Categories: Exploits and vulnerabilities Categories: News Tags: Barracuda ESG Tags: CVE-2023-2868 Tags: SEASPY Tags: SUBMARINE Tags: WHIRLPOOL The FBI repeats the warning by Barracuda that all ESG appliances should immediately be replaced because the patch was ineffective. |
The post FBI confirms Barracuda patch is not effective for exploited ESG appliances appeared first on Malwarebytes Labs.
Read moreCategories: Business Categories: News Tags: Cisco Tags: VPN Tags: Akira Tags: ransomware Tags: brute-force Tags: credential stuffing Tags: password spraying Several researchers are seeing ransomware attacks targetting Cisco VPNs without MFA |
The post Cisco VPNs without MFA are under attack by ransomware operator appeared first on Malwarebytes Labs.
Read moreCategories: News Tags: DuoLingo Tags: data breach Tags: email adress Tags: username Tags: real name Using an openly available API, cybercrimnals were able to scrape the data of 2.6 million DuoLingo users. |
The post 2.6 million DuoLingo users have scraped data released appeared first on Malwarebytes Labs.
Read moreCategories: News Tags: week Tags: security Tags: august Tags: 2023 Tags: trusted advisor Tags: cyrus Tags: A list of topics we covered in the week of August 21 to August 27 of 2023 |
The post A week in security (August 21 – August 27) appeared first on Malwarebytes Labs.
Read moreCategories: Exploits and vulnerabilities Categories: News Tags: Ivanti Tags: Sentry Tags: MobileIron Tags: CVE-2023-38035 Tags: MICS Tags: port 8443 There is some uncertainty about whether a vulnerability in Ivanti Sentry is being exploited in the wild, but why take the risk when you can patch? |
The post [updated] Ivanti Sentry critical vulnerability—don’t play dice, patch appeared first on Malwarebytes Labs.
Read moreCategories: Exploits and vulnerabilities Categories: News Tags: Ivanti Tags: Sentry Tags: MobileIron Tags: CVE-2023-38035 Tags: MICS Tags: port 8443 There is some uncertainty about whether a vulnerability in Ivanti Sentry is being exploited in the wild, but why take the risk when you can patch? |
The post Ivanti Sentry critical vulnerability—don’t play dice, patch appeared first on Malwarebytes Labs.
Read moreCategories: Exploits and vulnerabilities Categories: News Tags: Adobe Tags: ColdFusion Tags: CVE-2023-26359 Tags: CVE-2023-26360 Tags: critical Tags: known exploited Tags: deserialization A second Adobe ColdFusion vulnerability that was patched in April has been added to CISA’s known exploited vulnerabilities catalog. |
The post Adobe ColdFusion vulnerability exploited in the wild appeared first on Malwarebytes Labs.
Read moreCategories: Exploits and vulnerabilities Categories: News Tags: WinRAR Tags: CVE-2023-40477 Tags: RCE Tags: Windows 11 A new version of WinRAR is available that patches two vulnerabilities attackers could use for remote code execution. |
The post Update now! WinRAR files can be abused to run malware appeared first on Malwarebytes Labs.
Read moreCategories: News Tags: QR codes Tags: attachment Tags: phishing Tags: Bing Tags: Microsoft Tags: credentials Researchers have been monitoring a phishing campaign that uses QR codes and Bing redirects to lead targets to phishing sites. |
The post QR codes used to phish for Microsoft credentials appeared first on Malwarebytes Labs.
Read moreCategories: News Tags: Augsut 2023 Tags: week in security A list of topics we covered in the week of August 14 to August 20 of 2023 |
The post A week in security (August 14 – August 20) appeared first on Malwarebytes Labs.
Read more