Update now! WinRAR files can be abused to run malware

Categories: Exploits and vulnerabilities

Categories: News

Tags: WinRAR

Tags: CVE-2023-40477

Tags: RCE

Tags: Windows 11

A new version of WinRAR is available that patches two vulnerabilities attackers could use for remote code execution.

(Read more…)

The post Update now! WinRAR files can be abused to run malware appeared first on Malwarebytes Labs.

Read more

Patch now! Citrix Sharefile joins the list of actively exploited file sharing software

Categories: Exploits and vulnerabilities

Categories: News

Tags: Citrix

Tags: ShareFile

Tags: CVE-2023-24489

Tags: RCE

Tags: unauthenticated

Tags: vulnerability

Tags: PoC

Citrix ShareFile can be exploited remotely by unauthenticated attackers.

(Read more…)

The post Patch now! Citrix Sharefile joins the list of actively exploited file sharing software appeared first on Malwarebytes Labs.

Read more

Citrix NetScalers backdoored in widespread exploitation campaign

Categories: Exploits and vulnerabilities

Categories: News

Tags: Citrix

Tags: NetScalers

Tags: Germany

Tags: CVE-2023-3519

Tags: Fox-IT

Tags: DIVD

Researchers have found almost 2000 backdoored Citrix NetScalers, many of which were patched after the backdoor in the form of a web shell was dropped.

(Read more…)

The post Citrix NetScalers backdoored in widespread exploitation campaign appeared first on Malwarebytes Labs.

Read more

Ford says it’s safe to drive its cars with a WiFi vulnerability

Categories: Exploits and vulnerabilities

Categories: News

Tags: Ford

Tags: Lincoln

Tags: SYNC 3

Tags: CVE-2023-29468

Tags: TI WLink

Tags: MCP driver

A vulnerability in the SYNC 3 infotainment will not have a negative effect on driving safety, says Ford.

(Read more…)

The post Ford says it’s safe to drive its cars with a WiFi vulnerability appeared first on Malwarebytes Labs.

Read more

2022’s most routinely exploited vulnerabilities—history repeats

Categories: Exploits and vulnerabilities

Categories: News

Tags: Zoho ManageEngine

Tags: CVE-2021-40539

Tags: Log4Shell

Tags: CVE-2021-44228

Tags: CVE-2021-13379

Tags: ProxyShell

Tags: CVE-2021-34473

Tags: CVE-2021-31207

Tags: CVE-2021-34523

Tags: CVE-2021-26084

Tags: Atlassian

Tags: CVE-2022-22954

Tags: CVE-2022-22960

Tags: CVE-2022-26134

Tags: CVE-2022-1388

Tags: CVE-2022-30190

Tags: Follina

What can the routinely exploited vulnerabilities of 2022 tell us, and what do we think will make it on to next year’s list?

(Read more…)

The post 2022’s most routinely exploited vulnerabilities—history repeats appeared first on Malwarebytes Labs.

Read more

Ivanti patches second zero-day vulnerability being used in attacks

Categories: Exploits and vulnerabilities

Categories: News

Tags: Ivanti

Tags: EPMM

Tags: MobileIron

Tags: CVE-2023-35081

Tags: CVE-2023-35078

Tags: tomcat

Tags: arbitrary file write

Tags: ACL

Tags: upgrade

Ivanti has issued a patch to address a second critical zero-day vulnerability

(Read more…)

The post Ivanti patches second zero-day vulnerability being used in attacks appeared first on Malwarebytes Labs.

Read more