Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

Why you should be taking security advice from your grandmother

We take a look at a report which indicates younger generations are struggling with being able to spot scams, and why that might be. The post Why you should be taking security advice from your grandmother appeared first on Malwarebytes Labs.

Malwarebytes
Open in Source
#mac#git#pdf
Bumblebee Malware Buzzes Into Cyberattack Fray

The sophisticated Bumblebee downloader is being used in ongoing email-borne attacks that could lead to ransomware infections.

Threat Source newsletter (April 28, 2022) — The 2022 Cybersecurity Mock Draft

By Jon Munshaw.  Welcome to this week’s edition of the Threat Source newsletter that’s going to be a little different, but bear with me.  In honor of the NFL Draft starting this evening — an event that Cisco is helping to secure — I thought it’d be appropriate to look at building a... [[ This is only the beginning! Please visit the blog for the complete entry ]]

FBI warns food and agriculture to brace for seasonal ransomware attacks

For the second time, the FBI has warned the food and agriculture sector about the risk of ransomware attacks. The post FBI warns food and agriculture to brace for seasonal ransomware attacks appeared first on Malwarebytes Labs.

CVE-2022-1514: Sanitized the data read from the ini file to avoid security problems. · NeoRazorX/facturascripts@aa9f28c

Stored XSS via upload plugin functionality in zip format in GitHub repository neorazorx/facturascripts prior to 2022.06. Cross-site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the user's machine. Attackers can masquerade as authorized users via session cookies, allowing them to perform any action allowed by the user account.

QNAP customers urged to disable AFP to protect against severe vulnerabilities

NAS device vendors are dealing with several severe vulnerabilities in Netatalk, the open-source implemenation of AFP. The post QNAP customers urged to disable AFP to protect against severe vulnerabilities appeared first on Malwarebytes Labs.

CVE-2022-28101: HTML Injection Leading to RCE in Turtl - Cyber Citadel

Turtlapp Turtle Note v0.7.2.6 does not filter the <meta> tag during markdown parsing, allowing attackers to execute HTML injection.

Explainable AI for Fraud Prevention

As the use of AI- and ML-driven decision-making draws transparency concerns, the need increases for explainability, especially when machine learning models appear in high-risk environments.

Azure Database for PostgreSQL Flexible Server Privilege Escalation and Remote Code Execution

MSRC was informed by Wiz, a cloud security vendor, under Coordinated Vulnerability Disclosure (CVD) of an issue with the Azure Database for PostgreSQL Flexible Server that could result in unauthorized cross-account database access in a region. By exploiting an elevated permissions bug in the Flexible Server authentication process for a replication user, a malicious user … Azure Database for PostgreSQL Flexible Server Privilege Escalation and Remote Code Execution Read More »