Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

Malwarebytes wins every MRG Effitas award for 2 years in a row

ThreatDown has earned 37/37 awards over nine consecutive quarters.

Malwarebytes
Open in Source
#vulnerability#web#mac#botnet#zero_day
Why is the cost of cyber insurance rising?

Cyber insurance premiums are expected to rise this year after leveling out in 2023.

Using Google Search to Find Software Can Be Risky

Google continues to struggle with cybercriminals running malicious ads on its search platform to trick people into downloading booby-trapped copies of popular free software applications. The malicious ads, which appear above organic search results and often precede links to legitimate sources of the same software, can make searching for software on Google a dicey affair.

Debian Security Advisory 5605-1

Debian Linux Security Advisory 5605-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.

SystemBC Malware's C2 Server Analysis Exposes Payload Delivery Tricks

Cybersecurity researchers have shed light on the command-and-control (C2) server of a known malware family called SystemBC. "SystemBC can be purchased on underground marketplaces and is supplied in an archive containing the implant, a command-and-control (C2) server, and a web administration portal written in PHP," Kroll said in an analysis published last week. The risk and

QR Code Phishing Soars 587%: Users Falling Victim to Social Engineering Scams

By Deeba Ahmed QR Code Phishing has surged by a staggering 587%, with scammers exploiting it to steal login credentials and deploy malware. This is a post from HackRead.com Read the original post: QR Code Phishing Soars 587%: Users Falling Victim to Social Engineering Scams

How a Group of Israel-Linked Hackers Has Pushed the Limits of Cyberwar

From repeatedly crippling thousands of gas stations to setting a steel mill on fire, Predatory Sparrow’s offensive hacking has now targeted Iranians with some of history's most aggressive cyberattacks.

Opteev MachineSense FeverWarn

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: MachineSense LLC. Equipment: MachineSense FeverWarn Vulnerabilities: Missing Authentication for Critical Function, Use of Hard-coded Credentials, Improper Access Control, OS Command Injection, Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to obtain user data from devices, execute remote code on devices, or gain control over devices to perform malicious actions. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following components of the FeverWarn ecosystem, an IoT-based skin temperature scanning system, are affected: FeverWarn: ESP32 FeverWarn: RaspberryPi FeverWarn: DataHub RaspberryPi 3.2 Vulnerability Overview 3.2.1 Missing Authentication for Critical Function CWE-306 The cloud provider MachineSense uses for integration and deployment for multiple MachineSense devi...

LODEINFO Fileless Malware Evolves with Anti-Analysis and Remote Code Tricks

Cybersecurity researchers have uncovered an updated version of a backdoor called LODEINFO that's distributed via spear-phishing attacks. The findings come from Japanese company ITOCHU Cyber & Intelligence, which said the malware "has been updated with new features, as well as changes to the anti-analysis (analysis avoidance) techniques." LODEINFO (versions 0.6.6 and 0.6.7

China-backed Hackers Hijack Software Updates to Implant "NSPX30" Spyware

A previously undocumented China-aligned threat actor has been linked to a set of adversary-in-the-middle (AitM) attacks that hijack update requests from legitimate software to deliver a sophisticated implant named NSPX30. Slovak cybersecurity firm ESET is tracking the advanced persistent threat (APT) group under the name Blackwood. It's said to be active since at least 2018. The NSPX30