This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within prefs.php. When parsing the sync_notepads parameter, the process does not...
5.1AI Score
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within attendees.php. When parsing the fb_cals parameter, the process does not...
5.1AI Score
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Kronolith.php. When parsing the remote_cals parameter, the process does not...
5AI Score
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Nag.php. When parsing the display_tasklists parameter, the process does not...
5.1AI Score
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Task.php. When parsing the task_alarms parameter, the process does not...
5.2AI Score
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within remote_edit.php. When parsing the remote_cals parameter, the process does not....
5.1AI Score
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Nag.php. When parsing the display_tasklists parameter, the process does not...
5.1AI Score
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Compose.php. When parsing the reply_lang parameter, the process does not...
5.4AI Score
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Expanded.php. When parsing the expanded_folders parameter, the process does...
5.2AI Score
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Kronolith.php. When parsing the remote_cals parameter, the process does not...
5AI Score
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within List.php. When parsing the tasklist_columns parameter, the process does not...
5AI Score
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Upgrade.php. When parsing the upgrade_tasks parameter, the process does not...
5.2AI Score
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Mnemo.php. When parsing the display_notepads parameter, the process does not.....
5.2AI Score
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Flags.php. When parsing the msgflags parameter, the process does not properly....
5.2AI Score
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Ui.php. The issue results from the lack of proper validation of user-supplied....
3AI Score
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Poll.php. When parsing the nav_poll parameter, the process does not properly.....
5.1AI Score
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Nag.php. When parsing the show_external parameter, the process does not...
5.1AI Score
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Nag.php. When parsing the display_tasklists parameter, the process does not...
5.1AI Score
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within fb.php. When parsing the fb_cals parameter, the process does not properly...
5.2AI Score
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Search.php. When parsing the vfolder parameter, the process does not properly....
4.9AI Score
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Collection.php. When parsing the portal_layout parameter, the process does...
5.2AI Score
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Search.php. When parsing the filter parameter, the process does not properly.....
5AI Score
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within prefs.php. When parsing the sync_lists parameter, the process does not...
5.1AI Score
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within CalendarsManager.php. The issue results from the lack of proper validation of....
4.8AI Score
Lock and Code S1Ep13: Monitoring the safety of parental monitoring apps with Emory Roane
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Emory Roane, policy counsel at Privacy Rights Clearinghouse, about parental monitoring apps. These tools offer parents the capabilities to spot where...
-0.4AI Score
Data Accountability and Transparency Act of 2020 looks beyond consent
In the United States, data privacy is hard work—particularly for the American people. But one US Senator believes it shouldn’t have to be. In June, Democratic Senator Sherrod Brown of Ohio released a discussion draft of a new data privacy bill to improve Americans’ data privacy rights and their...
-0.4AI Score
Lock and Code S1Ep12: Pinpointing identity and access management’s future with Chuck Brooks
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Chuck Brooks, cybersecurity evangelist and adjunct professor for Georgetown University’s Applied Intelligence Program and graduate Cybersecurity Programs,....
-0.1AI Score
Lock and Code S1Ep11: Locating concerns of Bluetooth and beacon technology with Chris Boyd
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Chris Boyd, lead malware intelligence analyst for Malwarebytes, about Bluetooth and beacon technology. Last month, cybersecurity experts warned the public....
-0.4AI Score
Stalkerware advertising ban by Google a welcome, if incomplete, step
On Friday, July 10, Google announced it would no longer allow advertising for spyware and similar surveillance technology—often referred to as “stalkerware”—on its platform. The change is a welcome step by one of the largest, most powerful companies in online advertising, but a close read of the...
-0.1AI Score
Lock and Code S1Ep10: Pulling apart the Internet of Things with JP Taggart
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to JP Taggart, senior security researcher at Malwarebytes, about the Internet of Things. For years, Internet capabilities have crept into modern consumer...
AI Score
Lock and Code S1Ep9: Strengthening and forgetting passwords with Matt Davey and Kyle Swank
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Matt Davey, chief operations optimist at 1Password, and Kyle Swank, a member of 1Password’s security team, about—what else—passwords. We may know it’s...
-0.3AI Score
Lock and Code S1Ep8: Securely working from home (WFH) with John Donovan and Adam Kujawa
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to John Donovan, head of security at Malwarebytes, and Adam Kujawa, director of Malwarebtyes Labs, about securely working from home (WFH). With...
6.9AI Score
Coronavirus campaigns lead to surge in malware threats, Labs report finds
In the first three months of 2020, as the world clamped down to limit coronavirus, cyber threats ramped up. Our latest, special edition for our quarterly CTNT report focuses on recent, increased malware threats which all have one, big thing in common—using coronavirus as a lure. Our report,...
1AI Score
Coalition Against Stalkerware bulks up global membership
Today, the Coalition Against Stalkerware brought aboard 11 new organizations to address the potentially dangerous capabilities of stalkerware, an invasive, digital threat that can rob individuals of their expectation of, and right to, privacy. These types of apps can provide domestic abusers with.....
0.4AI Score
Lock and Code S1Ep7: Sounding the trumpet on web browser privacy with Pieter Arntz
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Pieter Arntz, malware intelligence researcher at Malwarebytes, about web browser privacy—an often neglected subcategory of data privacy. Without the...
0.4AI Score
Lock and Code S1Ep6: Recognizing facial recognition’s flaws with Chris Boyd
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Chris Boyd, lead malware intelligence analyst at Malwarebytes, about facial recognition technology—its early history, its proven failures at accuracy, and....
-0.3AI Score
Data privacy law updates eyed by Singapore
In early 2019, Singapore’s data privacy regulators proposed that the country’s data privacy law could use two new updates—a data breach notification requirement and a right of data portability for the country’s residents. The proposed additions are commonplace in several data privacy laws around...
0.6AI Score
Lock and Code S1Ep5: Mythbusting and understanding VPNs with JP Taggart
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to JP Taggart, senior security researcher at Malwarebytes, about VPNs—debunking their myths, explaining their actual capabilities, and providing some advice.....
0.2AI Score
Mass surveillance alone will not save us from coronavirus
As the pattern-shattering truth of our new lives drains heavy—as coronavirus rends routines, raids our wellbeing, and whiplashes us between anxiety and fear—we should not look to mass digital surveillance to bring us back to normal. Already, governments have cast vast digital nets. South Koreans...
-0.4AI Score
Lock and Code S1Ep4: coronavirus and responding to computer viruses with Akshay Bhargava
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Akshay Bhargava, Chief Product Officer of Malwarebytes, about the similarities between coronavirus and computer viruses. We discuss computer virus...
-0.3AI Score
GDPR: An impact around the world
A little more than one month after the European Union enacted the General Data Protection Regulation (GDPR) to extend new data privacy rights to its people, the governor of California signed a separate, sweeping data protection law that borrowed several ideas from GDPR, sparking a torch in a...
0.1AI Score
Lock and Code S1Ep3: Dishing on data privacy with Adam Kujawa
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Adam Kujawa, a director of Malwarebytes Labs, about the state of data privacy today, including how users and businesses can protect sensitive information.....
0.2AI Score
Coronavirus scams, found and explained
Coronavirus has changed the face of the world, restricting countless individuals from dining at restaurants, working from cafes, and visiting their loved ones. But for cybercriminals, this global pandemic is expanding their horizons. In the past week, Malwarebytes discovered multiple email scams...
-0.2AI Score
Lock and Code S1Ep2: On the challenges of managed service providers
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to two representatives from an Atlanta-based managed service provider—a manager of engineering services and a data center architect—about the daily...
AI Score
International Women’s Day: awareness of stalkerware, monitoring, and spyware apps on the rise
Nine months ago, Malwarbytes recommitted itself to detecting invasive monitoring apps that can lead to the excessive harm of women—most commonly known as stalkerware. We pledged to raise public awareness, reach out to advocacy groups, and share samples and intelligence with other security vendors.....
0.1AI Score
Lock and Code S1Ep1: On RSA, the human element, and the week in security
Last week, we told you we were launching a fortnightly podcast, called Lock and Code. This week, we made good on our promise, with lots of headlines generated right here on Labs, as well as other security news around the web. In addition, we talk with Britta Glade, Director of Content and Curation....
0.3AI Score
Stalkerware and online stalking are accepted by Americans. Why?
Despite warnings from domestic abuse networks, privacy rights advocates, and a committed faction of cybersecurity vendors, Americans may be accepting and minimizing online stalking behaviors, including the use of invasive apps that can pry into a user’s text messages, emails, photos, videos, and...
-0.3AI Score
Introducing Lock and Code: a Malwarebytes Labs podcast
Intrepid Labs readers might be happy to know that we're stepping into territory long-requested and desired: we're launching a podcast. Malwarebytes researchers and reporters are on the front lines of cybercrime, delivering both fast-breaking news and thoughtful features on our blog to raise...
-0.1AI Score
Cyber tips for safe online dating: How to avoid privacy gaffs, exploits, and scams
Research and reporting on this article were conducted by Labs writers Chris Boyd and David Ruiz. Dating apps have been mainstream for a long time now, with nearly every possible dating scene covered—casual, long-term, gay, poly, of the Jewish faith, interested only in farmers—whatever you're...
AI Score
Battling online coronavirus scams with facts
Panic and confusion about the recent coronavirus outbreak spurred threat actors to launch several malware campaigns across the world, relying on a tried-and-true method to infect people’s machines: fear. Cybercriminals targeted users in Japan with an Emotet campaign that included malicious Word...
-0.3AI Score