[Webinar] Learn How Leading Security Teams Reduce Attack Surface Exposure with DASR

Every day, security teams face the same problem—too many risks, too many alerts, and not enough time. You fix one issue, and three more show up. It feels like you're always one step behind. But what if there was a smarter way to stay ahead—without adding more work or stress? Join The Hacker News...

CISA and NSA Issue Urgent Guidance to Secure WSUS and Microsoft Exchange Servers

The U.S. Cybersecurity and Infrastructure Security Agency CISA and National Security Agency NSA, along with international partners from Australia and Canada, have released guidance to harden on-premise Microsoft Exchange Server instances from potential exploitation. "By restricting administrative...

EUVD-2023-41988

Malicious code in bioql PyPI...

Simple Steps for Attack Surface Reduction

Story teaser text: Cybersecurity leaders face mounting pressure to stop attacks before they start, and the best defense may come down to the settings you choose on day one. In this piece, Yuriy Tsibere explores how default policies like deny-by-default, MFA enforcement, and application Ringfencin...

⚡ Weekly Recap: Chrome 0-Day, Data Wipers, Misused Tools and Zero-Click iPhone Attacks

Behind every security alert is a bigger story. Sometimes it's a system being tested. Sometimes it's trust being lost in quiet ways—through delays, odd behavior, or subtle gaps in control. This week, we're looking beyond the surface to spot what really matters. Whether it's poor design, hidden...

CVE-2021-32756

ManageIQ is an open-source management platform. In versions prior to jansa-4, kasparov-2, and lasker-1, there is a flaw in the MiqExpression module of ManageIQ where a low privilege user could enter a crafted Ruby string which would be evaluated. Successful exploitation will allow an attacker to...

Do Not Use auditctl to Set auditd Rules

auditd service rules can be configured using either rule files in the /etc/audit/rules.d/ directory applied after server restart or the auditctl command for immediate effect. The permission of the /etc/audit/rules.d/ directory is 750, while that of the auditctl command is 755. Therefore,...

Security Updates for Windows Defender (September 2023)

The Malware Protection Engine version of Microsoft Windows Defender installed on the remote Windows host is prior to 1.1.23080.2005. It is, therefore, affected by an attack surface reduction vulnerability due to security features bypass. A remote attacker can trick a victim to open a specially...

CVE-2023-38163

Windows Defender Attack Surface Reduction Security Feature Bypass...

CVE-2023-38163

Windows Defender Attack Surface Reduction Security Feature Bypass...

CVE-2023-38163 Windows Defender Attack Surface Reduction Security Feature Bypass

...

Windows Defender Attack Surface Reduction Security Feature Bypass

...

RFP Template for Browser Security

Increasing cyber threats and attacks have made protecting organizational data a paramount concern for businesses of all sizes. A group of experts have recognized the pressing need for comprehensive browser security solutions and collaborated to develop "The Definitive Browser Security RFP...

Part II: Implementing Effective Cyber Security Metrics that Reduce Risk Realistically

In Part I of this three-part blog series, we discussed building a cyber risk metrics program from the ground up. We also discovered how to implement effective strategies for holistically articulating your cyber risk posture across your organization. In our second installment, we’ll delve deeper...

Zero-day deploys remote code execution vulnerability via Word documents

An unpatched zero-day vulnerability is currently being abused in the wild, targeting those with an interest in Ukraine. Microsoft reports that CVE-2023-36884 is tied to reports of: …a series of remote code execution vulnerabilities impacting Windows and Office products. Microsoft is aware of...

Microsoft Defender for Endpoint is ranked number one in market share in the IDC Worldwide Corporate Endpoint Security Market Shares report, 2022

Microsoft security researchers tracked a 130.4 percent increase in organizations that have encountered ransomware over the last year. Endpoints are an important attack vector and ensuring that organizations have modern endpoint security as part of a broader extended detection and response strateg...

A week in security (June 19 - 25)

Last week on Malwarebytes Labs: Microsoft Azure AD flaw can lead to account takeover 5 facts to know about the Royal ransomware gang Malwarebytes only vendor to win every MRG Effitas award in 2022 & 2023 UPS warns customers of phishing attempts after data accessed 6 tips for a cybersecure honeymo...

A New Security Category Addresses Web-borne Threats

In the modern corporate IT environment, which relies on cloud connectivity, global connections and large volumes of data, the browser is now the most important work interface. The browser connects employees to managed resources, devices to the web, and the on-prem environment to the cloud one. Ye...

Detecting and preventing LSASS credential dumping attacks

Obtaining user operating system OS credentials from a targeted device is among threat actors’ primary goals when launching attacks because these credentials serve as a gateway to various objectives they can achieve in their target organization’s environment, such as lateral movement. One techniqu...

Bpflock - eBPF Driven Security For Locking And Auditing Linux Machines

bpflock - eBPF driven security for locking and auditing Linux machines. Note: bpflock is currently in experimental stage , it may break, options and security semantics may change, some BPF programs will be updated to use Cilium ebpf library. 1. Introduction bpflock uses eBPF to strength Linux...