Source
Malwarebytes
Categories: Personal Tags: Minecraft Tags: mod Tags: forge Tags: players Tags: vulnerability Tags: RCE Tags: bleedingpipe Tags: malware Minecraft players interested in modding are at risk from a remote code execution vulnerability targeting both players and servers. (Read more...) The post Minecraft fans beware: Players and servers at risk from BleedingPipe vulnerability appeared first on Malwarebytes Labs.
Categories: Exploits and vulnerabilities Categories: News Tags: Ivanti Tags: EPMM Tags: MobileIron Tags: CVE-2023-35081 Tags: CVE-2023-35078 Tags: tomcat Tags: arbitrary file write Tags: ACL Tags: upgrade Ivanti has issued a patch to address a second critical zero-day vulnerability (Read more...) The post Ivanti patches second zero-day vulnerability being used in attacks appeared first on Malwarebytes Labs.
Categories: Business Tags: SEC Tags: filing Tags: file Tags: breach Tags: breaches Tags: US Tags: cyber attack Tags: disclosure Tags: notification Tags: public We take a look at news that a new SEC rule will require public organisations impacted by a cyberattack to disclose it within 4 days. (Read more...) The post Public companies must now disclose breaches within 4 days appeared first on Malwarebytes Labs.
Categories: Business Tags: VPN Tags: meta Tags: Facebook Tags: data Tags: disclosure Tags: australia Tags: australian Tags: traffic We take a look at reports that Meta subsidiaries have been ordered to pay a sizeable fine relating to disclosure issues for a now discontinued VPN. (Read more...) The post Meta subsidiaries must pay $14m over misleading data collection disclosure appeared first on Malwarebytes Labs.
Categories: Business Tags: supply chain Tags: attack Tags: ambulance Tags: trust Tags: communications Tags: service Tags: disrupt We take a look at a supply chain attack which disrupted two UK-based ambulance service's ability to access customer records. (Read more...) The post Supply chain attacks disrupt emergency services communications appeared first on Malwarebytes Labs.
Categories: Exploits and vulnerabilities Categories: News Tags: Barracuda Tags: ESG Tags: CVE-2023-2868 Tags: SUBMARINE Tags: SEASPY Tags: shell CISA has released three reports based on the analysis of backdoors planted on compromised Barracuda ESG appliances (Read more...) The post Compromised Barracuda appliances equipped with persistent backdoors by attackers appeared first on Malwarebytes Labs.
Categories: News Tags: week Tags: security Tags: 2023 Tags: July A list of topics we covered in the week of July 24 to July 30 of 2023 (Read more...) The post A week in security (July 24 - July 30) appeared first on Malwarebytes Labs.
Categories: Exploits and vulnerabilities Categories: News Tags: Zimbra Tags: ZCS Tags: CVE-2023-38750 Tags: CISA Tags: CVE-2023-0464 Tags: TAG Tags: XSS Tags: JSP Tags: XML Tags: Zimbra has released ZCS 10.0.2 that fixes two security issues, including the known bug that could lead to exposure of internal JSP and XML files. (Read more...) The post Zimbra issues awaited patch for actively exploited vulnerability appeared first on Malwarebytes Labs.
Categories: Podcast This week on Lock and Code, we speak with Thomas Reed about how Apple was able to previously address a security loophole that still persists on Windows, and what both companies get wrong (and right) about security. (Read more...) The post How Apple fixed what Microsoft hasn't, with Thomas Reed: Lock and Code S04E16 appeared first on Malwarebytes Labs.
Categories: Exploits and vulnerabilities Categories: News Tags: Norwegian ministries Tags: ivanti Tags: EPMM Tags: MobileIron Tags: CVE-2023-35078 Tags: patch A patch is now available for an Ivanti EPMM vulnerability that was used in a cyberattack on the ICT platform which is relied upon by a dozen Norwegian ministries. (Read more...) The post Patch now! Ivanti Endpoint Manager Mobile Authentication vulnerability used in the wild appeared first on Malwarebytes Labs.