7085 matches found
From Digital Innovation to Patient Harm: Why Healthcare Cybersecurity Is Now a C-Suite Imperative
From Digital Innovation to Patient Harm: Why Healthcare Cybersecurity Is Now a C-Suite Imperative By John Fokker · January 27, 2026 For decades, healthcare systems were designed with one core principle: patient safety. Clinical devices operated in largely closed environments, disconnected from th...
EUVD-2020-15164
Malware in sbrugna...
CVE-1999-0354
Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution of Visual Basic programs to the IE client through the Word 97 template, which doesn't warn the user that the template contains executable content. Also applies to Outlook when the client views a malicious email message...
Ransomware attackers email bemused students as leverage for a payout
The University of Manchester has fallen victim to a ransomware gang, who are currently applying an interesting twist to their attack. Blackmail and pressure are two ways to extract funds from potential victims. We see this in sextortion cases, as well as in social engineering. Here, the fraudster...
Inside the 2022 Email Cyber Threat Landscape
Key trends and predictions you should know about...
Design/Logic Flaw
A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them...
Out-of-bounds
It may be possible for an attacker to craft an email message that causes Thunderbird to perform an out-of-bounds write of one byte when processing the message. This vulnerability affects Thunderbird 91.6.1...
CVE-2022-41273
CVE-2022-41273 affects SAP Sourcing and SAP Contract Lifecycle Management (CLM) version 1100, due to improper input sanitization in the affected components. The vulnerability allows an attacker to lure a user into clicking a manipulated link via email, leading the user to log in and subsequently ...
Mozilla: Leaking of sensitive information when composing a response to an HTML email with a META refresh tag
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of a Thunderbird user replying to a crafted HTML email containing a meta tag, with the meta tag having the http-equiv="refresh" attribute and the content attribute specifying an URL. Thunderbird started a...
A week in security (June 6 – June 12)
Last week on Malwarebytes Labs: FBI warns of scammers soliciting donations for Ukraine Microsoft autopatch is here…but can you use it? Prometheus ransomwares flaws inspired researchers to try to build a near-universal decryption tool Rotten apples banned from App store Hackers can take over...
Cybercriminals Love Supply-Chain Chaos: Here’s How to Protect Your Inbox
Over the last couple of months, the Zix Threat Research team has observed threat actors using new tactics to spoof logistics and supply-chain companies, hoping for an easy compromise. As we have seen throughout the COVID-19 pandemic, cybercriminals are flourishing in these times of upheaval, due ...
Attackers use Morse code, other encryption methods in evasive phishing campaign
Cybercriminals attempt to change tactics as fast as security and protection technologies do. During our year-long investigation of a targeted, invoice-themed XLS.HTML phishing campaign, attackers changed obfuscation and encryption mechanisms every 37 days on average, demonstrating high motivation...
New sophisticated email-based attack from NOBELIUM
Microsoft Threat Intelligence Center MSTIC has uncovered a wide-scale malicious email campaign operated by NOBELIUM, the threat actor behind the attacks against SolarWinds, the SUNBURST backdoor, TEARDROP malware, GoldMax malware, and other related components. The campaign, initially observed and...
MGASA-2021-0010 Updated squirrelmail packages fix security vulnerabilities
XSS was discovered in SquirrelMail through 1.4.22. Due to improper handling of RCDATA and RAWTEXT type elements, the built-in sanitization mechanism can be bypassed. Malicious script content from HTML e-mail can be executed within the application context via crafted use of for example a NOEMBED,...
Necurs Botnet in Crosshairs of Global Takedown Offensive
A New York State court issued an order this week giving Microsoft control of the U.S.-based infrastructure used by the notorious Necurs botnet in an effort to stop the world’s most prolific and globally dispersed spam and malware infrastructure. The move came after Microsoft and partners across 3...
Necurs Botnet in Crosshairs of Global Takedown Offensive
A New York State court issued an order this week giving Microsoft control of the U.S.-based infrastructure used by the notorious Necurs botnet in an effort to stop the world’s most prolific and globally dispersed spam and malware infrastructure. The move came after Microsoft and partners across 3...
Fake 'Windows Update' Installs Cyborg Ransomware
A malicious spam campaign that informs victims it contains a “critical Windows update” instead leads to the installation of Cyborg ransomware, researchers have found. Further, they were able to access its builder, which can be used to create malware variants. The email-based threat, discovered...
ThreatList: Banking Trojans Are Still The Top Big Bad for Email
While APT activity and a raft of malware types continue to capture the notice of researchers and journalists, it turns out that trusty old banking trojans remain the top email-borne threat out there. According to Proofpoint’s latest quarterly report, analyzing trends for the fourth quarter of 201...
A Devious Phishing Scam Targets Apple App Store Customers
Be on the lookout for emails that claim to be from the App Store...
Sextortion emails: They’re probably not watching you
Back in July, Krebs on Security reported on a rather novel scam, where the threat actor would use credentials from old data dumps to suggest that they had directly hacked the victim and obtained the victim's presumably sensitive browser history. Stolen credentials aside, sex-based extortion scams...