#apple

The new feature detects attempts to modify files and processes for Microsoft Defender for Endpoints on macOS.

Tenda AC9 V15.03.2.21_cn is vulnerable to command injection via goform/SetSysTimeCfg.

Mobile transactions could’ve been disabled, created and signed by attackers.

Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.1.

Categories: Podcast This week on Lock and Code, we speak with pen-tester Mike Miller about how he successfully breached a client's offices with little more than a box of donuts. (Read more...) The post Donut breach: Lessons from pen-tester Mike Miller: Lock and Code S03E17 appeared first on Malwarebytes Labs.

Keep private photos, videos, and documents away from prying eyes.

Plus: Cisco gets hit by ransomware, Twilio gets phished, a new way to fight email spammers, and much more.

An injection flaw allowed a researcher to access all files on a Mac. Apple issued a fix, but some machines may still be vulnerable.

In Gitea before 1.16.9, it was possible for users to add existing issues to projects. Due to improper access controls, an attacker could assign any issue to any project in Gitea (there was no permission check for fetching the issue). As a result, the attacker would get access to private issue titles.

A stack overflow vulnerability exists in /goform/WifiMacFilterSet in Tenda W6 V1.0.0.9(4122) version, which can be exploited by attackers to cause a denial of service (DoS) via the index parameter.