Why ransomware gangs love using RMM tools—and how to stop them

One of the most alarming trends our ThreatDown Intelligence team has noticed lately is the increased exploitation of legitimate Remote Monitoring and Management RMM tools by ransomware gangs in their attacks. RMM software, such as AnyDesk, Atera, and Splashtop, are essential for IT administrators...

A week in security (January 15 – January 21)

Last week on Malwarebytes Labs: Google failing to scrub abortion access in location history, study claims Google changes wording for Incognito browsing in Chrome CISA urges urgent patching of two actively exploited Citrix NetScaler vulnerabilities Cybersecurity spend to soar in 2024: How companie...

Free access to ThreatDown Application Block: Elevate your Windows security at no cost

Malwarebytes continues to add value to its ThreatDown Bundles with the inclusion of Application Block as free for all ThreatDown Nebula accounts excluding Mobile only accounts. Users dont need to activate this new feature: the policy has been enabled in their account by default. For as many...

Citrix HDX Engine blocked by Windows firewall

Citrix HDX Engine wfica32.exe blocked by Windows firewall during session startup. ～～～～ Message when blocked ～～～～～～～～ The Windows Defender firewall blocks some of the functions of this app On all public, private, and domain networks, the Windows Defender Firewall The Windows Defender Firewall bloc...

Introducing Malwarebytes Application Block: How to block unauthorized software from executing on Windows endpoints

Malwarebytes is excited to announce Application Block, a new module for Nebula and OneView for MSPs which helps organizations easily thwart unwanted applications from launching on Windows endpoints. For as many applications out there that help you keep business running as usual, there are just as...

CVE-2019-19675

In Ivanti Workspace Control before 10.3.180.0. a locally authenticated user with low privileges can bypass Managed Application Security by leveraging an unspecified attack vector in Workspace Preferences, when it is enabled. As a result, the attacker can start applications that should be blocked...

Block Puzzle King - Corrupted files, Dynamic Code Loading, External URLs vulnerabilities

HackApp vulnerability scanner discovered that application Block Puzzle King published at the 'play' market has multiple vulnerabilities...

Code injection

Windows Firewall in Microsoft Windows XP SP2 produces incorrect application block alerts when the application filename is ".exe" with no characters before the ".", which might allow local user-assisted users to trick a user into unblocking a Trojan horse program, as demonstrated by a malicious...