Security
Headlines
HeadlinesLatestCVEs

Tag

#google

ALPHV squeezes victim with dedicated leak site for employees and customers

ALPHV, also known as BlackCat, created a leak site on the regular web, betting it can squeeze money out of victims faster than a dark web site. The post ALPHV squeezes victim with dedicated leak site for employees and customers appeared first on Malwarebytes Labs.

Malwarebytes
Open in Source
#web#google#microsoft#sap
Researchers Uncover 'Hermit' Android Spyware Used in Kazakhstan, Syria, and Italy

An enterprise-grade surveillanceware dubbed Hermit has been put to use by entities operating from within Kazakhstan, Syria, and Italy over the years since 2019, new research has revealed. Lookout attributed the spy software, which is equipped to target both Android and iOS, to an Italian company named RCS Lab S.p.A and Tykelab Srl, a telecom services provider which it suspects to be a front

GHSA-3jch-9qgp-4844: Generated code can read and write out of bounds in safe code

Code generated by flatbuffers' compiler is `unsafe` but not marked as such. See https://github.com/google/flatbuffers/issues/6627 for details. All users that use generated code by `flatbuffers` compiler are recommended to: 1. not expose flatbuffer generated code as part of their public APIs 2. audit their code and look for any usage of `follow`, `push`, or any method that uses them (e.g. `self_follow`). 3. Carefuly go through the crates' documentation to understand which "safe" APIs are not intended to be used.

CVE-2022-26173: JForum2 / Wiki / NewFeatures281

JForum v2.8.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via http://target_host:port/jforum-2.8.0/jforum.page, which allows attackers to arbitrarily add admin accounts.

Internet Explorer Now Retired but Still an Attacker Target

Though the once-popular browser is officially now history as far as Microsoft support goes, adversaries won't stop attacking it, security experts say.

BlastWave Announces Enhancements to Its Zero-Trust Security Software Solution, BlastShield

Update allows BlastShield users to link with hybrid cloud network providers like AWS, Google, and the most recent addition, Azure, in one secure environment.

Play Store Apps Caught Spreading Android Malware to Millions

By Deeba Ahmed The apps were loaded with info-stealing malware that can extract victims’ Facebook credentials and download other software, etc.… This is a post from HackRead.com Read the original post: Play Store Apps Caught Spreading Android Malware to Millions

Android Spyware 'Hermit' Discovered in Targeted Attacks

The commercial-grade surveillance software initially was used by law enforcement authorities in Italy in 2019, according to a new report.

RSAC Startup Competition Focuses on Post-Cloud IT Infrastructure

A secure Web browser takes the top prize, and for the second year in a row malware detection is an afterthought.

Photos of kids taken from spyware-ridden phones found exposed on the internet

TheTruthSpy is an app programmed to siphon out photos, locations and more from smartphones. The post Photos of kids taken from spyware-ridden phones found exposed on the internet appeared first on Malwarebytes Labs.