Google addressed a high-severity zero-day Chrome vulnerability actively exploited in the wild, it is the fourth zero-day patched in 2022. Google has released Chrome 103.0.5060.114 for Windows to fix a high-severity zero-day Chrome vulnerability, tracked as CVE-2022-2294, which is actively exploited in the wild. The flaw is a heap buffer overflow that r

The threat actor behind the lesser-known AstraLocker ransomware told BleepingComputer they're shutting down the operation and plan to switch to cryptojacking.The ransomware's developer submitted a ZIP archive with AstraLocker decryptors to the VirusTotal malware analysis platform.BleepingComputer downloaded the archive and confirmed that the decryptors

Google has released Chrome 103.0.5060.114 for Windows users to address a high-severity zero-day vulnerability exploited by attackers in the wild, the fourth Chrome zero-day patched in 2022."Google is aware that an exploit for CVE-2022-2294 exists in the wild.," the browser vendor explained in a security advisory published on Monday.The 103.0.5060.1

Image: Xiangkun ZHU/BleepingComputerAn anonymous threat actor is selling several databases they claim to contain more than 22 terabytes of stolen information on roughly 1 billion Chinese citizens for 10 bitcoins (approximately $195,000).The announcement was posted on a hacker forum by someone using the handle 'ChinaDan,' saying that the information was

The development team behind the Django Project has addressed a high-severity SQL Injection flaw in its framework. Django is a free and open-source, Python-based web framework that follows the model–template–views (MTV) architectural pattern. Django is maintained by the independent organization Django Software Foundation. The latest releases of the

The Django project, an open source Python-based web framework has patched a high severity vulnerability in its latest releases.Tracked as CVE-2022-34265, the potential SQL Injection vulnerability exists in Django's main branch, and versions 4.1 (currently in beta), 4.0, and 3.2. New releases and patches issued tod

British Army's Twitter and YouTube accounts were hacked and altered to promote online crypto scams sometime yesterday.Notably, the army's verified Twitter account began displaying fake NFTs and bogus crypto giveaway schemes.The YouTube account was seen airing "Ark Invest" live streams featuring an older Elon Musk clip to mislead users into visiting

Last week on Malwarebytes Labs: Ransomware review: June 2022AstraLocker 2.0 ransomware isn’t going to give you your files backYTStealer targets YouTube content creatorsZuoRAT is a sophisticated malware that mainly targets SOHO routersAmazon Photos vulnerability could have given attackers access to user files and dataCriminals are applying for remote work

In the Godfather Part II, Michael Corleone says, “There are many things my father taught me here in this room. He taught me: keep your friends close, but your enemies closer.” This lesson Vito Corleone taught his son Michael is just as applicable to IT security configuration management (SCM).Faster breach detectionToday’s cyber threat landscape is extremely

Bug bounty platform HackerOne disclosed that a former employee improperly accessed security reports submitted to claim additional bounties The vulnerability coordination and bug bounty platform HackerOne disclosed that a former employee improperly accessed security reports submitted by white-hat hackers to claim additional bounties. The investigation s

US Critical Infrastructure Security Agency (CISA) adds CVE-2022-26925 Windows LSA flaw to its Known Exploited Vulnerabilities Catalog. In May the US CISA removed the CVE-2022-26925 Windows LSA vulnerability from its Known Exploited Vulnerabilities Catalog due to Active Directory (AD) certificate authentication problems observed after the installation of M

The Threat Report Portugal: Q2 2022 compiles data collected on the malicious campaigns that occurred from March to June, Q2, 2022. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática. This feed is based on automat

Microsoft has introduced a new Microsoft Defender for Endpoint (MDE) feature in public preview to help organizations detect weaknesses affecting Android and iOS devices in their enterprise networks.After enabling the new Mobile Network Protection feature on Android and iOS devices you want to monitor, the enterprise endpoint security platform will provide pr

Kaspersky has launched a new information hub to help with their open-source stalkerware detection tool named TinyCheck, created in 2019 to help people detect if their devices are being monitored.Stalkerware is software explicitly created to spy on people via their smartphones by monitoring their whereabouts, communications, photos, browsing history, and more

The Privacy Protection Authority in Israel seized servers hosting multiple travel booking websites because their operator failed to address security issues that enabled data breaches affecting more than 300,000 individuals.At least 10 websites managed by Gol Tours LTD in Israel have been been shut down following a notification from the agency about fixing th