Zero-Day

IndependentKrebs

3CX Breach Was a Double Supply Chain Compromise

Credit to Author: BrianKrebs| Date: Fri, 21 Apr 2023 01:05:44 +0000

We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX, a complex, lengthy intrusion that has the makings of a cyberpunk spy novel: North Korean hackers using legions of fake executive accounts on LinkedIn to lure people into opening malware disguised as a job offer; malware targeting Mac and Linux users working at defense and cryptocurrency firms; and software supply-chain attacks nested within earlier supply chain attacks.

Read More
MalwareBytesSecurity

Rubrik is latest victim of the Clop ransomware zero-day campaign

Categories: News

Categories: Ransomware

Tags: Rubrik

Tags: GoAnywhere MFT

Tags: Fortra

Tags: Clop ransomware

Tags: Clop

Tags: ransomware

Tags: CVE-2023-0669

Tags: zero-day

Rubrik, a cloud data management company, has revealed that Clop made use of an infamous GoAnywhere flaw.

(Read more…)

The post Rubrik is latest victim of the Clop ransomware zero-day campaign appeared first on Malwarebytes Labs.

Read More
MalwareBytesSecurity

4 over-hyped security vulnerabilities of 2022

Categories: Exploits and vulnerabilities

Categories: News

Tags: wormable

Tags: zero-day

Tags: spring4shell

Tags: cve-2022-34718

Tags: log4j

Tags: openssl

Tags: cve-2022-36934

Tags: cve-2022-27492

Tags: cve-2022-22965

Tags: cve-2022-22963

What does it take to make the discussion of vulnerabilities useful? And where did this go wrong in 2022?

(Read more…)

The post 4 over-hyped security vulnerabilities of 2022 appeared first on Malwarebytes Labs.

Read More