Bitcoin Giveaway Scam Balloons, with Google the Latest Victim

Google’s official G Suite Twitter account, which has more than 800,000 followers, on Tuesday became the latest victim of an increasingly widespread Bitcoin scam, according to researchers. The growing size and scope of the scam — as well as the cybercriminals’ success in hijacking high-profile,...

iOS 12.1 passcode bypass hack discovered just few hours after its release

By Waqas Only a few hours have passed since the new iOS 12.1’s release and already its passcode bypass hack has been identified. Through the hack, the attacker can see all the private conversations on a locked iPhone. The passcode bypass hack has been discovered by a Spanish security researcher...

A week in security (October 15 – 21)

Last week on Malwarebytes Labs, we went over how to build your own motion-activated security camera, wondered whether FIDO is the future instrument to replace passwords and usernames, informed you about information operations on Twitter, and released our Q3 Malwarebytes Labs Cybercrime Tactics an...

This Week in Security News: Apex One™ Release and Java Usage Tracker Flaws

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, Apex One enters as the evolution of Trend Micro’s endpoint security solution for enterprise. Also, learn about Java Usage Tracker’s new...

New APT Could Signal Reemergence of Notorious Comment Crew

A recently observed APT campaign, dubbed Operation Oceansalt, could herald the return of the infamous China-linked hacking group known as Comment Crew or APT1. Attacks are cunning and are defined by their their deep targeting and use of an innovative multi-wave attack methodology. Operation...

Anthem, Apple and the Pentagon: A Data-Breach Cornucopia

Like pumpkin spice and turning leaves, data breaches have become a theme for the fall. This season is shaping up to be no exception, with Anthem, Apple and, worryingly, the Pentagon all making headlines in the last few days. It is, of course, part of the “new normal” as cyberattackers continue to...

Heatmiser Wifi Thermostat 1.7 - Credential Disclosure

Exploit Title: Heatmiser Wifi Thermostat 1.7 - Credential Disclosure Dork: intitle:"Heatmiser Wifi Thermostat" Date: 2018-08-17 Exploit Author: d0wnp0ur Original Discoverer: Andrew Tierney Vendor Lnk: https://www.heatmiser.com/en/ Product Link: https://www.heatmiser.com/en/wireless-thermostats/...

Chinese Spying Chips Found Hidden On Servers Used By US Companies

A media report today revealed details of a significant supply chain attack which appears to be one of the largest corporate espionage and hardware hacking programs from a nation-state. According to a lengthy report published today by Bloomberg, a tiny surveillance chip, not much bigger than a gra...

New iPhone Passcode Bypass Hack Exposes Photos and Contacts

Looking for a hack to bypass the passcode or screen lock on iPhones? Jose Rodriguez, an iPhone enthusiast, has discovered a passcode bypass vulnerability in Apple's new iOS version 12 that potentially allows an attacker to access photos and contacts, including phone numbers and emails, on a locke...

Millions of accounts affected in latest Facebook hack

Update 2018-10-18: According to the Wall Street Journal, the hack on Facebook was perpetrated by spammers rather than a nation state. Facebook also revised its numbers down, saying that about 30 million accounts had been compromised. Facebook announced earlier today that its social network had be...

iPhone XS Passcode Bypass Hack Exposes Contacts, Photos

A passcode bypass vulnerability in Apple’s new iOS version 12 could allow an attacker to access photos and contacts including phone numbers and emails on a locked iPhone XS and other devices. The hack allows someone with physical access to a vulnerable iPhone to sidestep the passcode authorizatio...

16-Year-Old Boy Who Hacked Apple's Private Systems Gets No Jail Time

An Australian teenager who pleaded guilty to break into Apple's private systems multiple times over several months and download some 90GB of secure files has avoided conviction and will not serve time in prison. An Australian Children's Court has given the now 19-year-old adult defendant, who was...

CVE-2018-14645

A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpackvalididx resulted in a remote crash and denial of service...

Powerful Android and iOS Spyware Found Deployed in 45 Countries

One of the world's most dangerous Android and iPhone spyware program has been found deployed against targets across 45 countries around the world over the last two years, a new report from Citizen Lab revealed. The infamous spyware, dubbed Pegasus, is developed by NSO Group—an Israeli company whi...

Magecart Threat Group Racks Up More Hack Victims

Days after Magecart adversaries were blamed for the British Airways breach, the threat group was also identified as behind hacking two additional victims this week – including customer engagement tool Feedify and boutique deal company Groopdealz. The hack of Feedify was disclosed after Twitter us...

Using MITRE ATT&CK When Researching Attacker Behavior in a Post-Compromise World

MITRE ATT&CK is arguably one of the best assets available to security professionals who want to dive into the intricacies of detecting and preventing adversary behaviors. Why is that? It’s a great knowledge base of known adversarial behaviors overlayed with attacker TTPs and their state in the...

U.S. Charges North Korean Spy Over WannaCry and Sony Pictures Hack

The U.S. Department of Justice announces criminal charges against a North Korean government spy in connection with the 2017 global WannaCry ransomware attack and the 2014 Sony Pictures Entertainment hack. According to multiple government officials cited by the NY Times who are familiar with the...

U.S. Charges North Korean Spy Over WannaCry and Sony Pictures Hack

The U.S. Department of Justice announces criminal charges against a North Korean government spy in connection with the 2017 global WannaCry ransomware attack and the 2014 Sony Pictures Entertainment hack. According to multiple government officials cited by the NY Times who are familiar with the...

Brazilian Crypto exchange hacked; private data of over 264,000 users exposed

By Waqas A Brazilian firm Crypto exchange Atlas has become a victim of a security breach and over 264,000 users’ email addresses, phone numbers, and cryptocurrency amount related information might have been leaked. The news of data hack was reported firstly by a YouTube channel in Brazil called...

A week in security (August 13 – August 19)

Last week on Malwarebytes Labs, we talked about how Process Doppelgänging meets Process Hollowing in the Osiris dropper, provided hints, tips, and links for a safer school year, gave a recap of Black Hat USA 2018, offered some tips for a secure content management system, highlighted a silly...