News, Tips, Security Lab
TrickBot Members Sanctioned By U.S. and UK
US and UK law enforcements imposed sanctions against 7 members of a cybercrime gang that stands after TrickBot malware, including…
Hackers Published an Exploit for a Dangerous Vulnerability in GoAnywhere MFT
Hackers published on the network an exploit for a zero-day vulnerability that is actively used in the GoAnywhere MFT administration…
ESXiArgs Ransomware Launches Massive Attacks on VMware ESXi Servers
Hosting providers and the French CERT warn that more than 3,200 VMware ESXi servers were compromised by the new ESXiArgs…
IceBreaker Backdoor Emerged, Exploiting New Phishing Way
A new player has appeared in cyberspace, with surprisingly new methods. A previously unknown group attacked gambling and online gaming…
Dangerous RCE Vulnerability in GTA Online Fixed
Rockstar Games has finally released a patch for a dangerous RCE vulnerability in GTA Online that allowed loss of game…
Hackers used Firefox extension to hack Gmail
Proofpoint discovered a campaign in which hackers used a Firefox extension to hack Gmail. The attacks were linked to the Chinese group TA413. According to the researchers, the campaign was…
In LastPass for Android found seven built-in trackers
German cybersecurity expert Mike Kuketz noticed that the LastPass Android app has seven trackers that monitor users. The researcher builds his findings on the report of the non-profit organization Exodus,…
For old school lovers: WACUP has fixed many bugs in Winamp
Bleeping Computer drew attention to an interesting project WACUP, which fixed bugs in the old school and nostalgic player Winamp. The Winamp Community Update Project (WACUP) is run by former…
A special version of Flash for China turned into adware
Many users and cybersecurity specialists have discovered that a special version of Flash for China has turned into adware. As you know, at the beginning of 2021, support for Adobe…
Clubhouse user dialogs leaked to a third-party site
The social network Clubhouse said that the dialogs of some of its users, who were in a closed room, leaked to a third-party site. The reason for this was a…
Discovery of XSS vulnerability on iCloud website brought expert $5,000
Vishal Bharad, an Indian bug hunter and pentester, explained in a blog post, how he discovered an XSS vulnerability on iCloud.com. Initially, the researcher searched the site for vulnerabilities related…
Microsoft: SolarWinds Hackers Stole Source Codes of Azure, Exchange and Intune Components
Microsoft experts announced that they have completed an official investigation of the attack, and told what exactly SolarWinds hackers were able to steal. The company reiterated that it was found…
Netherlands police posted warnings on hacker forums
The Netherlands police posted warnings on popular Russian and English hacker forums (RaidForums and XSS), stating that “the deployment of criminal infrastructure in the Netherlands is hopeless.” The messages were…
Vulnerability in WebKit engine could redirect iOS and macOS users to scam sites
Confiant experts report that malicious ads have been abusing a zero-day vulnerability in WebKit browsers engine (CVE-2021-1801) since last year, and although the patches were released in early February, attacks…
Microsoft Says Over 1,000 Developers Worked on SolarWinds Attack
In an interview with CBSNews, Microsoft President Brad Smith said the recent attack on SolarWinds was “the largest and most sophisticated he has ever seen.” According to him, the analysis…
Telegram for macOS did not delete self-destructing videos
Telegram developers have fixed a bug due to which self-destructing audio and video were not removed from devices running macOS. Let me remind you that in the secret chat mode,…
Microsoft warns of growing number of cyberattacks using web shells
Microsoft has warned of an increase of cyberattacks using web shells. Cybercriminals often use web shells to secure their presence on compromised networks. Compared to last year, the average monthly…