A week in security (May 22-28)

Categories: News

Tags: Cisco

Tags: Zyxel

Tags: ChatGPT

Tags: Malvertising

Tags: Apple

Tags: Google

Tags: insider threat

Tags: Pentagon explosion

Tags: CISA

Tags: ransomware guide

Tags: Rheinmetall

Tags: BlackBasta

Tags: WordPress

A list of topics we covered in the week of May 22- 28 of 2023

(Read more…)

The post A week in security (May 22-28) appeared first on Malwarebytes Labs.

Read more

Update now: 9 vulnerabilities impact Cisco Small Business Series

Categories: Business

Tags: Cisco

Tags: small business series

Tags: web interface

Tags: CVE

Tags: exploit

Tags: root

If you’re using one of the affected products from the Cisco small business range, you need to patch immediately.

(Read more…)

The post Update now: 9 vulnerabilities impact Cisco Small Business Series appeared first on Malwarebytes Labs.

Read more

Update now! May 2023 Patch Tuesday tackles three zero-days

Categories: Exploits and vulnerabilities

Categories: News

Tags: Microsoft

Tags: CVE-2023-29336

Tags: CVE-2023-24932

Tags: bootkit

Tags: CVE-2023-29325

Tags: Outlook

Tags: preview

Tags: CVE-2023-24941

Tags: Apple

Tags: Cisco

Tags: Google

Tags: Android

Tags: VMWare

Tags: SAP

Tags: Mozilla

Microsoft’s Patch Tuesday round up for May 2023 includes patches for three zero-day vulnerabilities and one critical remote code execution vulnerability

(Read more…)

The post Update now! May 2023 Patch Tuesday tackles three zero-days appeared first on Malwarebytes Labs.

Read more

Fancy Bear known to be exploiting vulnerability in Cisco routers

Categories: Exploits and vulnerabilities

Categories: News

Tags: APT28

Tags: Sofacy

Tags: Fancy Bear

Tags: GRU

Tags: Cisco

Tags: CVE–2017-6742

Tags: SNMP

Tags: Jaguar Tooth

A joint advisory about a Cisco vulnerability by several US and UK agencies gives us a peek inside the minds of ideologically motivated cybercriminals

(Read more…)

The post Fancy Bear known to be exploiting vulnerability in Cisco routers appeared first on Malwarebytes Labs.

Read more

Update now! April’s Patch Tuesday includes a fix for one zero-day

Categories: Exploits and vulnerabilities

Categories: News

Tags: Microsoft

Tags: Apple

Tags: Google

Tags: Adobe

Tags: Cisco

Tags: SAP

Tags: Mozilla

Tags: CVE-2023-28252

Tags: CVE-2023-28231

Tags: CVE-2023-21554

Tags: Word

Tags: Publisher

Tags: Office

One fixed vulnerability is being actively exploited by a ransomware gang and many others were fixed in this month’s Patch Tuesday updates.

(Read more…)

The post Update now! April’s Patch Tuesday includes a fix for one zero-day appeared first on Malwarebytes Labs.

Read more

Update now! February’s Patch Tuesday tackles three zero-days

Categories: Exploits and vulnerabilities

Categories: News

Tags: patch Tuesday

Tags: Microsoft

Tags: Apple

Tags: Adobe

Tags: SAP

Tags: Citrix

Tags: Cisco

Tags: Atlassian

Tags: Google

Tags: Mozilla

Tags: Forta

Tags: OpenSSH

Tags: CVE-2023-21823

Tags: CVE-2023-21715

Tags: OneNote

Tags: CVE-2023-23376

Tags: CVE-2023-21706

Tags: CVE-2023-21707

Tags: CVE-2023-21529

Tags: CVE-2023-21716

Tags: CVE-2023-23378

Tags: CVE-2023-22501

Tags: CVE-2023-24486

Tags: CVE-2023-24484

Tags: CVE-2023-24484

Tags: CVE-2023-24483

Tags: CVE-2023-25136

Tags: GoAnywhere

Microsoft has released updates to patch three zero-days and lots of other vulnerabilities and so have several other vendors

(Read more…)

The post Update now! February’s Patch Tuesday tackles three zero-days appeared first on Malwarebytes Labs.

Read more

Update now! Two zero-days fixed in 2022’s last patch Tuesday

Categories: Exploits and vulnerabilities

Categories: News

Tags: patch Tuesday

Tags: Microsoft

Tags: Android

Tags: Apple

Tags: Mozilla

Tags: Google

Tags: Sap

Tags: Citrix

Tags: Fortinet

Tags: Cisco

Tags: CVE-2022-44698

Tags: MotW

Tags: CVE-2022-44710

Tags: race condition

Tags: CVE-2022-44670

Tags: CVE-2022-44676

Tags: CVE-2022-41076

Tags: remote powershell

The last patch Tuesday of 2022 is here—find out what Microsoft and many others have fixed

(Read more…)

The post Update now! Two zero-days fixed in 2022’s last patch Tuesday appeared first on Malwarebytes Labs.

Read more

Cisco warns of ISE vulnerability with no fixed release or workaround

Categories: Exploits and vulnerabilities

Categories: News

Tags: Cisco

Tags: Identity Services Engine

Tags: AnyConnect VPN server

Tags: CVE-2022-20822

Tags: CVE-2022-20959

Tags: CVE-2022-20933

Tags: input validation

Cisco’s latest security advisory includes a vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) that could allow an attacker to read and delete files.

(Read more…)

The post Cisco warns of ISE vulnerability with no fixed release or workaround appeared first on Malwarebytes Labs.

Read more