105 matches found
Octopus Scanner Sinks Tentacles into GitHub Repositories
The Octopus Scanner malware, which targets the Apache NetBeans Java integrated development environment IDE, has been nesting in at least 26 GitHub source-code repositories, according to researchers – waiting to take over developer machines. A team from GitHub Security Labs, acting on a tip from a...
Operational resilience in a remote work world
Microsoft CEO Satya Nadella recently said, “We have seen two years’ worth of digital transformation in two months.” This is a result of many organizations having to adapt to the new world of document sharing and video conferencing as they become distributed organizations overnight. At Microsoft, ...
Hackers Update Age-Old Excel 4.0 Macro Attack
Hackers have updated the age-old Excel malware attack technique with a new passwordless twist. Researchers have identified a new method that no longer requires victims to enter a password to open a danger document, more readily exposing them to potential malware infection. Researchers from securi...
Is Vulnerability Management more about Vulnerabilities or Management?
I've just read a nice article about Vulnerability Management in the Acribia blog in Russian. An extract and my comments below. In the most cases Vulnerability Management is not about Vulnerabilities, but about Management. Just filtering the most critical vulnerabilities is not enough. Practical...
Wawa Breach May Have Affected More Than 30 Million Customers
A recent dump of payment card information being sold on a popular online fraud marketplace suggests that more than 30 million payment cards may have been affected by a malware attack and data breach at Wawa convenience stores and gas stations that was first revealed in December. The Joker’s Stash...
Oil-and-Gas APT Pivots to U.S. Power Plants.
A known APT group with ties to the Iran-linked APT33, dubbed Magnallium, has expanded its targeting from the global oil-and-gas industry to specifically include electric companies in North America. That’s according to a report from Dragos, released Thursday, which noted that the discovery is part...
Travelex Knocked Offline by System-Wide Malware Attack
A “computer virus” has forced foreign currency exchange giant Travelex to shut down its online services and its app – leaving its retail locations to carry out tasks manually and many customers stranded without travel money. Its global banking partners have also been left adrift with no way to bu...
Travelex exchange suffers malware attack; affects Tesco Bank service
By Waqas Travelex acknowledged the malware attack in a series of tweets to its customers. This is a post from HackRead.com Read the original post: Travelex exchange suffers malware attack; affects Tesco Bank service...
A week in security (December 23 – 29)
Last week on Malwarebytes Labs, we continued our retrospective coverage with a look at how lawmakers in the United States treated online privacy this year, finding trends in multiple federal bills introduced in the Senate. Then we took a little break for the holidays. Other cybersecurity news: No...
Understanding the Risk of Zero-Day Exploits
To protect your home from thieves, the easiest thing you can do is lock your windows and doors every time you leave the house. Similarly, in cybersecurity, the easiest way to protect your network is to keep your hardware and applications up to date with the latest security patches. But how do you...
Alex Jones claims malware planted child porn on InfoWars servers
By Waqas Alex Jones is now offering $1 million to catch attacker who behind the malware attack. Alex Jones, the founder of InfoWars, and his lawyer Norm Pattis claimed on Friday that someone sent malware on InfoWars servers and which ended up planting child pornography content on the servers. To...
Threats target financial institutions, fintech, and cryptocurrencies
With news of a malware attack on accounting firm Wolters Kluwer causing a "quiet panic" in the accounting world this week, our assertion that financial institutions—from banks to brokers—are part of the vital infrastructure of society has been solidified. According to its website, Wolters Kluwer...
What’s Behind the Wolters Kluwer Tax Outage?
Early in the afternoon on Friday, May, 3, I asked a friend to relay a message to his security contact at CCH, the cloud-based tax division of the global information services firm Wolters Kluwer in the Netherlands. The message was that the same file directories containing new versions of CCH's...
Use Safety and Precaution When Using USBs
Removable USB devices are basic instruments for storing and transferring files from one device to another. Although they’re convenient to use, they can also pose a potential threat to your devices—especially when used without prior caution. There are reported instances, where researchers weren’t...
Lovecraft Video pc client software has dll file loading vulnerability
Aqiyi Video is a client software under Aqiyi that focuses on video playback. The Aiki Video pc client software suffers from a dll file loading vulnerability, which can be exploited by an attacker to execute an arbitrary code DLL file on the target system using malware...
A week in security (January 28 – February 3)
Last week, we ran another in our interview with a malware hunter series, explained a FaceTime vulnerability, and took a deep dive into a new stealer. We also threw some light on a Houzz data breach, and what exactly happened between Apple and Facebook. Other cybersecurity news Kwik Fit hit by...
Malware Attack Crippled Production of Major U.S. Newspapers
A malware attack targeting Tribune Publishing Co. crippled the printing and deliveries of several major newspapers across the U.S. this weekend – including the Los Angeles Times and Wall Street Journal. The virus impacted computer systems of Tribune Publishing Co., which publishes an array of maj...
Major US newspapers suffer malware attack; printing & delivery affected
By Waqas It is believed that the malware attack was carried out from outside the United States. The Los Angeles Times suffered a malware attack earlier this Saturday that disrupted printing and delivery process for several of its print editions across the country, the newspaper said. The malware...
Hacking Police Bodycams
Suprising no one, the security of police bodycams is terrible. Mitchell even realized that because he can remotely access device storage on models like the Fire Cam OnCall, an attacker could potentially plant malware on some of the cameras. Then, when the camera connects to a PC for syncing, it...
FBI Router Reboot Warning: How Do I Stay Safe from the New VPNFilter Malware?
You might have seen reports that the FBI is warning home users of a new foreign cyber-attack campaign targeted at your routers and network-attached storage NAS devices. Here’s a breakdown of exactly what has happened, and what you need to do to keep your home IT systems safe and secure. What is...