Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

CVE-2023-29382: Security Center - Zimbra :: Tech Center

An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdc_preauth.jsp component.

CVE
Open in Source
#xss#csrf#vulnerability#web#android#mac#apple#microsoft#ubuntu#linux#debian#red_hat#apache#memcached#nodejs#js#git#java#oracle#php#rce#perl#ldap#nginx#ssrf#pdf#auth#zero_day#ssl
Google Searches for 'USPS Package Tracking' Lead to Banking Theft

Attackers are leveraging well-executed brand impersonation in a Google ads malvertising effort that collects both credit card and bank details from victims.

Botnets Send Exploits Within Days to Weeks After Published PoC

Six months of honeypot data finds that 19% of traffic to sensors were malicious exploit attempts, and 95% of those attempts came from just three botnets.

Warning issued over vulnerability in cardiac devices

Categories: Exploits and vulnerabilities Categories: News Tags: Medtronic Tags: Paceart Optima Tags: CVE-2023-31222 Tags: deserialization Tags: update Tags: messaging A vulnerability in Medtronic's Paceart Optima cardiac device could lead to further network penetration, RCE, and DoS attacks (Read more...) The post Warning issued over vulnerability in cardiac devices appeared first on Malwarebytes Labs.

Microsoft Teams Exploit Tool Auto-Delivers Malware

The "TeamsPhisher" cyberattack tool gives pen testers — and adversaries — a way to deliver malicious files directly to a Teams user from an external account, or tenant.

RedEnergy Stealer-as-a-Ransomware Threat Targeting Energy and Telecom Sectors

A sophisticated stealer-as-a-ransomware threat dubbed RedEnergy has been spotted in the wild targeting energy utilities, oil, gas, telecom, and machinery sectors in Brazil and the Philippines through their LinkedIn pages. The malware "possesses the ability to steal information from various browsers, enabling the exfiltration of sensitive data, while also incorporating different modules for

Microsoft Can Fix Ransomware Tomorrow

You can't encrypt a file you can't open — Microsoft could dramatically impact ransomware by slowing it down.

Microsoft rubbishes Anonymous Sudan’s claim of Stealing 30M accounts

By Waqas Anonymous Sudan group took to Telegram to claim that it had stolen 30 million accounts belonging to Microsoft customers. This is a post from HackRead.com Read the original post: Microsoft rubbishes Anonymous Sudan’s claim of Stealing 30M accounts

Malicious ad for USPS fishes for banking credentials

Categories: Threat Intelligence Tags: malvertising Tags: google Tags: usps Tags: phishing Next time you need to track a package, be aware that malicious ads could be leading you to sites that steal your banking information. (Read more...) The post Malicious ad for USPS fishes for banking credentials appeared first on Malwarebytes Labs.

Node.js Users Beware: Manifest Confusion Attack Opens Door to Malware

The npm registry for the Node.js JavaScript runtime environment is susceptible to what's called a manifest confusion attack that could potentially allow threat actors to conceal malware in project dependencies or perform arbitrary script execution during installation. "A npm package's manifest is published independently from its tarball," Darcy Clarke, a former GitHub and npm engineering manager