Cyberpunk 2077 Publisher Hit with Hack, Ransomware

UPDATE CD Projekt Red, the videogame-development company behind Cyberpunk 2077 and the wildly popular Witcher series, has suffered a ransomware attack that could soon result in troves of company data being dumped online – including game source code. The Warsaw-based company tweeted out a notice o...

Hacker Tries to Poison Water Supply of Florida Town

A threat actor hacked into the computer system of the water treatment facility in Oldsmar, Fla., and tried to poison the town’s water supply by raising the levels of sodium hydroxide, or lye, in the water supply. The attack happened just two days before NFL’s Super Bowl LV was held nearby in Tamp...

A week in security (February 1 – February 7)

Last week on Malwarebytes Labs, we dug into a load of security events. We first peered into how Fonix ransomware was giving up the ghost, swearing off a life of crime and even apologizing for past actions. We looked at a credit card skimmer that found opportunity in the latest Magento 1 hacking...

Exploit for Command Injection in Rapid7 Metasploit

CVE-2020-7384 This is a small exploit in bash which I had mad...

A Second SolarWinds Hack Deepens Third-Party Software Fears

It appears that not only Russia but also China targeted the company, a reminder of the many ways interconnectedness can go wrong...

Insider Attack on Home Surveillance Systems

No one who reads this blog regularly will be surprised: A former employee of prominent home security company ADT has admitted that he hacked into the surveillance feeds of dozens of customer homes, doing so primarily to spy on naked women or to leer at unsuspecting couples while they had sex. …...

Here's How SolarWinds Hackers Stayed Undetected for Long Enough

Microsoft on Wednesday shared more specifics about the tactics, techniques, and procedures TTPs adopted by the attackers behind the SolarWinds hack to stay under the radar and avoid detection, as cybersecurity companies work towards getting a "clearer picture" of one of the most sophisticated...

SolarWinds Hires Chris Krebs, Alex Stamos in Wake of Hack

SolarWinds, which has been embroiled in a recent, widescale hack, has called in two security powerhouses for help: Former director of the Cybersecurity and Infrastructure Security Agency CISA Chris Krebs, and former Facebook security executive Alex Stamos. Texas-based SolarWinds hired the duo as...

SolarWinds Hackers Also Accessed U.S. Justice Department's Email Server

The U.S. Department of Justice on Wednesday became the latest government agency in the country to admit its internal network was compromised as part of the SolarWinds supply chain attack. "On December 24, 2020, the Department of Justice's Office of the Chief Information Officer OCIO learned of...

Latest on the SVR’s SolarWinds Hack

The New York Times has an in-depth article on the latest information about the SolarWinds hack not a great name, since its much more far-reaching than that. Interviews with key players investigating what intelligence agencies believe to be an operation by Russia’s S.V.R. intelligence service...

Microsoft Says SolarWinds Hackers Accessed Some of Its Source Code

Microsoft on Thursday revealed that the threat actors behind the SolarWinds supply chain attack were able to gain access to a small number of internal accounts and escalate access inside its internal network. The "very sophisticated nation-state actor" used the unauthorized access to view, but no...

A week in security (December 21- December 27)

Last week on Malwarebytes Labs we warned our readers about not so festive social media scams, how Emotet returned just in time for Christmas, we tried out some free online games your kids are playing and here’s what happened, and our VideoBytes episode talked about what penetration testing tools...

A ‘Bulletproof’ Criminal VPN Was Taken Down in a Global Sting

Plus: Dozens of reporters get hit by an iMessage exploit, continued fallout from the SolarWinds hack, and more of the week’s top security news...

2020 Shows the Danger of a Decapitated Cyber Regime

Trump's White House has long been AWOL on cybersecurity. That lack of oversight almost seemed to be working—until the SolarWinds hack...

iPhones of 36 Journalists Hacked Using iMessage Zero-Click Exploit

Three dozen journalists working for Al Jazeera had their iPhones stealthily compromised via a zero-click exploit to install spyware as part of a Middle East cyberespionage campaign. In a new report published yesterday by University of Toronto's Citizen Lab, researchers said personal phones of 36...

Russia's SolarWinds Hack Is a Historic Mess

All the most important stories about the biggest hack in years...

How to Understand the Russia Hack Fallout

Not all SolarWinds victims are created equal...

Microsoft Says Its Systems Were Also Breached in Massive SolarWinds Hack

The massive state-sponsored espionage campaign that compromised software maker SolarWinds also targeted Microsoft, as the unfolding investigation into the hacking spree reveals the incident may have been far more wider in scope, sophistication, and impact than previously thought. News of...

Microsoft Says Its Systems Were Also Breached in Massive SolarWinds Hack

The massive state-sponsored espionage campaign that compromised software maker SolarWinds also targeted Microsoft, as the unfolding investigation into the hacking spree reveals the incident may have been far more wider in scope, sophistication, and impact than previously thought. News of...

New Evidence Suggests SolarWinds' Codebase Was Hacked to Inject Backdoor

The investigation into how the attackers managed to compromise SolarWinds' internal network and poison the company's software updates is still underway, but we may be one step closer to understanding what appears to be a very meticulously planned and highly-sophisticated supply chain attack. A ne...