PossibleThreat Articles

Articles for the experts…

Exploits and vulnerabilities

MalwareBytes Security 

Update now! Apple patches vulnerabilities in MacOS and iOS

0 Comments , , , , , , , , , , ,

Categories: Apple

Categories: Exploits and vulnerabilities

Tags: Apple

Tags: macOS Ventura

Tags: 13.2.1

Tags: iOS

Tags: iPadOS

Tags: 16.3.1

Tags: CVE-2023-23514

Tags: CVE-2023-23522

Tags: CVE-2023-23529

Tags: use after free

Tags: type confusion

Apple has released patches for macOS Ventura, iPadOs, and iOS. Among the patched vulnerabilities is a WebKit vulnerability which may have been exploited in the wild.

(Read more…)

The post Update now! Apple patches vulnerabilities in MacOS and iOS appeared first on Malwarebytes Labs.

Read more
MalwareBytes Security 

[update]Two year old vulnerability used in ransomware attack against VMware ESXi

0 Comments , , , , , , ,

Categories: Exploits and vulnerabilities

Categories: News

Categories: Ransomware

Tags: VMware

Tags: ESXi

Tags: Nevada

Tags: ransomware

Tags: Linux

Tags: CVE-2021-21974

Over the weekend, several CERTs warned about ongoing ransomware attacks against unpatched VMware ESXi virtual machines.

(Read more…)

The post [update]Two year old vulnerability used in ransomware attack against VMware ESXi appeared first on Malwarebytes Labs.

Read more
MalwareBytes Security 

Two year old vulnerability used in ransomware attack against VMware ESXi

0 Comments , , , , , , ,

Categories: Exploits and vulnerabilities

Categories: News

Categories: Ransomware

Tags: VMware

Tags: ESXi

Tags: Nevada

Tags: ransomware

Tags: Linux

Tags: CVE-2021-21974

Over the weekend, several CERTs warned about ongoing ransomware attacks against unpatched VMware ESXi virtual machines.

(Read more…)

The post Two year old vulnerability used in ransomware attack against VMware ESXi appeared first on Malwarebytes Labs.

Read more
MalwareBytes Security 

Update vRealize now! VMware patches critical RCE vulnerabilities

0 Comments , , , , , , , , ,

Categories: Exploits and vulnerabilities

Categories: News

Tags: vRealize

Tags: VMware

Tags: CVE-2022-31706

Tags: CVE-2022-31704

Tags: CVE-2022-31702

Tags: path traversal

Tags: directory traversal

Tags: broken access control

VMware has issued a security advisory for vRealize Log Insight that covers four vulnerabilities, including two critical RCEs

(Read more…)

The post Update vRealize now! VMware patches critical RCE vulnerabilities appeared first on Malwarebytes Labs.

Read more
MalwareBytes Security 

Own an older iPhone? Check you’re on the latest version to avoid this bug

0 Comments , , , , , ,

Categories: Apple

Categories: Exploits and vulnerabilities

Categories: News

Tags: iOS 12.5.7

Tags: CVE-2022-42856

Tags: type confusion

Tags: WebKit

Apple has now released security content for iOS 12.5.7 which includes a patch for an actively exploited vulnerability in WebKit and many other updates.

(Read more…)

The post Own an older iPhone? Check you’re on the latest version to avoid this bug appeared first on Malwarebytes Labs.

Read more
MalwareBytes Security 

Update now! Proof of concept code to be released for Zoho ManageEngine vulnerability

0 Comments , , , , , , , , ,

Categories: Exploits and vulnerabilities

Categories: News

Tags: Zoho

Tags: ManageEngine

Tags: PoC

Tags: RCE

Tags: CVE-2022-47966

Tags: CVE-2022-35405

Tags: SAML

Tags: Apache Santuario

Proof of Concept code is about to be released for a vulnerability in many ManageEngine products which could enable RCE with SYSTEM privileges.

(Read more…)

The post Update now! Proof of concept code to be released for Zoho ManageEngine vulnerability appeared first on Malwarebytes Labs.

Read more
MalwareBytes Security 

Update now! Patch Tuesday January 2023 includes one actively exploited vulnerability

0 Comments , , , , , , , ,

Categories: Exploits and vulnerabilities

Categories: News

Tags: patch Tuesday

Tags: CVE-2023-21674

Tags: APLC

Tags: CVE-2023-21743

Tags: Sharepoint

Tags: CVE-2023-21563

Tags: BitLocker

The second Tuesday of the year brings us many updates, including one for an actively exploited vulnerability that could lead to elevation of privileges

(Read more…)

The post Update now! Patch Tuesday January 2023 includes one actively exploited vulnerability appeared first on Malwarebytes Labs.

Read more
MalwareBytes Security 

Update VPN Plus Server now! Synology patches vulnerability with a CVSS of 10

0 Comments , , , , ,

Categories: Exploits and vulnerabilities

Categories: News

Tags: Synology

Tags: VPL Plus Server

Tags: CVE-2022-43931

Tags: out-of-bounds write

Synology has patched a critical vulnerability in the Remote Desktop feature of VPN Plus Server

(Read more…)

The post Update VPN Plus Server now! Synology patches vulnerability with a CVSS of 10 appeared first on Malwarebytes Labs.

Read more
MalwareBytes Security 

4 over-hyped security vulnerabilities of 2022

0 Comments , , , , , , , , , , ,

Categories: Exploits and vulnerabilities

Categories: News

Tags: wormable

Tags: zero-day

Tags: spring4shell

Tags: cve-2022-34718

Tags: log4j

Tags: openssl

Tags: cve-2022-36934

Tags: cve-2022-27492

Tags: cve-2022-22965

Tags: cve-2022-22963

What does it take to make the discussion of vulnerabilities useful? And where did this go wrong in 2022?

(Read more…)

The post 4 over-hyped security vulnerabilities of 2022 appeared first on Malwarebytes Labs.

Read more