Alerts

Stay updated with CyberLabs’ latest news alerts covering critical cybersecurity incidents, breaking threats, and important industry developments that matter to your digital safety.

Cybersecurity Architecture
Massive DDoS attack mitigated
Massive DDoS attack mitigated

16 Jun 2022

Internet infrastructure organization Cloudflare stated that they mitigated a record breaking 26 million request per second distributed denial-of-service (DDoS) attack, yesterday. This is the biggest HTTPS DDoS attack detected to date. This attack took place last week and targeted one of Cloudflare’s clients using the Free plan.

Read More
Apple blocks many Applications from defrauding Users
Apple blocks many Applications from defrauding Users

7 Jun 2022

It has been stated byApple Incthat over the course of last week that more than 343,000 iOS apps were blocked by the App Store App Review team for privacy concerns and violations last year, while another 157,000 were rejected for attempting to be legit apps to mislead or spam iOS users. The corporation also said that they blocked over 34,500 applications from getting indexed on the App Store because they were using undocumented or hidden features. 155,000 more apps were also removed for bait-and-switch tactics, such as adding new features or capabilities after approval.

Read More
Follina-A severe Zero-Day Code Execution Vulnerability
Follina-A severe Zero-Day Code Execution Vulnerability

2 Jun 2022

May of 2022, Microsoft disclosed a remote code execution (RCE) vulnerability in the Microsoft Support Diagnostic Tool (MSDT). This vulnerability became known and was dubbed “Follina,” and can be exploited by any threat actor sending a URL to a vulnerable and unprotected machine. If the exploitation is a success it will allow the attacker to install programs, view or change data or create new accounts in line with the victim’s user permissions. The vulnerability has no CVE and CVSS as well. While the exploitation requires no user interaction it works with macros disabled. It uses the MS-Word remote template feature to retrieve a HTML file from a remote webserver, which in turn leverages the ms-msdt MSProtocol URI scheme to load some code and execute certain PowerShell commands.

Read More
Critical bugs in Android apps from major Mobile providers
Critical bugs in Android apps from major Mobile providers

1 Jun 2022

Security researchers at Microsoft have detected high severity vulnerabilities in a framework used by Android apps from multiple major international mobile service providers.

Read More
Verizon suffers Ransomware Attack
Verizon suffers Ransomware Attack

30 May 2022

A database was stolen from Verizon was stolen by an attacker, that includes full name, email address, corporate ID numbers and contact numbers of Verizon employees. However, it is unsure that all the data mentioned above is up to date or accurate. It was confirmed by Motherboard, that at least some of the information is in fact correct, by calling the numbers in the database. Few have in fact confirmed their details and said they they work for Verizon. The hacker also contacted Motherboard last week to share the details. The anonymous threat actor said they obtained the data by convincing one of Verizon’s own employees to give remote access to their corporate computer.

Read More
A Malware through documents
A Malware through documents

23 May 2022

According to threat analysts it has been found a recent malware circulation campaign using PDF attachments to smuggle malicious Word documents that infect users with malware. The fact that PDF was chosen for distribution is quite unusual as most malicious and phishing emails that arrives include DOCX or XLS attachments laced with malware infecting macrocode. But as users become more aware of social engineering attacks and suspicious attachments, threat actors switch to various other methods to do the dirty work by deploying malicious macros and evade detection.

Read More
Eternity Malware-as-a-Service
Eternity Malware-as-a-Service

14 May 2022

It has been found that cybercriminals are now promoting a new modular, malware-as-a-service offering that allows wanna-be threat actors to choose from cornucopia of threats aTelegram channelthat to date has more than 500 subscribers. The new malware service, dubbed the Eternity Project by the hackers behind it. This allows them to target potential victims with a customized threat offering based on individual modules they can buy for prices ranging from $90 to $490. It includes; a stealer, a clipper, worm, and ransomware depending on the type of attack a threat actor wants to release. Developers behind this are also working on a future module that offers distributed denial of service (DDoS) bots.

Read More
Xbox goes down
Xbox goes down

9 May 2022

It was reported by Microsoft that Xbox Live services are currently down in a major outage, impacting users worldwide and preventing everyone from launching or buying games. As per user reports, the online gaming platform has been out for at least 3 hours, blocking everyone from playing both offline and cloud games. “We’re aware that some users are unable to purchase games, launch games or start Cloud Gaming sessions. Our teams are investigating,” the Xbox Support stated. The Xbox status page claims Xbox services impacted include games and gaming, cloud gaming, remote play and store and subscriptions. This unfortunate outage affected multiple platforms and it applies toXbox Series X|S, Xbox One consoles, Android devices, Apple devices, Xbox on Windows and cloud gaming.

Read More
A threat to Twitter verified account owners
A threat to Twitter verified account owners

5 May 2022

Phishing scams as we all know continue to target verified account owners on social media platforms, recently verified Twitter accounts with emails designed to steal account credentials have been discovered in ongoing campaigns conducted by threat actors. Verified accounts on twitter are set apart, and can be found as it is designated by a blue tick sign next to the name this indicates the account is either a notable influencer, celebrity, politician, activist, journalist, government and private organizations. To receive this “badge of honor”, Users must apply forapply for verification, which entails submitting additional information, including ID cards, website references and other reasons to make the account “notable.”

Read More
Black Basta in Action
Black Basta in Action

28 Apr 2022

A brand new ransomware gang known asBlack Bastahas swiftly catapulted in to action in the month of April, threatening at least 12 companies in just few weeks. The 1st known attack from the gang took place in the 2nd week of April, as the operation rapidly began attacking and breaching companies around the world. Ransom demands vary between victims, it was reported that one of the victims were demanded over $2 million from the Black Basta gang to decrypt files and shut down the leaking of data. Not many information has been found about this gang, as they have not begun publicly marketing their operation or recruiting affiliates on various hacking forums.

Read More
When mute is really not MUTED?
When mute is really not MUTED?

18 Apr 2022

According to a new study and research it has been found that pressing the mute button on some of the popular video conferencing apps may not actually work like they should, as the apps could still listen in on the microphone. To be specific, the study shows that in the software when mute is enabled it does not prevent audio from being transmitted to the respective applications’ servers continually or periodically. Therefore, users would not know how the mute system works due to this information piece being cut out from the privacy policy document and unfortunately assuming that the audio input is paused when mute is pressed.

Read More
What if you’re being watched without your knowledge?
What if you’re being watched without your knowledge?

30 Mar 2022

A vulnerability/flaw in the ‘Wyze’ camera lets hackers watch your saved content!

Read More