Blogs

Stay informed with CyberLabs’ expert-written blogs featuring the latest cybersecurity insights, practical tips, and deep dives into emerging threats and technologies.

Cybersecurity Architecture
Microsoft January 2023 Patch Tuesday
Microsoft January 2023 Patch Tuesday

12 Jan 2023

On 11th January 2023 was the January Patch Tuesday, and a zero-day vulnerability and 98 flaws were fixed. 11 Critical in Severity 87 Important in Severity The vulnerabilities are, 39 Elevation of Privilege Vulnerabilities 4 Security Feature Bypass Vulnerabilities 33 Remote Code Execution Vulnerabilities 10 Information Disclosure Vulnerabilities 10 Denial of Service Vulnerabilities 2 Spoofing […]

Read More
Google to Resolve User Location Tracking Lawsuits
Google to Resolve User Location Tracking Lawsuits

3 Jan 2023

In order to resolve two lawsuits launched by Indiana and Washington, D.C. about its “deceptive” location monitoring methods, Google has agreed to pay a total of $29.5 million. WIN: My office reached a settlement with Google requiring the company to pay $9.5 million for deceiving and manipulating consumers—including by using “dark patterns” to trick users […]

Read More
LastPass admits on password vaults been stolen
LastPass admits on password vaults been stolen

27 Dec 2022

On 22nd December 2022 LastPass revealed that after entering its cloud storage earlier this year using data acquired during an incident in August 2022, attackers took customer vault data. “we have learned that an unknown threat actor accessed a cloud-based storage environment leveraging information obtained from the incident we previously disclosed in August of 2022. […]

Read More
Client-side encryption for Gmail for workspace
Client-side encryption for Gmail for workspace

20 Dec 2022

Google recently revealed that it is extending customer access to client-side encryption in Gmail online. Customers of Google Workspace Enterprise Plus, Education Plus, and Education Standard can enroll for the beta program through January 20th, 2023. It’s still not available for google private accounts. However, it is already available for already available for users of […]

Read More
Multiple Chrome extensions uses Browser Hijackers
Multiple Chrome extensions uses Browser Hijackers

8 Dec 2022

Around two million users were found to have been infected by browser hijackers employing malicious Chrome extensions. An unwanted program known as a “browser hijacker” changes a web browser’s settings without the user’s knowledge in order to insert adverts and replace the default search engine with a different one. Installing the “webSecurerr Browser Protection” extension […]

Read More
Phishing Campaign Targets Black Friday Season
Phishing Campaign Targets Black Friday Season

1 Dec 2022

A continuous spear-phishing attack that takes advantage of Black Friday and Cyber Monday has been detected by security provider Avanan. Threat actors impersonate order confirmation notices and entice victims to try refunds, which directs them to pages that collect credentials. The phishing email, “Looks like a standard shipment notification. It shows an order confirmation, as […]

Read More
Twitter verified account targeted in Phishing Campaigns
Twitter verified account targeted in Phishing Campaigns

22 Nov 2022

Twitter is now charging $8 a month for Twitter Blue and account verification. With this many phishing emails targeting verified users started flooding. pic.twitter.com/BYOBGBHOUA — Elon Musk (@elonmusk) November 2, 2022 A new report on numerous phishing operations with a blue badge subscription theme that target Twitter-verified users. Paid users can expect to receive “Priority […]

Read More
800,000 Malaysian Voters Compromised
800,000 Malaysian Voters Compromised

17 Nov 2022

The news organization New Straits Times announced on November 11, 2022, that there had allegedly been a data breach involving 800,000 Malaysian voters’ personal data. “Another data breach has allegedly occurred in Malaysia, this time involving the personal details of 800,000 voters. The 67gb data breach is supposedly from the Election Commission database which is […]

Read More
Daixin Team the ransomware and data extortion group Targets Healthcare Sector
Daixin Team the ransomware and data extortion group Targets Healthcare Sector

10 Nov 2022

The US Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency, and the Department of Health and Human Services jointly issued an advisory on October 21, 2022, alerting the public to the fact that since June 2022, the cybercrime group Daixin Team has been actively targeting US businesses, primarily in the healthcare and public […]

Read More
Microsoft Storage Location Expose Customers’ Information
Microsoft Storage Location Expose Customers’ Information

1 Nov 2022

One of Microsoft clients’ critical data was exposed due to a storage server configuration error, according to Microsoft Corporation. The misconfiguration, as for the investigation, permitted unauthorized access to some business transaction data from contacts between Microsoft and customers, including planning and provisioning client services. The international IT company safeguarded its server after getting the […]

Read More
Throughout Europe, Russian spoofing campaigns are disseminating false information on Ukraine
Throughout Europe, Russian spoofing campaigns are disseminating false information on Ukraine

25 Oct 2022

A significant amount of social media posts and accounts that were spoofing Russian information was taken down by Meta’s security team in September 2022. The disinformation effort using fake websites, according to Meta, was the largest and most intricate Russian operation since the start of the war in Ukraine. The researchers saw a huge network […]

Read More
Malware for Windows SideWalk adapted for Linux
Malware for Windows SideWalk adapted for Linux

6 Oct 2022

It was discovered that a Linux version of the SideWalk backdoor had been developed, allegedly by the state-sponsored organization SparklingGoblin in China (Earth Baku). The SideWalk is a multipurpose backdoor that leverages Cloudflare as its command-and-control (C2) server and Google Docs as a dead-drop resolver. It can also load new modules that are transmitted from […]

Read More