its systems. Man U., one of the most popular soccer teams in the world, said that it was suffering ongoing IT disruptions. “The club has taken swift actions to contain the attack and is...

CVE-2020-4006

VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability. Recent assessments: ccondon-r7 at December 10, 2020 7:54pm UTC reported: I’ve seen some news headlines with very scary-sounding words “ransacking...

Announcing the 2020 December Metasploit community CTF

It’s time for another Metasploit community CTF! We're back on our usual end-of-year schedule this time around, and we’re doing a few things differently. Past CTFs have featured a wide range of challenges across different architectures, difficulty levels, and targets. This year, we wanted to make...

JWT-Hack - Tool To En/Decoding JWT, Generate Payload For JWT Attack And Very Fast Cracking(Dict/Brutefoce)

jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast crackingdict/brutefoce Installation go-getdev version $ go get -u github.com/hahwul/jwt-hack homebrew $ brew tap hahwul/jwt-hack $ brew install jwt-hack snapcraft $...

A week in security (September 28 – October 4)

Last week on Malwarebytes Labs, we dug into what happens when card fraud comes calling, we gave a rundown on some novel ransomware attacks that took advantage of smart coffee makers, and we introduced VideoBytes, our new, monthly series in which well provide video coverage of some of the...

Russia’s Fancy Bear Hackers Likely Penetrated a US Federal Agency

New clues indicate that APT28 may be behind a mysterious intrusion that US officials disclosed last week...

Introducing VideoBytes, by Malwarebytes Labs

We have exciting news for avid readers of Malwarebytes Labs: This week, we’re launching a new, monthly video series that will feature the research, insights, and commentary of our own Adam Kujawa, security evangelist and a director for Malwarebytes Labs. Welcome to VideoBytes, our little corner o...

Facebook Busts Russian Disinfo Networks as US Election Looms

The campaigns primarily targeted countries outside the US. But the same mechanisms could be used in “hack and leak” operations like those that roiled the 2016 campaign...

Inside the Twitter Hack—and What Happened Next

On July 15, a massive Twitter hack rocked the inside and out. On Election Day, that's not an option...

Activision Refutes Claims of 500K-Account Hack

After reports surfaced that 500,000 Activision accounts may have been hacked, impacting online Call of Duty CoD players, the gaming giant is disputing the claim. The alleged breach was first flagged by the oRemyy account on Twitter, and was quickly amplified by others, who claimed that accounts...