Credit to Author: Jon Clay| Date: Fri, 28 Jan 2022 00:00:00 +0000
Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, read the third installment of Trend Micro’s Codex series. Also, read about the White House’s latest zero-trust approach to its cybersecurity strategy.
Read moreCredit to Author: Pieter Arntz| Date: Thu, 27 Jan 2022 21:56:12 +0000
 | |
| Apple has patched two zero-day vulnerabilities that were being used in the wild. Users are advised to update as soon as they can. Categories: Exploits and vulnerabilities Tags: IOMobileFrameBufferiOSiPadOSmacOSMonterey |
The post Update now! Apple patches another actively used zero-day appeared first on Malwarebytes Labs.
Read more
Credit to Author: Greg Young| Date: Fri, 28 Jan 2022 00:00:00 +0000
How can CISOs manage remote work security? Explore 3 tips to secure networks, endpoints, and users.
Read moreCredit to Author: Christopher Boyd| Date: Thu, 27 Jan 2022 21:44:42 +0000
 | |
| In one day’s time, Let’s Encrypt will begin revoking a number of mis-issued certificates. Check now if you’re affected Categories: Privacy Tags: certificatesecuritySSLTLSwebsite |
The post Let’s Encrypt to revoke “mis-issued” certificates appeared first on Malwarebytes Labs.
Read more
Credit to Author: Melanie Tafelski| Date: Fri, 28 Jan 2022 00:00:00 +0000
You’ve most likely heard the term “cloud native,” but what does it really mean? This article explores the five requirements of a true cloud native application.
Read moreCredit to Author: Threat Intelligence Team| Date: Thu, 27 Jan 2022 16:20:16 +0000
 | |
| How one of North Korea’s most sophisticated APTs tries to avoid detection by using legitiate tools during its attacks. Categories: Threat Intelligence |
The post North Korea’s Lazarus APT leverages Windows Update client, GitHub in latest campaign appeared first on Malwarebytes Labs.
Read more
In 2021, a team of researchers from Trend Micro Research, TXOne, ADLINK, Alias Robotics, and ZDI looked into the Data Distribution Service (DDS) standard and its implementations from a security angle. The full findings of this research will be presented in the S4X22 Conference in April 2022.
Credit to Author: Pieter Arntz| Date: Thu, 27 Jan 2022 12:17:12 +0000
 | |
| Ransomware attackers are starting to reach out to individuals whose data they have compromised in a breach, asking them to help get the compromised company to pay up. Categories: Ransomware Tags: cisaDark Webexfiltrated dataidentity protectioninsider threatlockbitransomwareschool district |
The post Ransomware gangs are recruiting breached individuals to persuade companies to pay up appeared first on Malwarebytes Labs.
Read more
Credit to Author: Nitesh Surana| Date: Thu, 27 Jan 2022 00:00:00 +0000
Explore how to detect Apache Log4j (Log4Shell) vulnerabilities using cloud-native security tools.
Read moreCredit to Author: Christopher Boyd| Date: Thu, 27 Jan 2022 11:43:49 +0000
 | |
| A researcher discovered a way to gain control of both webcams and any open session in Safari. How did they do it? Categories: Exploits and vulnerabilities Tags: ApplemacOSpopupsafariURIurlUXSS |
The post Apple fixes Mac bug that could have allowed takeover of webcams and browser tabs appeared first on Malwarebytes Labs.
Read more