Code injection

Malwarebytes Binisoft Windows Firewall Control before 6.9.9.2 allows remote attackers to execute arbitrary code via gRPC named pipes...

CVE-2024-25089

CVE-2024-25089 affects Malwarebytes Binisoft Windows Firewall Control, prior to version 6.9.9.2. The vulnerability enables remote code execution via gRPC named pipes, with a CVSS v3.1 score of 9.8 (CRITICAL). Affected component is the Windows Firewall Control software and its gRPC named-pipe inte...

CVE-2024-25089

Malwarebytes Binisoft Windows Firewall Control before 6.9.9.2 allows remote attackers to execute arbitrary code via gRPC named pipes...

PT-2024-20737 · Binisoft +1 · Windows Firewall Control +1

Name of the Vulnerable Software and Affected Versions: Malwarebytes Binisoft Windows Firewall Control versions prior to 6.9.9.2 Description: The issue allows remote attackers to execute arbitrary code via gRPC named pipes. This enables attackers to potentially gain control over affected systems...

Malwarebytes Binisoft Windows Firewall Control Security Vulnerability

Malwarebytes Binisoft Windows Firewall Control is a third-party tool from Malwarebytes for enhancing Windows Firewall functionality by providing users with more advanced firewall control options. A security vulnerability previously existed in Malwarebytes Binisoft Windows Firewall Control version...

CVE-2024-25089

Malwarebytes Binisoft Windows Firewall Control before 6.9.9.2 allows remote attackers to execute arbitrary code via gRPC named pipes...

Decline in robocalls is encouraging, efforts seem to be working

The Federal Communications Commission FCC has announced that its recent actions with the Federal Trade Commission FTC against international robocalls appear to have had an effect. Robocalls are automated phone calls, often associated with scams and unwanted solicitations, which can be a nuisance ...

ChatGPT accused of breaking data protection rules

Italys Data Protection Authority GPDP has uncovered data privacy violations related to collecting personal data and age protections after an inquiry into OpenAI’s ChatGPT. OpenAI has 30 days to respond with a defense. ChatGPT is an artificial intelligence AI chatbot that can engage in conversatio...

Ring curtails law enforcement’s access to footage

US law enforcement will no longer be able to request footage through the Neighbors app produced by Ring video doorbells and surveillance cameras. Until now Ring’s Request for Assistance RFA function allowed law enforcement to ask for and obtain user footage, but this function will be retired. Alo...

Malwarebytes wins every MRG Effitas award for 2 years in a row

ThreatDown Endpoint Protection EP achieved the highest possible score 100% and received certifications for Level 1, Exploit, Online Banking, and Ransomware in the most recent anti-malware efficacy assessment results for the Q3 2023 evaluation performed by MRG Effitas, a world leader in independen...

Free access to ThreatDown Application Block: Elevate your Windows security at no cost

Malwarebytes continues to add value to its ThreatDown Bundles with the inclusion of Application Block as free for all ThreatDown Nebula accounts excluding Mobile only accounts. Users dont need to activate this new feature: the policy has been enabled in their account by default. For as many...

Alleged FruitFly malware creator ruled incompetent to stand trial

On January 4, 2017, Case Western Reserve University CWRU, located in Cleveland, Ohio, became aware of an infection on more than 100 of its computers. The university was notified by an undisclosed third party, who provided information to help the team find and identify the malware. CWRU began...

Atomic Stealer Gets an Upgrade - Targeting Mac Users with Encrypted Payload

Cybersecurity researchers have identified an updated version of a macOS information stealer called Atomic or AMOS, indicating that the threat actors behind the malware are actively enhancing its capabilities. "It looks like Atomic Stealer was updated around mid to late December 2023, where its...

A week in security (December 18 – December 24)

Last week on Malwarebytes Labs: Comcast’s Xfinity breached by Citrix Bleed; 36 million customer’s data accessed How does ThreatDown Vulnerability Assessment and Patch Management work? How Outlook notification sounds can lead to zero-click exploits Update Chrome now! Emergency update patches...

Webinar recap: Ransomware gangs and Living Off The Land attacks (LOTL)

Discover the intersection of Ransomware-as-a-Service RaaS gangs and Living Off The Land LOTL attacks in our latest webinar, now available on-demand, led by cybersecurity experts Ian Thomas, Mark Stockley, and Bill Cozens. The webinar revealed how RaaS gangs use LOTL tactics, leveraging legitimate...

Chrome starts the countdown to the end of tracking cookies

Google has announced that it will start rolling its Chrome web browsers new Tracking Protection feature from January of 2024. Tracking Protection is part of Google’s Privacy Sandbox initiative to phase out third-party cookies. The Tracking Protection feature aims to disable third-party cookies...

Apple to introduce new feature that makes life harder for iPhone thieves

Reportedly, Apple has plans to make it harder for iPhone thieves to steal your personal information even if they have your device’s passcode. A new feature called Stolen Device Protection is included in the beta version of iOS 17.3. The feature limits access to your private information in case...

Apple now requires a judge’s order to hand over your push notification data

Last week, we reported on how US government agencies have been asking Apple and Google for metadata related to push notifications, but the companies arent allowed to tell users about it happening. The content of the notifications is diverse. It ranges from a weather app warning you about rain to ...

Ransomware review: December 2023

This article is based on research by Marcelo Rivero, Malwarebytes ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim did not pay a ransom. This provides the best overall picture of...

Update now! Apple issues patches for older iPhones and other devices

Apple has issued emergency updates that include patches for older iOS devices concerning the two actively used zero-day vulnerabilities that were patched last week in newer devices. Updates are available for: Safari 17.2| macOS Monterey and macOS Ventura| ---|---|--- iOS 17.2 and iPadOS 17.2|...