Tag
Categories: Podcast This week on Lock and Code, we revisit an earlier conversation with a Bay Area teenager about the hardest parts about growing up online. (Read more...) The post Re-air: What teenagers face growing up online: Lock and Code S04E19 appeared first on Malwarebytes Labs.
A new malware loader called HijackLoader is gaining traction among the cybercriminal community to deliver various payloads such as DanaBot, SystemBC, and RedLine Stealer. "Even though HijackLoader does not contain advanced features, it is capable of using a variety of modules for code injection and execution since it uses a modular architecture, a feature that most loaders do not have," Zscaler
Categories: Personal Tags: google Tags: chrome Tags: website Tags: API Tags: Topics Tags: tracking Tags: ads Tags: adverts Tags: cookies We take a look at a Chrome popup related to Topics API, which you may be seeing in the near future. (Read more...) The post Chrome's "Enhanced Ad Privacy": What you need to know appeared first on Malwarebytes Labs.
Plus: Apple patches newly discovered flaws exploited by NSO Group spyware, North Korean hackers target security researchers, and more.
Spyware masquerading as modified versions of Telegram have been spotted in the Google Play Store that’s designed to harvest sensitive information from compromised Android devices. According to Kaspersky security researcher Igor Golovin, the apps come with nefarious features to capture and exfiltrate names, user IDs, contacts, phone numbers, and chat messages to an actor-controlled server. The
A legitimate Windows tool used for creating software packages called Advanced Installer is being abused by threat actors to drop cryptocurrency-mining malware on infected machines since at least November 2021. "The attacker uses Advanced Installer to package other legitimate software installers, such as Adobe Illustrator, Autodesk 3ds Max, and SketchUp Pro, with malicious scripts and uses
hutool v5.8.21 was discovered to contain a buffer overflow via the component JSONUtil.parse().
Event Ticketing System version 1.0 suffers from a cross site scripting vulnerability.
Drupal version 10.1.2 appears to suffer from web cache poisoning due to a server-side request forgery vulnerability.
TECHView LA5570 Wireless Gateway version 1.0.19_T53 suffers from directory traversal, privilege escalation, and information disclosure vulnerabilities.