27 matches found
A week in security (February 16 – February 22)
Last week on Malwarebytes Labs: Age verification vendor Persona left frontend exposed, researchers say Facebook ads spread fake Windows 11 downloads that steal passwords and crypto wallets AI-generated passwords are a security risk Intimate products maker Tenga spilled customer data Meta patents ...
EUVD-2023-54237
Malicious code in bioql PyPI...
From MostereRAT to ClickFix: New Malware Campaigns Highlight Rising AI and Phishing Risks
Cybersecurity researchers have disclosed details of a phishing campaign that delivers a stealthy banking malware-turned-remote access trojan called MostereRAT. The phishing attack incorporates a number of advanced evasion techniques to gain complete control over compromised systems, siphon...
CVE-2023-4373
Inadequate validation of permissions when employing remote tools and macros within Devolutions Remote Desktop Manager versions 2023.2.19 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature...
Ongoing Social Engineering Campaign Linked to Black Basta Ransomware Operators
Co-authored by Rapid7 analysts Tyler McGraw, Thomas Elkins, and Evan McCann Executive Summary Rapid7 has identified an ongoing social engineering campaign that has been targeting multiple managed detection and response MDR customers. The incident involves a threat actor overwhelming a user's emai...
Description of the security update for Visual Studio 2015 Update 3: January 9, 2024 (KB5030979)
Description of the security update for Visual Studio 2015 Update 3: January 9, 2024 KB5030979 Applies to: All Visual Studio 2015 Update 3 editions except Build Tools Summary An elevation of privilege vulnerability exists if the Diagnostics Hub Standard Collector handles data operations...
CVE-2023-7047
Inadequate validation of permissions when employing remote tools and macros via the context menu within Devolutions Remote Desktop Manager versions 2023.3.31 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature. This affects only SQL dat...
CVE-2023-7047
Inadequate validation of permissions when employing remote tools and macros via the context menu within Devolutions Remote Desktop Manager versions 2023.3.31 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature. This affects only SQL dat...
CVE-2023-7047
Inadequate validation of permissions when employing remote tools and macros via the context menu within Devolutions Remote Desktop Manager versions 2023.3.31 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature. This affects only SQL dat...
PT-2023-32850 · Devolutions · Devolutions Remote Desktop Manager
Name of the Vulnerable Software and Affected Versions: Devolutions Remote Desktop Manager versions 2023.3.31 and earlier Description: The issue is related to inadequate validation of permissions when using remote tools and macros via the context menu. This allows a user to initiate a connection...
Devolutions Remote Desktop Manager Security Vulnerability
Devolutions Remote Desktop Manager is an application from Devolutions Canada. It provides remote desktop management functionality. A security vulnerability exists in Devolutions Remote Desktop Manager version 2023.3.31 and earlier, which stems from insufficient privilege validation, and could all...
CVE-2023-4373
Inadequate validation of permissions when employing remote tools and macros within Devolutions Remote Desktop Manager versions 2023.2.19 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature...
CVE-2023-4373
Inadequate validation of permissions when employing remote tools and macros within Devolutions Remote Desktop Manager versions 2023.2.19 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature...
Design/Logic Flaw
Inadequate validation of permissions when employing remote tools and macros within Devolutions Remote Desktop Manager versions 2023.2.19 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature...
CVE-2023-4373
Inadequate validation of permissions when employing remote tools and macros within Devolutions Remote Desktop Manager versions 2023.2.19 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature...
CVE-2023-4373
Inadequate validation of permissions when employing remote tools and macros within Devolutions Remote Desktop Manager versions 2023.2.19 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature...
CVE-2023-4373
CVE-2023-4373 concerns Devolutions Remote Desktop Manager (versions ≤ 2023.2.19). The issue is inadequate validation of permissions when using remote tools and macros, allowing a user to initiate a connection without proper execution rights via the remote tools feature. Affected software: Devolut...
PT-2023-28950 · Devolutions · Devolutions Remote Desktop Manager
Name of the Vulnerable Software and Affected Versions: Devolutions Remote Desktop Manager versions 2023.2.19 and earlier Description: Inadequate validation of permissions when employing remote tools and macros within the software permits a user to initiate a connection without proper execution...
Description of the security update for the elevation of privilege vulnerability in Microsoft Visual Studio 2015 Update 3: February 8, 2022 (KB5011164)
Description of the security update for the elevation of privilege vulnerability in Microsoft Visual Studio 2015 Update 3: February 8, 2022 KB5011164 Applies to: All Visual Studio 2015 Update 3 editions except Build Tools Summary An elevation of privilege vulnerability exists if the Diagnostics Hu...
Description of the security update for the elevation of privilege vulnerability in Microsoft Visual Studio 2015 Update 3: November 9, 2021 (KB5007275)
Description of the security update for the elevation of privilege vulnerability in Microsoft Visual Studio 2015 Update 3: November 9, 2021 KB5007275 Applies to: All Visual Studio 2015 Update 3 editions except Build Tools Summary An elevation of privilege vulnerability exists if the Diagnostics Hu...