Tag
Categories: News Tags: Windows 7 end of ESU Tags: Extended Security Updates Tags: ESU Tags: Microsoft ESU Tags: ESU program Tags: WIndows 8.1 Tags: Windows Server 2008/R2 Tags: NVIDIA Tags: Google Chrome Tags: Chrome Microsoft will cease supporting Windows 7 and Windows 8.1 all together, as well as Windows Server 2008/R2. (Read more...) The post Microsoft ends extended support for Windows 7 and Windows Server 2008 today appeared first on Malwarebytes Labs.
Business users receive a message from Facebook warning their accounts will be permanently suspended for using photos illegally if they don't appeal within 24 hours, leading victims to a credential-harvesting page instead.
The JsonWebToken package plays a big role in the authentication and authorization functionality for many applications.
Ubuntu Security Notice 5792-1 - Mingwei Zhang discovered that the KVM implementation for AMD processors in the Linux kernel did not properly handle cache coherency with Secure Encrypted Virtualization. A local attacker could possibly use this to cause a denial of service. It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Eatself version 1.1.5 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Excel Net Computer Institute version 4.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Ubuntu Security Notice 5791-1 - It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. David Leadbeater discovered that the netfilter IRC protocol tracking implementation in the Linux Kernel incorrectly handled certain message payloads in some situations. A remote attacker could possibly use this to cause a denial of service or bypass firewall filtering.
Ubuntu Security Notice 5790-1 - It was discovered that the BPF verifier in the Linux kernel did not properly handle internal data structures. A local attacker could use this to expose sensitive information. It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Categories: Threat Intelligence One criminal scheme often leads to another. This blog digs into a credit card skimmer and its ties with other malicious services. (Read more...) The post Crypto-inspired Magecart skimmer surfaces via digital crime haven appeared first on Malwarebytes Labs.
In yet another campaign targeting the Python Package Index (PyPI) repository, six malicious packages have been found deploying information stealers on developer systems. The now-removed packages, which were discovered by Phylum between December 22 and December 31, 2022, include pyrologin, easytimestamp, discorder, discord-dev, style.py, and pythonstyles. The malicious code, as is increasingly