A Closer Look at Windows Kernel Threats

Credit to Author: Sherif Magdy| Date: Mon, 19 Dec 2022 00:00:00 +0000

In this blog entry, we discuss the reasons why malicious actors choose to and opt not to pursue kernel-level access in their attacks. It also provides an overview of kernel-level threats that have been publicly reported from April 2015 to October 2022.

Read more

Improve Cyber Security Posture with 2023 Predictions

Credit to Author: Jon Clay| Date: Mon, 19 Dec 2022 00:00:00 +0000

If a stronger cyber security posture is one of your organization’s new year’s resolutions, focus on what matters with these five essential highlights from the Trend Micro Security Predictions for 2023.

Read more

InfraGard infiltrated by cybercriminal

Categories: News

Tags: InfraGard

Tags: FBI

Tags: critical infrastructure

Tags: data breach

Tags: USDoD

Tags: Breach

Tags: escrow service

A partnership between the FBI and private sector members established to protect US critical infrastructure, called InfraGard, was infiltrated by a cybercriminal.

(Read more…)

The post InfraGard infiltrated by cybercriminal appeared first on Malwarebytes Labs.

Read more

Virtual kidnapping scam strikes again. Spot the signs

Categories: News

Tags: virtual kidnapping

Tags: kidnap

Tags: scam

Tags: fake

Tags: fraud

Tags: ransom

Tags: victim

Tags: wire transfer

Tags: digital payment

Tags: venmo

Tags: cashapp

Tags: social engineering

Tags: phone call

Tags: mobile

Tags: relative

A recent scam has been making the rounds that attempts to fool you into thinking a loved one has been kidnapped.

(Read more…)

The post Virtual kidnapping scam strikes again. Spot the signs appeared first on Malwarebytes Labs.

Read more

Update now! Apple patches active exploit vulnerability for iPhones

Categories: Exploits and vulnerabilities

Categories: News

Tags: Apple

Tags: iOS 16.1.2

Tags: Safari 16.2

Tags: CVE-2022-42856

Tags: type confusion

Apple has released new security content for iOS 16.1.2 and Safari 16.2. to fix a zero-day security vulnerability that was actively exploited

(Read more…)

The post Update now! Apple patches active exploit vulnerability for iPhones appeared first on Malwarebytes Labs.

Read more

Patch Tuesday: Two zero-day flaws in Windows need immediate attention

Microsoft’s December Patch Tuesday updated delivers 59 fixes, including two zero-days (CVE-2022-44698 and CVE-2022-44710) that require immediate attention on the Windows platform. This is a network focused update (TCP/IP and RDP) that will require significant testing with an emphasis on ODBC connections, Hyper-V systems, Kerberos authentication, and printing (both local and remote).

Microsoft also published an urgent out-of-band update (CVE-2022-37966) to address serious Kerberos authentication issues. (The team at Readiness has provided a helpful infographic that outlines the risks associated with each of these updates.)

To read this article in full, please click here

Read more

Patch Tuesday: Two zero-day flaws in Windows zero-days immediate attention

Microsoft’s December Patch Tuesday updated delivers 59 fixes, including two zero-days (CVE-2022-44698 and CVE-2022-44710) that require immediate attention on the Windows platform. This is a network focused update (TCP/IP and RDP) that will require significant testing with an emphasis on ODBC connections, Hyper-V systems, Kerberos authentication, and printing (both local and remote).

Microsoft also published an urgent out-of-band update (CVE-2022-37966) to address serious Kerberos authentication issues. (The team at Readiness has provided a helpful infographic that outlines the risks associated with each of these updates.)

To read this article in full, please click here

Read more

Jamf Protect adds powerful telemetry to protect Mac enterprise

Security and privacy go hand in hand in the connected enterprise. So as we approach the holiday break, there’s good news for security-conscious Mac-using enterprises from Jamf: powerful new telemetry tools in Jamf Protect.

Because complex security is sexy

We know that enterprise users don’t just have a responsibility to keep things secure, they also need to prove they’re doing so. Beyond that, many regulated industries must maintain ever more complex security event logging and insight to show how hard they’re working to protect their systems.

To read this article in full, please click here

Read more