Credit to Author: Angela Gunn| Date: Thu, 14 Jul 2022 08:01:51 +0000
Ngrok is a legitimate remote-access tool. It is regularly abused by attackers, who use its capabilities and reputation to maneuver while bypassing network protections. This incident guide shows Security Operations Centers (SOCs) and response teams how to detect and respond to the suspicious presence or use of ngrok on the network.
Read moreCredit to Author: Marcin Kleczynski| Date: Wed, 13 Jul 2022 21:16:17 +0000
2022 is shaping up to be another banner year for ransomware, which continued to dominate the threat landscape in Q2.
The post Ransomware rolled through business defenses in Q2 2022 appeared first on Malwarebytes Labs.
Read more
Explore the need for going beyond built-in Microsoft 365 and Google Workspace security based on email threats detected in 2021.
Credit to Author: Emma Jones| Date: Wed, 13 Jul 2022 17:00:00 +0000
Competition for talent has increased pressure to lead in the digital space, and business decisions now weigh user experience for employees heavily among costs and benefits. Workers insist on experiences that mirror their personal experience, often on their own device.
The post Microsoft recognized as a Leader in UEM Software 2022 IDC MarketScape reports appeared first on Microsoft Security Blog.
Read more
Credit to Author: Paul Ducklin| Date: Wed, 13 Jul 2022 16:46:14 +0000
Last time they arrived 28 minutes after lighting up their fake domain… this time it was just 21 minutes
Read moreCredit to Author: Threat Intelligence Team| Date: Wed, 13 Jul 2022 16:17:09 +0000
While the war in Ukraine still rages, various threat actors continue to launch cyber attacks against its government entities. In this blog we review the latest campaign from the UAC-0056 threat group.
The post Cobalt Strikes again: UAC-0056 continues to target Ukraine in its latest campaign appeared first on Malwarebytes Labs.
Read moreCredit to Author: Paul Oliveria| Date: Wed, 13 Jul 2022 16:00:00 +0000
Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system. We shared these findings with Apple, and fix for this vulnerability, now identified as CVE-2022-26706, was included in the security updates on May 16, 2022.
The post Uncovering a macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706 appeared first on Microsoft Security Blog.
Read moreCredit to Author: Christopher Boyd| Date: Wed, 13 Jul 2022 15:09:44 +0000
We take a look at warnings of malware-infested WhatsApp downloads offered outside of the Google Play store.
The post WhatsApp warns users: Fake versions of WhatsApp are trying to steal your personal info appeared first on Malwarebytes Labs.
Read more
Credit to Author: Varsha Bansal| Date: Tue, 12 Jul 2022 17:01:51 +0000
Nonprofit donors had their information given to law enforcement without consent, highlighting limited data protections in the world’s largest democracy.
Read moreCredit to Author: Pieter Arntz| Date: Wed, 13 Jul 2022 12:21:53 +0000
July’s Patch Tuesday gives us a lot of important security updates. Most prominently, a known to be exploited vulnerability in Windows CSRSS.
The post Update now—July Patch Tuesday patches include fix for exploited zero-day appeared first on Malwarebytes Labs.
Read more