Categories: Exploits and vulnerabilities Categories: News Tags: Chinese APT Tags: advanced persistent threat Tags: APT Tags: CISA Tags: NSA Tags: FBI Tags: security advisory CISA, the NSA and the FBI have compiled a list of the vulnerabilities targeted by state-sponsorted threat actors from China. |
The post Chinese APT’s favorite vulnerabilities revealed appeared first on Malwarebytes Labs.
Read moreCategories: Exploits and vulnerabilities Categories: News Tags: Microsoft Tags: Apple Tags: Google Tags: Android Tags: Samsung Tags: Xiaomi Tags: Adobe Tags: SAP Tags: VMWare Tags: Fortinet Tags: CVE-2022-41033 Tags: CVE-2022-41040 Tags: zero-day No fix for ProxyNotShell |
The post Update now! October patch Tuesday fixes actively used zero-day…but not the one you expected appeared first on Malwarebytes Labs.
Read moreCategories: Exploits and vulnerabilities Categories: News Tags: Google Tags: Android Tags: Qualcomm Tags: WLAN Tags: CVE-2022-25720 Tags: CVE-2022-25718 Tags: CVE-2022-25748 Tags: CVE-2022-20419 Tags: ActivityManager Google has issued patches for 42 vulnerabilities, including four marked critical |
The post Android vulnerabilities could allow arbitrary code execution appeared first on Malwarebytes Labs.
Read moreCategories: Exploits and vulnerabilities Categories: News Tags: Exchange Tags: ProxyShell Tags: remote PowerShell Tags: web shell Tags: CVE-2022-41040 Tags: CVE-2022-41082 Tags: SSRF Tags: RCE Two ProxyShell-like vulnerabilities are being used to exploit Microsoft Exchange Servers |
The post [updated]Two new Exchange Server zero-days in the wild appeared first on Malwarebytes Labs.
Read moreCategories: Exploits and vulnerabilities Categories: News Tags: Atlassian Tags: Bitbucket Tags: git Tags: CVE-2022-36804 Tags: RCE Tags: read permission International cybersecurity authorities are warning about the active exploitation of a vulnerability in Bitbucket Server and Data Center |
The post Actively exploited vulnerability in Bitbucket Server and Data Center appeared first on Malwarebytes Labs.
Read moreCategories: Exploits and vulnerabilities Categories: News Tags: Exchange Tags: ProxyShell Tags: remote PowerShell Tags: web shell Tags: CVE-2022-41040 Tags: CVE-2022-41082 Tags: SSRF Tags: RCE Two ProxyShell-like vulnerabilities are being used to exploit Microsoft Exchange Servers |
The post Two new Exchange Server zero-days in the wild appeared first on Malwarebytes Labs.
Read moreCategories: Exploits and vulnerabilities Categories: News The critical CVE-2022-35405 flaw affects several Zoho ManageEngine products. Federal and private organizations must patch now! |
The post Flaw in some ManageEngine apps is being actively exploited, says CISA appeared first on Malwarebytes Labs.
Read moreCategories: Exploits and vulnerabilities Categories: News Tags: WhatsApp Tags: CVE-2022-36934 Tags: CVE-2022-27492 Two RCE vulnerabilities were patched in WhatsApp. Both vulnerabilities were video related and could be used to compromise your device. |
The post Critical WhatsApp vulnerabilities patched: Check you’ve updated! appeared first on Malwarebytes Labs.
Read moreCategories: Exploits and vulnerabilities Categories: News Medtronic, an insulin pump company, notified its users of a potential risk of attack due to a flaw in its pump’s communication protocol. |
The post Medtronic’s MiniMed 600 series insulin pumps potentially at risk of compromise, says FDA appeared first on Malwarebytes Labs.
Read moreCategories: Exploits and vulnerabilities Categories: News Tags: CVE-2022-40959 Tags: CVE-2022-40960 Tags: CVE-2022-40962 Tags: CVE-2022-3033 Tags: Mozilla Tags: Firefox Tags: Thunderbird Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird which could be exploited to take control of a system. |
The post Update Firefox and Thunderbird now! Mozilla patches several high risk vulnerabilities appeared first on Malwarebytes Labs.
Read more