New S1deload Malware Hijacking Users' Social Media Accounts and Mining Cryptocurrency

An active malware campaign has set its sights on Facebook and YouTube users by leveraging a new information stealer to hijack the accounts and abuse the systems' resources to mine cryptocurrency. Bitdefender is calling the malware S1deload Stealer for its use of DLL side-loading techniques to get...

Two Charged in SIM Swapping, Vishing Scams

Two young men from the eastern United States have been hit with identity theft and conspiracy charges for allegedly stealing bitcoin and social media accounts by tricking employees at wireless phone companies into giving away credentials needed to remotely access and modify customer account...

A week in security (November 12 – 18)

Last week on Malwarebytes Labs, we found out that TrickBot became a top business threat, so we took a deeper look at what's new with it. With Christmas just around the corner, the Secret Sister scam returned. We also touched on the security and privacy or lack thereof in smart jewelry, air traffi...

Design/Logic Flaw

In res/resrtpasterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized data disclosure media takeover in the RTP stack is possible with careful timing by an attacker. The...