69 matches found
2023 Cybersecurity Industry Predictions
With 2022 rapidly coming to a close, this is the time of year where it makes sense to take a step back and look at the year in cybersecurity, and make a few critical predictions for what the industry could face in the year ahead. In order to give the security community some insight into where we’...
Hive Ransomware is on the rise. How should you deal with it?
Why Now? Hive is not a new problem. It first surfaced in 2021 but it’s becoming a much bigger issue now. This is due to a growing number of affiliates and therefore attacks. 2022 has seen more widespread country and industry target interest too. Ransomware growth in general is becoming a massive...
Don’t spend another weekend patching Chrome
As we head into the weekend, Google has released an emergency security update for the Chrome desktop web browser to address a high-severity vulnerability known to be exploited in the wild. This is the seventh Chrome zero-day fixed this year by Google. This security bug CVE-2022-3723; QID 377721 i...
Qualys Threat Research Thursday
Welcome to the second edition of the Qualys Research Team’s “Threat Research Thursday”, where we collect and curate notable new tools, techniques, procedures, threat intelligence, cybersecurity news, malware attacks, and more. Feedback on our first edition, Introducing Qualys Threat Research...
Let Smart Automation Reduce the Risk of Zero-Day Attacks on Third-Party Applications
Last week, Google released yet another zero-day patch for its Chrome browser to fix a high-severity flaw that was already being exploited. That vulnerability CVE-2022-3075 is the sixth actively exploited zero-day found in Chrome this year. While users are grateful for the urgent patch, it was...
Let Smart Automation Reduce the Risk of Zero-Day Attacks on Third-Party Applications
Last week, Google released yet another zero-day patch for its Chrome browser to fix a high-severity flaw that was already being exploited. That vulnerability CVE-2022-3075 is the sixth actively exploited zero-day found in Chrome this year. While users are grateful for the urgent patch, it was...
Extremely Critical Log4J Vulnerability Leaves Much of the Internet at Risk
The Apache Software Foundation has released fixes to contain an actively exploited zero-day vulnerability affecting the widely-used Apache Log4j Java-based logging library that could be weaponized to execute malicious code and allow a complete takeover of vulnerable systems. Tracked as...
A week in security (Sept 27 – Oct 3)
Last week on Malwarebytes Labs Teaching cybersecurity skills to special needs children with Alana Robinson: Lock and Code S02E18 Phone screenshots accidentally leaked online by stalkerware-type company FoggyWeb, analysis of a Nobelium backdoor Instagram Kids put on hold Microsoft, CISA and NSA...
Confluence Server Webwork OGNL Injection (CVE-2021-26084): How Akamai Helps You Protect Against Zero-Day Attacks
Recently Atlassian has disclosed a critical RCE Remote Code Execution vulnerability in its Confluence server and Data Center products CVE-2021-26084, which might allow unauthenticated users to execute arbitrary code on vulnerable servers...
Mitigating attacks in serverless environments
Serverless computing has become the fastest-growing segment in the cloud services market. The benefits are clear and significant: cost savings and lower operational overhead, giving development teams full control over code and flexibility in the infrastructure. This also means that, in terms of...
odix and Microsoft: Protecting users against malware attacks with free FileWall license
This blog post is part of the Microsoft Intelligent Security Association MISA guest blog series. Learn more about MISA. The fight against malware has become the epic battle of our generation, placing businesses of all sizes against a never-ending stream of hackers and zero-day attacks bent on...
Accellion FTA Zero-Day Attacks Tied to Clop, FIN11
Researchers have identified a set of threat actors dubbed UNC2546 and UNC2582 with connections to the FIN11 and the Clop ransomware gang as the cybercriminal group behind the global zero-day attacks on users of the Accellion legacy File Transfer Appliance product. Click to Register Multiple...
Cybersecurity Predictions for 2021: Robot Overlords No, Connected Car Hacks Yes
Predicting the future is always an iffy proposition. There’s the Nostradamus route, making predictions so cryptic and vague they could mean just about anything. Or you can go the TV psychic route and throw a handful of darts at the wall, highlighting the ones that stick and hope everyone ignores...
Microsoft Reveals New Innocent Ways Windows Users Can Get Hacked
Microsoft earlier today released its August 2020 batch of software security updates for all supported versions of its Windows operating systems and other products. This month's Patch Tuesday updates address a total of 120 newly discovered software vulnerabilities, of which 17 are critical, and th...
Adobe Prompts Users to Uninstall Flash Player As EOL Date Looms
With Flash Player’s Dec. 31, 2020 kill date quickly approaching, Adobe said that it will start prompting users to uninstall the software in the coming months. The End of Life EOL timeline has been a long time coming. Adobe first announced in July 2017 that it will no longer update or distribute...
Zero-day attacks are potent cyber threats that require serious response
By Waqas Lately, Zero-day attacks are being exploited to target small as well as large businesses. This is a post from HackRead.com Read the original post: Zero-day attacks are potent cyber threats that require serious response...
Hackers Exploit Zero-Day Bugs in Draytek Devices to Target Enterprise Networks
Cybersecurity researchers with Qihoo 360's NetLab today unveiled details of two recently spotted zero-day cyberattack campaigns in the wild targeting enterprise-grade networking devices manufactured by Taiwan-based DrayTek. According to the report, at least two separate groups of hackers exploite...
Adobe Addresses Critical Flash, Framemaker Flaws
Adobe has released patches addressing a wave of critical flaws in its Framemaker and Flash Player products, which, if exploited, could lead to arbitrary code-execution. Overall, Adobe stomped out flaws tied to 42 CVEs for its regularly scheduled February updates, with 35 of those flaws being...
Top 6 email security best practices to protect against phishing attacks and business email compromise
Most cyberattacks start over email—a user is tricked into opening a malicious attachment, or into clicking a malicious link and divulging credentials, or into responding with confidential data. Attackers dupe victims by using carefully crafted emails to build a false sense of trust and/or urgency...
Improve security and simplify operations with Windows Defender Antivirus + Morphisec
My team at Morphisec a Microsoft Intelligent Security Association MISA partner often talks with security professionals who are well-informed about the latest cyberthreats and have a longterm security strategy. The problem many of them face is how to create a stronger endpoint stack with limited...