Malwarebytes on Tuesday said it was breached by the same group who broke into SolarWinds to access some of its internal emails, making it the fourth major cybersecurity vendor to be targeted after FireEye, Microsoft, and CrowdStrike.
At the time of discovery, the unsecured Microsoft Azure Blob contained 12,464 images, PDF documents, and email messages presumably sent by the exposed workers to Nohow International.
Opening a website with an embedded YouTube video potentially allowed miscreants to access a user’s viewing history, favorites, and playlists.
The security bug – which earned a modest $1,337 bounty from Google – was uncovered by security researcher David Schutz, who went public with his findings earlier this week through a detailed technical blog post.
These buffer overflow or invalid dereference vulnerabilities "could trigger either a crash of VLC or an arbitrary code execution with the privileges of the target user."
Vulnerabilities found in multiple video conferencing mobile applications allowed attackers to listen to users' surroundings without permission before the person on the other end picked up the calls.
The logic bugs were found by Google Project Zero security researcher Natalie Silvanovich in the Signal, Google Duo, Facebook Messenger, JioChat, and Mocha messaging apps and are now all fixed.
Cyber-security firm Symantec said it identified another malware strain that was used during the SolarWinds supply chain attack, bringing the total number to four, after the likes of Sunspot, Sunburst (Solorigate), and Teardrop.
At least 28 backdoor accounts and several other vulnerabilities have been discovered in the firmware of a popular FTTH ONT router, widely deployed across South America and Southeast Asia.
Cybersecurity researchers have disclosed a series of attacks by a threat actor of Chinese origin that has targeted organizations in Russia and Hong Kong with malware — including a previously undocumented backdoor.
Thirty five percent of breaches were linked to ransomware attacks, resulting in tremendous financial cost, while 14 per cent of breaches were the result of email compromises, according to an analysis of breach data by cyber exposure company Tenable’s Security Response Team (SRT) from January through October last year.
Malware authors have been widely adopting open source security tools for cybercrime operations. Recently, Recorded Future released a report on the use of malicious C&C infrastructure throughout 2020 by tracking more than 10,000 C&C servers across more than 80 malware strains.