The technology sector was also the most likely targeted industry for brand phishing attacks, according to Check Point's latest report on brand phishing.Microsoft bumped Amazon and Google to place first for the brand most imitated by cybercriminals in phishing attacks that go after individuals' account credentials and payment information, according to Check P

VulnerableThings.com is intended to help vendors meet the terms of a host of new international IoT security laws and regulations.A new online platform for IoT vendors to use in receiving, assessing, managing, and mitigating vulnerabilities and reports has been launched by the IoT Security Foundation (IoTSF). The new platform, VulnerableThings.com, is intende

The Trojan once used in attacks against Windows systems has been transformed into a multiplatform tool targeting macOS and Android.Researchers have identified GravityRAT, a spying remote access Trojan (RAT) known to target devices in India, in an attack campaign against Android and MacOS devices. The activity was still ongoing at the time their findings were

#!/usr/bin/env bash# Exploit Title: HiSilicon video encoders - unauthenticated file disclosure via path traversal# Date: 2020-09-20# Exploit Author: Alexei Kojenov# Vendor Homepage: https://www.szuray.com/# Software Link: N/A# Version: up to 1.97# Tested on: Linux# CVE: CVE-2020-24219# Vendors: URayTech# Reference: https://kojenov.com/2020-09-15-hisilicon-en

### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking prepend Msf::Exploit::Remote::AutoCheck include Msf::Exploit::Remote::HttpClient include Msf::Exploit::ViewState include Msf::Exploit::CmdStager in

The U.S. Department of Justice on Monday announced charges against six Russian intelligence officers for their alleged role in several major cyberattacks conducted over the past years.The defendants are Yuriy Sergeyevich Andrienko, aged 32, Sergey Vladimirovich Detistov, 35, Pavel Valeryevich Frolov, 28, Anatoliy Sergeyevich Kovalev, 29, Artem Valeryevich Oc

The email from a political action committee seemed harmless: if you support Joe Biden, it urged, click here to make sure you’re registered to vote.But Harvard University graduate student Maya James did not click. Instead, she Googled the name of the soliciting PAC. It didn’t exist -- a clue the email was a phishing scam from swindlers trying to exploit the U

Kaspersky security researchers have identified versions of the GravityRAT spyware that are targeting Android and macOS devices.Initially detailed in 2018, the RAT was previously employed in attacks targeting the Indian military, as part of a campaign that is believed to have been active since 2015. Targeting Windows systems, the tool has mainly been used for

The botnet has taken some hits lately, but that doesn't mean the threat is over. Here are some steps you can take to keep it from your door. The last few weeks have been rough for the operators of the Trickbot botnet, a malware-as-a-service operation, who are facing coordinated attacks from both the US Cyber Command and Microsoft, with the aid of a number of

Last week on Malwarebytes Labs, we looked at journalism’s role in cybersecurity on our Lock and Code podcast, gave tips for safer shopping on Amazon Prime day, and discussed an APT attack springing into life as Academia returned to the real and virtual campus environment. We also dug into potential FIFA 21 scams, the return of QR code scams, Covid fatigue, a

A vulnerability has been discovered in Google's GPS navigation software app Waze that lets hackers identify and track users. Autoevolution.com reports that the flaw was discovered by security engineer Peter Gasper. When using the app's web interface, Gasper discovered that he could request the Waze API to display not only his coor

Social media app Instagram is being investigated by the EU for allegedly failing to protect the privacy of children's data. Instagram's alleged data mishandling allowed the email addresses and phone numbers of children aged under 18 to become visible to other users of the platform. Facebook, which owns the social media app, has denied

A Mississippi school district has voted to pay $300,000 to recover files that were encrypted during a suspected ransomware attack.A federal investigation was launched after threat actors accessed Yazoo County School District’s information technology system without authorization. Superintendent Dr. Ken Barron told WLBT news that the schoo

Microsoft removed a Windows 10, version 2004 compatibility hold blocking devices with certain WWAN LTE modems from upgrading to the latest Windows version.Safeguard holds (also known as compatibility holds) are added by Microsoft based on known issues and diagnostic data to delay Windows upgrades on affected devices and to protect the end-user

GravityRAT, a malware strain known for checking the CPU temperature of Windows computers to detect virtual machines or sandboxes, is now multi-platform spyware as it can now also be used to infect Android and macOS devices.The GravityRAT Remote Access Trojan (RAT) has been under active development by what looks like Pakistani hacker groups&nbs