Malwarebytes Unpacked - RSS Feed

The Security Blog From Malwarebytes

Latest articles

Sysrv botnet is out to mine Monero on your Windows and Linux servers

In a Twitter thread, the Microsoft Security Intelligence team have revealed new information about the latest versions of the Sysrv botnet. The variant they focused on uses a range of known exploits for vulnerabilities in web apps and databases to install cryptocurrency miners on both Windows and Linux systems. Background ...

Car owners warned of another theft-enabling relay attack

Tesla owners are no strangers to seeing reports of cars being tampered with outside of their control. Back in 2021, a zero-click exploit aided a drone in taking over the car’s entertainment system. In 2016, we had a brakes and doors issue. 2020 saw people rewriting key-fob firmware via Bluetooth. Andin January this year, a teen claimed he had managed...

Update now! Apple patches zero-day vulnerability affecting Macs, Apple Watch, and Apple TV

Apple has released security updates for a zero-day vulnerability that affects multiple products, including Mac, Apple Watch, and Apple TV. The flaw is an out-of-bounds write issue—tracked as CVE-2022-22675—in AppleAVD, a decoder that handles specific media files. An out-of-bounds write or read flaw makes it possible to manipulate...

Gmail-linked Facebook accounts vulnerable to attack using a chain of bugs—now fixed

A security researcher has disclosed how he chained together multiple bugs in order to take over Facebook accounts that were linked to a Gmail account. Youssef Sammouda states it was possible to target all Facebook users but that it was more complicated to develop an exploit, and using Gmail was actually enough to demonstrate the impact of...

Long lost @ symbol gets new life obscuring malicious URLs

Threat actors have rediscovered an old and little-used feature of web URLs, the innocuous @ symbol we usually see in email addresses, and started using it to obscure links to their malicious websites. Researchers from Perception Point noticed it being used in a cyberattack against multiple organization recently. While the attackers are still...

AirTag stalking: What is it, and how can I avoid it?

More voices are being raised against the use of everyday technology repurposed to attack and stalk people. Most recently, it’s reported that Ohio has proposed a new bill in relation to electronic tagging devices. The bill, aimed at making short work of a loophole allowing people with no stalking or domestic violence record to use tracking...

“Look what I found here” phish targets Facebook users

Facebook-themed messages are a frequent source of bogus links from both spam and compromised accounts. Whether you receive the messages via SMS, the Messenger app, or just inside regular web chat, it pays to be careful. A wide variety of attacks use bogus messages as their launchpad, and the risk of account compromise is ever-present. Phishing is not...

Why MRG-Effitas matters to SMBs

When selecting the right cybersecurity vendor to protect their operations, small- and medium-sized businesses (SMBs) can lean on several third-party research organizations that analyze which cybersecurity products can best prevent, detect, and clean up various types of cyberattacks today. But these tests can sometimes assume a level of end-user...

How COVID-19 fuelled a surge in malware

2021 saw a massive surge in detections of malware, adware, and Potentially Unwanted Programs (PUPs). It didn’t matter what the computers were used for or what operating system they ran—across business and home computers, on Windows and on Mac, detections went up, enormously. Detections of malware on Windows business machines were 143% higher...

Fake reCAPTCHA forms dupe users via compromised WordPress sites

Researchers at Sucuri investigated a number of WordPress websites complaining about unwanted redirects and found websites that use fake CAPTCHA forms to get the visitor to accept web push notifications. These websites are a new wave of a campaign that leverages many compromised WordPress sites. CAPTCHA CAPTCHA (“Completely Automated...

Discover, share and read the best on the web

Follow RSS Feeds, Blogs, Podcasts, Twitter searches, Facebook pages, even Email Newsletters! Get unfiltered news feeds or filter them to your liking.

Get Inoreader
Inoreader - Follow RSS Feeds, Blogs, Podcasts, Twitter searches, Facebook pages, even Email Newsletters!