North Korean Hackers Exploit Zero-Day Bug to Target Cybersecurity Researchers

Threat actors associated with North Korea are continuing to target the cybersecurity community using a zero-day bug in an unspecified software over the past several weeks to infiltrate their machines. The findings come from Google's Threat Analysis Group TAG, which found the adversary setting up...

Urgent FBI Warning: Barracuda Email Gateways Vulnerable Despite Recent Patches

The U.S. Federal Bureau of Investigation FBI is warning that Barracuda Networks Email Security Gateway ESG appliances patched against a recently disclosed critical flaw continue to be at risk of potential compromise from suspected Chinese hacking groups. It also deemed the fixes as "ineffective"...

Zero-day spells disaster for Bitcoin ATM

Bitcoin ATMs have experienced a severe bout of cash drain after a zero-day bug was exploited to steal a total of $1.5 million in digital currency. The ATMs, located in various convenience stores, function along the lines of regular banking ATMs except your dealings are all in the cryptocurrency...

⚡Top Cybersecurity News Stories This Week — Cybersecurity Newsletter

Hey 👋 there, cyber friends! Welcome to this week's cybersecurity newsletter , where we aim to keep you informed and empowered in the ever-changing world of cyber threats. In today's edition, we will cover some interesting developments in the cybersecurity landscape and share some insightful...

CVE-2022-27518

Unauthenticated remote arbitrary code execution...

A week in security (September 12 – 18)

Last week on Malwarebytes Labs: The North Face hit by credential stuffing attack Facebook engineers aren't sure where all user data is kept 6 patch management best practices for businesses The MSP playbook on deciphering tech promises and shaping security culture Apple puts the password on life...

Hackers Exploit Twitter Vulnerability to Exposes 5.4 Million Accounts

Twitter on Friday revealed that a now-patched zero-day bug was used to link phone numbers and emails to user accounts on the social media platform. "As a result of the vulnerability, if someone submitted an email address or phone number to Twitter's systems, Twitter's systems would tell the perso...

Unpatched Windows 10 Zero-Day Allows Privileged File Access

An unpatched Windows security vulnerability could allow information disclosure and local privilege escalation LPE, researchers have warned. The issue CVE-2021-24084 has yet to get an official fix, making it a zero-day bug – but a micropatch has been rolled out as a stop-gap measure. Security...

FBI Issues Flash Alert on Actively Exploited FatPipe VPN Zero-Day Bug

The U.S. Federal Bureau of Investigation FBI has disclosed that an unidentified threat actor has been exploiting a previously unknown weakness in the FatPipe MPVPN networking devices at least since May 2021 to obtain an initial foothold and maintain persistent access into vulnerable networks,...

Apple Releases Urgent iOS Updates to Patch New Zero-Day Bug

Apple on Monday rushed out a security update for iOS 15.0.2 and iPadOS 15.0.2 to fix a remote code-execution RCE zero-day vulnerability that’s being actively exploited. Within hours, a security researcher had picked the bug apart and published both proof-of-concept code and an explanation of the...

100M IoT Devices Exposed By Zero-Day Bug

A flaw in a widely used internet-of-things IoT infrastructure code left more than 100 million devices across 10,000 enterprises vulnerable to attacks. Researchers at Guardara used their technology to find a zero-day vulnerability in NanoMQ, an open-source platform from EMQ that monitors IoT devic...

WooCommerce Multi Currency Bug Allows Shoppers to Change eCommerce Pricing

A security vulnerability in the WooCommerce Multi Currency plugin could allow any customer to change the pricing for products in online stores. WooCommerce is a popular eCommerce plugin for WordPress-powered websites; the Multi Currency plugin from Envato meanwhile allows e-tailers using...

Windows 10 Admin Rights Gobbled by Razer Devices

A zero-day bug in the device installer software for Razer peripherals – be they a Razer mouse, keyboard or any device that uses the Synapse utility – gives the plugger-inner full admin rights on Windows 10, just by inserting a compatible peripheral and downloading Synapse. There’s apparently...

Apple Releases Urgent 0-Day Bug Patch for Mac, iPhone and iPad Devices

Apple on Monday rolled out an urgent security update for iOS, iPadOS, and macOS to address a zero-day flaw that it said may have been actively exploited, making it the thirteenth such vulnerability Apple has patched since the start of this year. The updates, which arrive less than a week after th...

Google issues patches for Chrome flaw for Windows, Mac and Linux

By Waqas Along with a patch for a zero-day bug in the Chrome browser, Google has addressed seven other flaws in its recent update. This is a post from HackRead.com Read the original post: Google issues patches for Chrome flaw for Windows, Mac and Linux...

Hackers Leverage Adobe Zero-Day Bug Impacting Acrobat Reader

Adobe is warning customers of a critical zero-day bug actively exploited in the wild that affects its ubiquitous Adobe Acrobat PDF reader software. A patch is available, as part of the company’s Tuesday roundup of 43 fixes for 12 of its products, including Adobe Creative Cloud Desktop Application...

VMware Rolls a Fix for Formerly Critical Zero-Day Bug

VMware has patched a zero-day bug that was disclosed in late November – an escalation-of-privileges flaw that impacts Workspace One and other platforms, for both Windows and Linux operating systems. VMware has also revised the CVSS severity rating for the bug to “important,” down from critical. T...

A week in security (October 26 – November 1)

We had a very busy week at Malwarebytes Labs. We offered advice on Googles patch for an actively exploited zero-day bug that affects Chrome users, our podcast talked about finding consumer value in Cybersecurity Awareness Month with Jamie Court, we provided guidance about keeping ransomware cash...

Zoom Addresses Vanity URL Zero-Day

A previously undisclosed bug in Zoom’s customizable URL feature has been addressed that could have offered a hacker a perfect social-engineering avenue for stealing credentials or sensitive information. Disclosed by Zoom and Check Point on Thursday, the security flaw existed in the “Vanity URL”...

Google Patches Chrome Browser Zero-Day Bug, Under Attack

Google said Monday it has patched a Chrome web browser zero-day bug being actively exploited in the wild. The flaw affects versions of Chrome running on the Windows, macOS and Linux platforms. The zero-day vulnerability, tracked as CVE-2020-6418, is a type of confusion bug and has a severity rati...