41 matches found
CVE-2025-32056
The anti-theft protection mechanism can be bypassed by attackers due to weak response generation algorithms for the head unit. It is possible to reveal all 32 corresponding responses by sniffing CAN traffic or by pre-calculating the values, which allow to bypass the protection. First identified o...
Bosch Infotainment ECU security vulnerabilities
The Bosch Infotainment ECU is an in-car entertainment system developed by the German company Bosch. There is a security vulnerability in the Bosch Infotainment ECU. This vulnerability arises from the anti-theft protection mechanism, which can be bypassed due to a weak response generation algorith...
EUVD-2020-18391
Malware in sbrugna...
SONNI: Secure Oblivious Neural Network Inference
In the standard privacy-preserving Machine learning as-a-service MLaaS model, the client encrypts data using homomorphic encryption and uploads it to a server for computation. The result is then sent back to the client for decryption. It has become more and more common for the computation to be...
Android's New Identity Check Feature Locks Device Settings Outside Trusted Locations
Google has launched a new feature called Identity Check for supported Android devices that locks sensitive settings behind biometric authentication when outside of trusted locations. "When you turn on Identity Check, your device will require explicit biometric authentication to access certain...
My child had her data stolen—here’s how to protect your kids from identity theft
Recently, I received a letter in the mail from a company about a data breach. The letter said that the company had been a victim of a cyberattack back in March in which files were scrambled what we know as ransomware. The attacker had also accessed sensitive files and customer health data. Sadly,...
We’re making it easier for you to protect your identity
Things have changed in cybersecurity. Gone are the days when our only worry was downloading a virus. Now, 71% of people say having their data leaked and identity stolen is one of their biggest fears about being online. Sadly, they’re right to be concerned: Fraud losses hit $10 billion in 2023 up...
PetSmart warns customers of credential stuffing attack
Pet retail company PetSmart has emailed customers to alert them to a recent credential stuffing attack. Credential stuffing relies on the re-use of passwords. Take this example: User of Site A uses the same email and password to login to Site B. Site A gets compromised and those login details are...
Raccoon Infostealer operator extradited to the United States
A Ukrainian national, Mark Sokolovsky, has been indicted for crimes related to fraud, money laundering and aggravated identity theft and extradited to the United States from the Netherlands, the US Attorney’s Office of the Western District of Texas has announced. In March 2022, around the same ti...
2 million job seekers targeted by data thieves
A cybercriminal group known as ResumeLooters has infiltrated 65 job listing and retail websites, compromising the personal data of over two million job seekers. The group used SQL injection and cross-site scripting XSS attacks—both common techniques— to extract the sensitive information from the...
State of Maine data breach impacts 1.3 million people
The US State of Maine says it has suffered a data breach impacting around 1.3 million people. According to the census from July 2022, thats more or less the the entire population of Maine. The State of Maine says it was compromised via a known vulnerability in secure transfer service MOVEit...
A week in security (October 23 – October 29)
Last week on Malwarebytes Labs: Malvertising via Dynamic Search Ads delivers malware bonanza Octo Tempest cybercriminal group is "a growing concern"—Microsoft Update now! Apple patches a raft of vulnerabilities Patch…later? Safari iLeakage bug not fixed Update vCenter Server now! VMWare fixes...
Announcing NEW Malwarebytes Identity Theft Protection
We’ve always been committed to keeping you safe and secure online. But these days, cybersecurity isn’t just about defending you from malware; it’s about protecting your—and your family’s—entire digital identity. We know that people are worried. In fact, in our latest report, titled “Everyone’s...
Tampa General Hospital half thwarts ransomware attack, but still loses patient data
The Tampa General Hospital TGH has promised to reach out to individuals whose information has been stolen by a ransomware group. In a cybersecurity notice, TGH said it noticed unusual activity on its computer systems on May 31, 2023. "Fortunately, TGHs monitoring systems and experienced technolog...
Maternal & Family Health Services discloses ransomware attack months after discovery
Maternal & Family Health Services MFHS, a nonprofit healthcare giant based in Pennsylvania, said in an advisory and press release that it has suffered a ransomware attack which led to the potential exposure of sensitive data of patients, employees, and vendors. That data includes names, addresses...
A week in security (August 1 - August 7)
Last week on Malwarebytes Labs: Have we lost the fight for data privacy? Lock and Code S03E16 Wrestling star Mick Foleys Twitter compromised, selling PS5 consoles Millions of Arris routers are vulnerable to path traversal attacks When a sextortion victim fights back How to protect yourself and yo...
Norton 360 Now Comes With a Cryptominer
Norton 360, one of the most popular antivirus products on the market today, has installed a cryptocurrency mining program on its customers computers. Nortons parent firm says the cloud-based service that activates the program and allows customers to profit from the scheme -- in which the company...
Guess Fashion Deals With Data Loss, Post-Ransomware
A February ransomware attack on fashion label Guess linked to Colonial Pipeline attackers DarkSide is still causing damage. Guess has started sending letters to 1,300 employees and contractors who had their personal and banking data exposed during the breach. The letter, published by...
Phishing Attack Prevention — How to Spot, What Should Do❓ | Wallarm
Phishing Attack Prevention — How to Spot, What Should Do❓ No business, small or large, is impervious to phishing attacks. In fact, some of the largest-scale attacks have been on renowned multi-million dollar corporations. Fortunately, there is a light at the end of the tunnel. It is possible to...
Small Businesses Tapping COVID-19 Loans Hit with Data Exposure
A data breach at the agency in charge of providing financial relief to small businesses during the COVID-19 crisis may have exposed sensitive information of 8,000 business that applied, and may delay payouts, a government official said. The Small Business Administration SBA, which oversees the...