Security
Headlines
HeadlinesLatestCVEs

Source

Malwarebytes

CISA: You've got two weeks to patch Citrix NetScaler vulnerability CVE-2023-3519

Categories: Exploits and vulnerabilities Categories: News Tags: Citrix Tags: NetScaler Tags: CVE-2023-3519 Tags: web shell A critical unauthenticated remote code execution vulnerability in Citrix NetScaler ADC and Citrix NetScaler Gateway is being actively exploited (Read more...) The post CISA: You've got two weeks to patch Citrix NetScaler vulnerability CVE-2023-3519 appeared first on Malwarebytes Labs.

Malwarebytes
#vulnerability#web#rce#auth
Estée Lauder targeted by Cl0p and BlackCat ransomware groups

Categories: Business Tags: Estée Lauder Tags: Cl0p Tags: BlackCat Tags: ransomware Tags: compromise Tags: attack Tags: breach Tags: blackmail Tags: threat We take a look at reports of cosmetics firm Estée Lauder being attacked by the Cl0p and BlackCat ransomware groups. (Read more...) The post Estée Lauder targeted by Cl0p and BlackCat ransomware groups appeared first on Malwarebytes Labs.

Google fixes "Bad.Build" Cloud Build flaw, researchers say it's not enough

Categories: Exploits and vulnerabilities Categories: News Researchers have uncovered a privilege escalation vulnerability in Google Cloud Build that could enable malicious actors tamper with application images and infect users. (Read more...) The post Google fixes "Bad.Build" Cloud Build flaw, researchers say it's not enough appeared first on Malwarebytes Labs.

Accidental VirusTotal upload is a valuable reminder to double check what you share

Categories: Business Tags: upload Tags: download Tags: share Tags: data Tags: intelligence Tags: google Tags: virustotal Tags: social media Tags: sharing Tags: document Tags: file Tags: files We take a look at reports of a document being accidentally shared to the VirusTotal service and potentially exposing names and email addresses in the security and intelligence community. (Read more...) The post Accidental VirusTotal upload is a valuable reminder to double check what you share appeared first on Malwarebytes Labs.

Amazon in-van delivery driver footage makes its way online

Categories: News Tags: driver Tags: delivery Tags: amazon Tags: van Tags: camera Tags: recording Tags: footage Tags: online Tags: privacy In-van delivery driver footage is reportedly finding its way to the internet. Are privacy issues at play, or is a valuable safety tool? (Read more...) The post Amazon in-van delivery driver footage makes its way online appeared first on Malwarebytes Labs.

Docker Hub images found to expose secrets and private keys

Categories: Awareness Categories: News Tags: Docker Tags: Docker Hub Tags: containerization Tags: secrets Tags: exposed Researchers have found that numerous Docker images shared on Docker Hub expose sensitive data. (Read more...) The post Docker Hub images found to expose secrets and private keys appeared first on Malwarebytes Labs.

Plane sailing for ticket scammers: How to keep your flight plans safe

Categories: Personal Tags: plane Tags: ticket Tags: holiday Tags: flight Tags: airplane Tags: aeroplane Tags: scam Tags: phish Tags: phishing Tags: social engineering We take a look at several scams targeting flyers off on their holidays, and how you can keep yourself safe. (Read more...) The post Plane sailing for ticket scammers: How to keep your flight plans safe appeared first on Malwarebytes Labs.

Microsoft validation error allowed state actor to access user email of government agencies and others

Categories: News Tags: Microsoft. MSA Tags: OWA Tags: validation token Tags: signing key Tags: Storm-0556 Tags: GetAccessTokensForResource Due to a validation error in Microsoft code, a suspected Chinese attacker was able to access user email from approximately 25 organizations, including government agencies. (Read more...) The post Microsoft validation error allowed state actor to access user email of government agencies and others appeared first on Malwarebytes Labs.

FakeSG enters the 'FakeUpdates' arena to deliver NetSupport RAT

Categories: Threat Intelligence Tags: fakeupdates Tags: socgholish Tags: netsupport Tags: RAT A new campaign leveraging compromised WordPress sites emerges with another fake browser update. (Read more...) The post FakeSG enters the 'FakeUpdates' arena to deliver NetSupport RAT appeared first on Malwarebytes Labs.

Act now! In-the-wild Zimbra vulnerability needs a workaround

Categories: Exploits and vulnerabilities Categories: News Tags: Zimbra Tags: MalasLocker Tags: vulnerability Tags: Google Tags: actively exploited Tags: fn:escapeXml Security experts are warning Zimbra users that a vulnerability for which there is no patch is being actively exploited in the wild. (Read more...) The post Act now! In-the-wild Zimbra vulnerability needs a workaround appeared first on Malwarebytes Labs.