Last week on Malwarebytes Labs: LinkedIn scams are a “significant threat”, warns FBIDDoS-for-hire service provider jailedInternet Safety Month: 7 tips for staying safe online while on vacationClient-side Magecart attacks still around, but more covertSecurity vulnerabilities: 5 times that organizations got hackedYou can be tracked online using

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of June 20, 2022. I’ve also included some comments on these stories.Over a Dozen Flaws Found in Siemens’ Industrial Network Manag

A researcher has found a way to generate a fingerprint of your device from your installed Google Chrome extensions, and then use that fingerprint to track you online. Fingerprinting is a way of figuring out what makes your device unique and then using that to identify you as you move around the internet. Websites you visit receive a huge amount of informa

Last week on Malwarebytes Labs: Serious vulnerabilities found in ITarian software, patches available for SaaS productsUpdate Chrome now: Four high risk vulnerabilities foundTaking down the IP2Scam tech support campaignDon’t panic! “Unpatchable” Mac vulnerability discoveredIntroducing Malwarebytes Vulnerability Assessment for OneView: How to check for Comm

Users of Chrome have been advised to apply updates as soon as possible related to seven security vulnerabilities. CISA has also warned that the vulnerabilities could be used to take control of affected systems. Although no detailed explanation of how these vulnerabilities work has been released, there is enough out there to encourage users to apply the patch

Last week on Malwarebytes Labs: Update now! Nvidia released fixes for 10 flaws in Windows GPU driversChicago students lose data to ransomware attackersHunting down your data with Whitney Merrill: Lock and Code S03E11Unknown APT group has targeted Russia repeatedly since Ukraine invasionZero-day vulnerabilities in Chrome and Android exploited by commercial

If you’re on the hunt for cracked software or games, be warned. Rogue ISO archive files are looking to infect your systems with ChromeLoader. If you think campaigns such as this only target Windows users, you’d sadly be very much mistaken. The attack sucks in several operating systems and even uses mobiles as bait to draw in additional victims. Of PowerSh

Google has announced an update for the Chrome browser that includes 32 security fixes. The severity rating for one of the patched vulnerabilities is Critical. The stable channel was promoted to 102.0.5005.61/62/63 for Windows, and 102.0.5005.61 for Mac and Linux. Critical Google rates vulnerabilities as critical if they allow an attacker to run arbi

Threat actors have rediscovered an old and little-used feature of web URLs, the innocuous @ symbol we usually see in email addresses, and started using it to obscure links to their malicious websites. Researchers from Perception Point noticed it being used in a cyberattack against multiple organization recently. While the attackers are still unknown, Perc

Last week on Malwarebytes Labs: How to spot the signs of a virtual kidnap scamVirtual credit cards coming to Chrome: What you need to knowClearview AI banned from selling facial recognition data in the USCyberattacks on SATCOM networks attributed to Russian threat actorsF5 BIG-IP vulnerability is now being used to disable serversCollege closes down after

When you’re buying things online, reducing the exposure of payment details during transactions is one way to help reduce the risk of data theft. If you can hide this payment data and switch it out for something else entirely, even better. Google is proposing to do just that for customers in the US, with recently announced plans to offer a virtual cr

Microsoft has released patches for 74 security problems, including fixes for seven “critical” vulnerabilities, and an actively exploited zero-day vulnerability that affects all supported versions of Windows. First, we’ll look at the actively exploited zero-day. Then we’ll discuss two zero-days that are publicly disclosed, but so far no in the

The German Sparkasse bank has launched a browser that is especially designed to do your online banking. The browser called S-Protect is available for macOS and Windows users. The idea is interesting, since having a separate browser for banking can certainly add an extra layer of security. Separate browsers Unfortunately there is a low correlation fa

h2>Google Chrome 100.0.4896.127 addresses a new high-severity zero-day vulnerability tracked as CVE-2022-1364, actively exploited by threat actors in the wild. Google has released Chrome 100.0.4896.127 for Windows, Mac, and Linux to address a high-severity zero-day, tracked as CVE-2022-1364, that is actively exploited by threat actors in attacks. The C

p>It’s that time of the month again. Time to check what needs to be updated and prioritize where necessary. The Microsoft updates include at least two zero-day vulnerabilities that deserve your attention. Microsoft Microsoft has released security updates and non-security updates for client and server versions of its Windows operating system and other c