#zero_day

Microsoft is sending the world a whole bunch of love today, in the form of patches to plug dozens of security holes in its Windows operating systems and other software. This year's special Valentine's Day Patch Tuesday includes fixes for a whopping three different "zero-day" vulnerabilities that are already being used in active attacks.

Apple on Monday rolled out security updates for iOS, iPadOS, macOS, and Safari to address a zero-day flaw that it said has been actively exploited in the wild. Tracked as CVE-2023-23529, the issue relates to a type confusion bug in the WebKit browser engine that could be activated when processing maliciously crafted web content, culminating in arbitrary code execution. The iPhone maker said the

An unknown threat actor created malicious game modes for the Dota 2 multiplayer online battle arena (MOBA) video game that could have been exploited to establish backdoor access to players' systems. The modes exploited a high-severity flaw in the V8 JavaScript engine tracked as CVE-2021-38003 (CVSS score: 8.8), which was exploited as a zero-day and addressed by Google in October 2021. "Since V8

Categories: News Categories: Ransomware Tags: CISA Tags: ransomware Tags: Democratic People’s Republic of Korea Tags: DPRK Tags: North Korea Tags: WannaCry Tags: EternalBlue Tags: Lazarus Group Tags: APT Tags: Magniber Tags: Magnitude exploit kit Tags: exploit kit Tags: EK Tags: Andariel Tags: Silent Chollima Tags: Stonefly Tags: Maui Tags: H0lyGh0st Tags: PLUTONIUM Tags: Conti The tactics of North Korean-sponsored ransomware cyberattacks against the healthcare sector and other vital infrastructure are highlighted in the latest #StopRansomware alert. (Read more...) The post CISA issues alert with South Korean government about DPRK's ransomware antics appeared first on Malwarebytes Labs.

After the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a decryptor for affected victims to recover from ESXiArgs ransomware attacks, the threat actors have bounced back with an updated version that encrypts more data. The emergence of the new variant was reported by a system administrator on an online forum, where another participant stated that files larger than 128MB

No response or patch yet forthcoming from providers of vulnerable document management systems

Avast researchers also discovered and reported two zero-day vulnerabilities, and observed the spread of information-stealing malware, remote access trojans, and botnets.

Our hearts are with the people of Turkey and Syria and all those impacted by the tragic earthquake. The Cisco Foundation has launched a matching campaign to support local disaster relief organizations.

Categories: News Tags: ryuk Tags: ransomware Tags: guilty Tags: encrypt Tags: ransom Tags: cryptocurrency Tags: bitcoin We take a look at a guilty plea made in relation to Ryuk ransomware proceeds, and how you can best protect yourself from the threat of ransomware. (Read more...) The post Ryuk ransomware laundering leads to guilty plea appeared first on Malwarebytes Labs.

Categories: News Tags: GoAnywhere MFT Tags: managed file transfer Tags: Kevin Beaumont Tags: Brian Krebs Tags: emergency patch 7.1.2 Tags: Fortra Tags: Cobalt Strike Tags: Florian Hauser Tags: Code White A bug in GoAnywhere, a B2B management file transfer software, could lead to a serious supply chain attack if left unpatched. Update now! (Read more...) The post Update now! GoAnywhere MFT zero-day patched appeared first on Malwarebytes Labs.