A week in security (March 1 – 7)

Last week on Malwarebytes Labs, our podcast featured Eva Galperin who talked to us about defending online anonymity and speech. We wrote about how Ryuk ransomware has developed a worm-like capability, how Exchange servers are attacked by Hafnium zero-days, 21 million free VPN users’ data was...

Domain dumpster diving

By Jaeson Schultz. Dumpster diving — searching through the trash looking for items of value — has long been a staple of hacking culture. In the 1995 movie "Hackers," Acid Burn and Crash Override are seen dumpster diving for information they can use to help them "hack the Gibson." Of course, not a...

CISA Issues Emergency Directive on In-the-Wild Microsoft Exchange Flaws

Following Microsoft's release of out-of-band patches to address multiple zero-day flaws in on-premises versions of Microsoft Exchange Server, the U.S. Cybersecurity and Infrastructure Security Agency CISA has issued an emergency directive warning of "active exploitation" of the vulnerabilities. T...

Far-Right Platform Gab Has Been Hacked—Including Private Data

The transparency group DDoSecrets says it will make the 70 GB of passwords, private posts, and more available to researchers, journalists, and social scientists...

China Hijacked an NSA Hacking Tool—and Used It for Years

The hackers used the agency’s EpMe exploit to attack Windows devices years before the Shadow Brokers leaked the agency’s zero-day arsenal online...

Cybersecurity in Cyberpunk 2077: the good, the bad, and the cringeworthy

What game caused some players to experience seizures, allows you to have unauthorized sex with Keanu Reeves, features a lead character who can’t keep the contents of his pants contained, was pulled from the PlayStation Store weeks after release, and still managed to shatter sales and streaming...

France Ties Russia's Sandworm to a Multiyear Hacking Spree

A French security agency warns that the destructively minded group has exploited an IT monitoring tool from Centreon...

Talking Emotet’s takedown with Adam Kujawa: Lock and Code S02E02

This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Adam Kujawa, security evangelist and director of Malwarebytes Labs, about Emotet, the former public enemy No. 1 in the cybercrime world. What began in 20...

Researchers Uncover Android Spying Campaign Targeting Pakistan Officials

Two new Android surveillanceware families have been found to target military, nuclear, and election entities in Pakistan and Kashmir as part of a pro-India, state-sponsored hacking campaign. Dubbed Hornbill and Sunbird, the malware impersonates legitimate or seemingly innocuous services to cover...

What’s most interesting about the Florida water system hack? That we heard about it at all.

Stories about computer security tend to go viral when they bridge the vast divide between geeks and luddites, and this weeks news about a hacker who tried to poison a Florida towns water supply was understandably front-page material. But for security nerds whove been warning about this sort of...

Adobe Connect 10 Username Disclosure

Title: adobe connect 10 Local Route Disclosure Author: h4shur date:2021-02-07 Vendor Homepage: https://www.adobe.com Software Link: https://www.adobe.com/products/adobeconnect.html Version: 10 and earlier Tested on: Windows 10 & Google Chrome Category : Web Application Bugs Description : There ar...

Presidential Cybersecurity and Pelotons

President Biden wants his Peloton in the White House. For those who have missed the hype, its an Internet-connected stationary bicycle. It has a screen, a camera, and a microphone. You can take live classes online, work out with your friends, or join the exercise social network. And all of that i...

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

Facebook, Instagram, TikTok, and Twitter this week all took steps to crack down on users involved in trafficking hijacked user accounts across their platforms. The coordinated action seized hundreds of accounts the companies say have played a major role in facilitating the trade and often lucrati...

Credit card skimmer piggybacks on Magento 1 hacking spree

Back in the fall of 2020 threat actors started to massively exploit a vulnerability in the no-longer maintained Magento 1 software branch. As a result, thousands of e-commerce shops were compromised and many of them injected with credit card skimming code. While monitoring activities tied to this...

Exploit for Path Traversal in Gitlab

The warn For demonstration purpose and ethical hacking only...

Ethical hacking, the best prevention against cyber attacks

By Waqas Ethical hacking is a part of cybersecurity that protects your organizations' online presence from different malicious threats like hacking, phishing, etc. This is a post from HackRead.com Read the original post: Ethical hacking, the best prevention against cyber attacks...

SonicWall SSL-VPN 8.0.0.0 - 'visualdoor' Remote Code Execution (Unauthenticated)

Exploit Title: SonicWall SSL-VPN 8.0.0.0 - 'shellshock/visualdoor' Remote Code Execution Unauthenticated Exploit Author: Darren Martyn Vendor Homepage: https://www.home-assistant.io/ Version: SMA 8.0.0.4 Blog post: https://darrenmartyn.ie/2021/01/24/visualdoor-sonicwall-ssl-vpn-exploit/...

Unauthorized Access Vulnerability in Unified Identity Platform of Lianhe Technology Co.

Lianyi Technology Co., Ltd. was registered and established on July 05, 2004 in Guangzhou Administration for Industry and Commerce. The company's business scope includes software development; information system integration services; information technology consulting services and so on. An...

2.28M MeetMindful Daters Compromised in Data Breach

More than 2.28 million members of the online dating site MeetMindful have reportedly been caught up in a wide-ranging data breach that exposes everything from Facebook tokens to physical characteristics. The ShinyHunters hacking group has stolen and published the personally identifiable PII data ...

Pen Testing By Numbers: Tracking Pen Testing Trends and Challenges

Over the years, penetration testing has had to change and adapt alongside the IT environments and technology that need to be assessed. Broad cybersecurity issues often influence the strategy and growth of pen-testing. In such a fast-paced field, organizations get real value from learning about...