|Magecart Group 12 is still alive and well in the latest attack against popular brand Segway.
Categories: Threat Intelligence
Http2Smugl – Tool to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -> HTTP/1.1 conversion
This tool helps to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -> HTTP/1.1 conversion by the frontend server. The scheme is as follows: An attacker sends a crafted HTTP/2 request to the target server, which…
|The latest mishap in NFT land has come to light, in the shape of bad planning and the slowly shifting impermanence of link ownership.
|Microsoft says that all Excel 4.0 (XLM) macros will now be disabled by default.
The post Microsoft is now disabling Excel 4.0 macros by default appeared first on Malwarebytes Labs.
|QR codes have become an essential part of contactless payments during the pandemic. But criminals are taking advantage of this.
|We look at trouble in Dark Souls land after PvP servers were turned off to combat what looked like a nasty exploit.
The post Dark Souls servers taken offline over hacking fears appeared first on Malwarebytes Labs.
I recently hopped on the Lookout podcast to talk about virtual private networks (VPNs) and how they’ve been extended beyond their original use case of connecting remote laptops to your corporate network. Even in this new world where people are using p…
|The most important and interesting security stories from the last seven days.
Categories: A week in security
Misconfigurations in smart contracts are being exploited by scammers to create malicious cryptocurrency tokens with the goal of stealing funds from unsuspecting users.
The instances of token fraud in the wild include hiding 99% fee functions and conce…