HackDig : Dig high-quality web security articles

Warning for WordPress admins: uninstall the Modern WPBakery plugin immediately!

WordPress admins are being warned to remove a buggy plugin or risk a total site takeover. This particular threat relates to a plugin which is no longer in use: Modern WPBakery page builder addons. The vulnerability in the plugin, known as CVE-2021-24284, allows “unauthenticated arbitrary file upload via the ‘uploadFontIcon’ AJAX action&#
Publish At:2022-07-19 11:52 | Read:250625 | Comments:0 | Tags:Malwarebytes news compromise CVE exploit hijack JavaScript m

Apple Lockdown Mode helps protect users from spyware

Apple has announced a new feature of iOS 16 called Lockdown Mode. This new feature is designed to provide a safer environment on iOS for people at high risk of what Apple refers to as “mercenary spyware.” This includes people like journalists and human rights advocates, who are often targeted by oppressive regimes using malware like NSO Groups
Publish At:2022-07-07 11:52 | Read:331909 | Comments:0 | Tags:Malwarebytes news

IconBurst software supply chain attack offers malicious versions of NPM packages

Researchers discovered evidence of a widespread software supply chain attack involving malicious Javascript packages offered via the npm package manager. The threat actors behind the IconBurst campaign used typosquatting to mislead developers looking for very popular packages. npm npm is short for Node package manager, a name that no longer covers the
Publish At:2022-07-06 11:52 | Read:491360 | Comments:0 | Tags:Malwarebytes news npm obfuscated pubg supply chain attack ty

CISA Log4Shell warning: Patch VMware Horizon installations immediately

CISA and the United States Coast Guard Cyber Command (CGCYBER) are warning that the threat of Log4Shell hasn’t gone away. It’s being actively exploited and used to target organisations using VMware Horizon and Unified Access Gateway servers. Log4Shell: what is it? Log4Shell was a zero-day vulnerability in something called Log4j. This open s
Publish At:2022-06-27 07:53 | Read:214843 | Comments:0 | Tags:Exploits and vulnerabilities Malwarebytes news exploit log4s

Introducing Malwarebytes Vulnerability Assessment for OneView: How to check for Common Vulnerabilities and Exposures (CV

Malwarebytes is happy to announce our Vulnerability Assessment module for OneView, our multi-tenant console where you can manage Malwarebytes Nebula accounts, subscriptions, invoicing, and integrations.  This module enables our MSPs to scan, identify, and assess vulnerabilities in customers’ digital ecosystems using our single lightweight agent.  
Publish At:2022-06-14 09:02 | Read:176246 | Comments:0 | Tags:Malwarebytes news CVE MSP vulnerability Vulnerability

Unknown APT group has targeted Russia repeatedly since Ukraine invasion

An unknown Advanced Persistent Threat (APT) group has targeted Russian government entities with at least four separate spear phishing campaigns since late February, 2022. The campaigns, discovered by the Malwarebytes Threat Intelligence team, are designed to implant a Remote Access Trojan (RAT) that can be used to surveil the computers it infects, and run
Publish At:2022-05-24 05:03 | Read:228687 | Comments:0 | Tags:Malwarebytes news

Why you should act like your CEO’s password is “querty”

A poor password at the highest levels of an organisation can cost a company millions in losses. Recent findings show that half of IT leaders store passwords in shared documents. On top of that, it seems that folks at executive level are not picking good passwords either. Researchers from NordPass combed through a large list of CEO and business owner breac
Publish At:2022-05-20 16:57 | Read:236584 | Comments:0 | Tags:Malwarebytes news animals breach c level CEO executive explo

How iPhones can run malware even when they’re off

Most people think that turning off their iPhone – or letting the battery die – means that the phone is, well, off. The thing is, this isn’t quite true. In reality, most of the phone’s functionality has ended, but there are components that mindlessly continue a zombie-like existence, for the most part unbeknownst to the user. Even w
Publish At:2022-05-19 12:59 | Read:152758 | Comments:0 | Tags:Malwarebytes news BLE FindMy iPhone malware

Why MRG-Effitas matters to SMBs

When selecting the right cybersecurity vendor to protect their operations, small- and medium-sized businesses (SMBs) can lean on several third-party research organizations that analyze which cybersecurity products can best prevent, detect, and clean up various types of cyberattacks today. But these tests can sometimes assume a level of end-user complexity
Publish At:2022-05-16 12:59 | Read:533440 | Comments:0 | Tags:Malwarebytes news 360° Assessment Malwarebytes MITRE MRG-Eff

Call of Duty cheats can expect embarrassment with new anti-cheat feature

In-game cheats are about to have an even harder time of things in triple AAA titles such as Call of Duty. Activision’s “Ricochet” software – a kernel level driver anti-cheat system – has added another twist to the tale of how players are protected via a new system called “Cloaking”. Making all new punishments fit the crime Anti-cheat softwa
Publish At:2022-04-28 12:48 | Read:428300 | Comments:0 | Tags:Malwarebytes news anti-cheat call of duty cloaking damage sh

Malwarebytes Evaluation of the MITRE ENGENUITY ATT&CK Round 4 Emulations 

p>The results of the MITRE Engenuity ATT&CK Evaluation of the Wizard Spider and Sandworm adversaries were officially released1 last week. We are very proud of the Malwarebytes EDR results in the MITRE Engenuity test, which are the direct reflection of a relentless core EDR team and the learnings from participation in prior MITRE Engenuity testing rounds.
Publish At:2022-04-12 21:04 | Read:401635 | Comments:0 | Tags:Malwarebytes news

MITRE ATT&CK® Evaluation results: Malwarebytes’ efficiency, delivered simply, earns high marks

p>Cybersecurity can be complex work, as security teams need to regularly decipher and prioritize alerts, protect against daily threats, and possibly implement product configuration changes, all while staying abreast of the latest intelligence on new and evolving threats. For organizations that lack fully staffed, internal security teams, or sometimes even on
Publish At:2022-04-01 00:59 | Read:176345 | Comments:0 | Tags:Malwarebytes news Alert Quality Analytic Coverage EDR EDR pl

Phishers make a date with your calendar apps

p>Calendars are a rich source of bad behaviour for scammers and spammers. They’re one of the most prolific tools the workplace has for collaborative actions and general cross-purpose messaging. They’ve been misused by bad actors for many years now, most commonly spamming unwary potential victims and leading them to bad times ahead. A brief history of cale
Publish At:2022-03-31 16:43 | Read:152784 | Comments:0 | Tags:Malwarebytes news calendar calendly microsoft phish phishing

Ukraine shuts down disinformation bot farm

p>Given current world events, there’s an incredible amount of misinformation and disinformation around at the moment. Whether we’re talking 5G, the pandemic, vaccines, or invasions, there’s a lot out there. One of the biggest problems where bad information placed online is concerned is bot farms. A huge army of automated accounts sowing seeds of doubt and
Publish At:2022-03-31 05:35 | Read:183210 | Comments:0 | Tags:Malwarebytes news Bot bot farm disinformation farm farming l

Valorant cheats on YouTube are actually information-stealing malware

Valorant, the popular free-to-play team based shooter, is attracting the attention of scammers. It’s reported that a malware distribution campaign is leveraging YouTube to push infection files. The campaign distributes a file known for password theft, and hunts for those passwords in browsers, cookies, a variety of cryptocurrency wallets, VPN clients, and ma
Publish At:2022-03-16 08:51 | Read:494185 | Comments:0 | Tags:Malwarebytes news aim-bot cheat comments discord fake scam v

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud