Credit to Author: BrianKrebs| Date: Wed, 26 Feb 2020 14:43:31 +0000
On Monday, networking hardware maker Zyxel released security updates to plug a critical security hole in its network attached storage (NAS) devices that is being actively exploited by crooks who specialize in deploying ransomware. Today, Zyxel acknowledged the same flaw is present in many of its firewall products.
Read more
Credit to Author: BrianKrebs| Date: Mon, 24 Feb 2020 17:13:11 +0000
Networking hardware vendor Zyxel today released an update to fix a critical flaw in many of its network attached storage (NAS) devices that can be used to remotely commandeer them. The patch comes 12 days after KrebsOnSecurity alerted the company that precise instructions for exploiting the vulnerability were being sold for $20,000 in the cybercrime underground. Based in Taiwan, Zyxel Communications Corp. (a.k.a “ZyXEL”) is a maker of networking devices, including Wi-Fi routers, NAS products and hardware firewalls. The company has roughly 1,500 employees and boasts some 100 million devices deployed worldwide. While in many respects the class of vulnerability addressed in this story is depressingly common among Internet of Things (IoT) devices, the flaw is notable because it has attracted the interest of groups specializing in deploying ransomware at scale.
Read moreCredit to Author: Malwarebytes Labs| Date: Fri, 08 Mar 2019 19:13:15 +0000
 | |
| A particularly dangerous Google Chrome zero-day is already being used in real-world attacks. Despite Google’s auto update feature, users will need to close and restart their browser in order to be protected. Categories: Tags: 0daychromeexploitexploitsGooglevulnerabilityzero day |
The post Google Chrome zero-day: Now is the time to update and restart your browser appeared first on Malwarebytes Labs.
Read moreCredit to Author: Jérôme Segura| Date: Wed, 05 Dec 2018 22:44:59 +0000
 | |
| An APT group is using a new Flash Player zero-day that was used a lure targeting a Russian-based clinic Categories: Tags: 0dayadobe flashexploitflashFlash ActiveXFlash PlayerFlash Player zero-dayOfficerussiarussianukrainezero day |
The post New Flash Player zero-day used against Russian facility appeared first on Malwarebytes Labs.
Read moreCredit to Author: Jérôme Segura| Date: Tue, 15 May 2018 18:44:14 +0000
 | |
| A new Adobe Reader zero-day exploit has been discovered, including a full sandbox escape. Categories: Tags: 0dayadobeAdobe ReaderCVE-2018-4990CVE-2018-8120zero day |
The post Adobe Reader zero-day discovered alongside Windows vulnerability appeared first on Malwarebytes Labs.
Read moreCredit to Author: Jérôme Segura| Date: Thu, 10 May 2018 19:58:00 +0000
 | |
| Internet Explorer is yet again leveraged for a zero-day exploit delivered via Office document—the first zero-day observed for IE in over two years. Categories: Tags: 0dayCVE-2018-8174zero day |
The post Internet Explorer zero-day: browser is once again under attack appeared first on Malwarebytes Labs.
Read moreCredit to Author: Malwarebytes Labs| Date: Mon, 18 Sep 2017 22:10:42 +0000
 | |
| A compilation of security news and blog posts from the 11th – 17th September. We look at 0days, more Equifax developments, our usual smattering of blog posts, and more! Categories: Tags: 0dayAndroidEquifaxLinkedInmalwarephishingroundupweek in security |
The post A week in security (September 11 – September 17) appeared first on Malwarebytes Labs.
Read moreCredit to Author: Jérôme Segura| Date: Wed, 13 Sep 2017 22:49:19 +0000
 | |
| Read more about the latest Microsoft Word Zero-Day and how to protect yourself against it. Categories: Tags: 0dayCVE-2017-8759microsoftmicrosoft wordpatchwordzero day |
The post PSA: New Microsoft Word 0day used in the wild appeared first on Malwarebytes Labs.
Read more