Exploits and vulnerabilities – Page 18

[updated] Thousands of Zimbra mail servers backdoored in large scale attack

August 17, 2022 0 Comments authentication, cve-2022-27925, cve-2022-37042, Exploits and vulnerabilities, news, rce, web shell, zimbra, zvs

Categories: Exploits and vulnerabilities

Categories: News

Tags: Zimbra

Tags: ZVS

Tags: cve-2022-27925

Tags: web shell

Tags: cve-2022-37042

Tags: authentication

Tags: RCE

Researchers found that a known RCE vulnerability in Zimbra Collaboration was chained with a new authentication vulnerability to drop backdoor web shells on thousands of servers

MalwareBytes Security

Researchers found one-click exploits in Discord and Teams

August 15, 2022 0 Comments discord, electron, electronjs, Exploits and vulnerabilities, log4j, log4shell, microsoftteams, news, nodejs, spotify, v8 chrome

Categories: Exploits and vulnerabilities

Categories: News

Tags: Discord

Tags: Spotify

Tags: MicrosoftTeams

Tags: Electron

Tags: ElectronJS

Tags: NodeJS

Tags: V8 Chrome

Tags: Log4Shell

Tags: Log4j

A group of security researchers found a series of vulnerabilities in the software underlying popular apps like Discord, Microsoft Teams, and many others

MalwareBytes Security

Thousands of Zimbra mail servers backdoored in large scale attack

August 12, 2022 0 Comments authentication, cve-2022-27925, cve-2022-37042, Exploits and vulnerabilities, news, rce, web shell, zimbra, zvs

Categories: Exploits and vulnerabilities

Categories: News

Tags: Zimbra

Tags: ZVS

Tags: cve-2022-27925

Tags: web shell

Tags: cve-2022-37042

Tags: authentication

Tags: RCE

Researchers found that a known RCE vulnerability in Zimbra Collaboration was chained with a new authentication vulnerability to drop backdoor web shells on thousands of servers

MalwareBytes Security

Slack flaw exposed users’ hashed passwords

August 11, 2022 0 Comments Exploits and vulnerabilities

Categories: Exploits and vulnerabilities

Slack was exposing user passwords for years. The bug has been swatted and the affected users informed.

(Read more…)

The post Slack flaw exposed users’ hashed passwords appeared first on Malwarebytes Labs.

MalwareBytes Security

Update now! Microsoft fixes two zero-days in August’s Patch Tuesday

August 11, 2022 0 Comments Adobe, Android, Cisco, cve-2022-24477, cve-2022-24516, cve-2022-30133, cve-2022-30134, cve-2022-34713, cve-2022-34715, cve-2022-35743, dogwalk, exchange, Exploits and vulnerabilities, Google, Microsoft, msdt, news, nfs, Patch Tuesday, ppp, sap, vmware

Categories: Exploits and vulnerabilities

Categories: News

Tags: Microsoft

Tags: patch Tuesday

Tags: MSDT

Tags: NFS

Tags: PPP

Tags: Exchange

Tags: CVE-2022-34713

Tags: CVE-2022-35743

Tags: DogWalk

Tags: CVE-2022-30134

Tags: CVE-2022-24477

Tags: CVE-2022-24516

Tags: CVE-2022-30133

Tags: CVE-2022-34715

Tags: Adobe

Tags: Cisco

Tags: Google

Tags: Android

Tags: SAP

Tags: VMWare

Patch Tuesday for August 2022 has come around. We take a look at the most important vulnerabilities that Microsoft’s fixed and a brief look at what other vendors did.

MalwareBytes Security

Patch now! Cisco VPN routers are vulnerable to remote control

August 7, 2022 0 Comments Cisco, cve-2022-20827, cve-2022-20841, cve-2022-20842, Exploits and vulnerabilities, input validation, vpn routers

Credit to Author: Pieter Arntz| Date: Sun, 07 Aug 2022 11:14:14 +0000

Cisco has released a security advisory about some serious security vulnerabilities in multiple Cisco small business VPN routers.

The post Patch now! Cisco VPN routers are vulnerable to remote control appeared first on Malwarebytes Labs.

MalwareBytes Security

Update now! VMWare patches critical vulnerabilities in several products

August 3, 2022 0 Comments cve-2022-31656, cve-2022-31658, cve-2022-31659, cve-2022-31660, cve-2022-31661, cve-2022-31664, cve-2022-31665, cvss, Exploits and vulnerabilities, identity manager, jdbc, one access, rce, vmsa-2022-0021, vmware, vmware workspace, vrealize automation

Credit to Author: Pieter Arntz| Date: Wed, 03 Aug 2022 13:27:47 +0000

In a critical security advisory VMWare patches multiple RCE and EoP vulnerabilities in several affected products.

The post Update now! VMWare patches critical vulnerabilities in several products appeared first on Malwarebytes Labs.

MalwareBytes Security

Millions of Arris routers are vulnerable to path traversal attacks

August 1, 2022 0 Comments arris, cve-2022-26992, cve-2022-31793, derek abdine, Exploits and vulnerabilities, muhttpd, path traversal, remote administration

Credit to Author: Pieter Arntz| Date: Mon, 01 Aug 2022 17:31:40 +0000

A researcher has found a serious vulnerability in the muhttpd webserver that is used in millions of routers and modems. A patch is available but ISPs are often slow to push out firmware updates.

The post Millions of Arris routers are vulnerable to path traversal attacks appeared first on Malwarebytes Labs.

MalwareBytes Security

IIS extensions are on the rise as backdoors to servers

July 27, 2022 0 Comments backdoor, Cryptomining, Exploits and vulnerabilities, extensions, iis, modules, proxylogon, proxyshell, Reports, Server, wdigest

Credit to Author: Pieter Arntz| Date: Wed, 27 Jul 2022 13:58:06 +0000

The Microsoft 365 Defender Research Team has warned that attackers are increasingly leveraging Internet Information Services (IIS) extensions as covert backdoors into servers.

The post IIS extensions are on the rise as backdoors to servers appeared first on Malwarebytes Labs.

MalwareBytes Security

SonicWall urges customers to patch critical SQL injection bug ASAP

July 26, 2022 0 Comments cve-2022-22280, Exploits and vulnerabilities, global management system, gms, open web application security project, owasp, sonicwall, sonicwall psirt, sqli, waf, web application firewal

Credit to Author: Malwarebytes Labs| Date: Tue, 26 Jul 2022 15:57:20 +0000

SonicWall GMS and Analytics are vulnerable to an SQL injection bug, tracked as CVE-2022-22280.

The post SonicWall urges customers to patch critical SQL injection bug ASAP appeared first on Malwarebytes Labs.