A week in security (August 7 - August 13)

Last week on Malwarebytes Labs: Zoom clarifies user consent requirement when training its AI Several hospitals still counting the cost of widespread ransomware attack Old exploit kits still kicking around in 2023 YouTube makes sweeping changes to tackle spam on Shorts videos Googles "browse...

Watch out for fake WhatsApp “New Incoming Voicemessage” emails

Thanks to the Threat Intelligence team for their help with this article. Security researchers from Armorblox, a cybersecurity company specializing in email-based threats, have encountered a fake WhatsApp email with the subject "New Incoming Voicemessage." The spoofed WhatsApp voicemail notificati...

Malvertisers Exploited WebKit 0-Day to Redirect Browser Users to Scam Sites

A malvertising group known as "ScamClub" exploited a zero-day vulnerability in WebKit-based browsers to inject malicious payloads that redirected users to fraudulent websites gift card scams. The attacks, first spotted by ad security firm Confiant in late June 2020, leveraged a bug CVE-2021–1801...

Malvertisers Exploited WebKit 0-Day to Redirect Browser Users to Scam Sites

A malvertising group known as "ScamClub" exploited a zero-day vulnerability in WebKit-based browsers to inject malicious payloads that redirected users to fraudulent websites gift card scams. The attacks, first spotted by ad security firm Confiant in late June 2020, leveraged a bug CVE-2021–1801...