Compromised Barracuda appliances equipped with persistent backdoors by attackers

Categories: Exploits and vulnerabilities

Categories: News

Tags: Barracuda

Tags: ESG

Tags: CVE-2023-2868

Tags: SUBMARINE

Tags: SEASPY

Tags: shell

CISA has released three reports based on the analysis of backdoors planted on compromised Barracuda ESG appliances

(Read more…)

The post Compromised Barracuda appliances equipped with persistent backdoors by attackers appeared first on Malwarebytes Labs.

Read more

Zimbra issues awaited patch for actively exploited vulnerability

Categories: Exploits and vulnerabilities

Categories: News

Tags: Zimbra

Tags: ZCS

Tags: CVE-2023-38750

Tags: CISA

Tags: CVE-2023-0464

Tags: TAG

Tags: XSS

Tags: JSP

Tags: XML

Tags:

Zimbra has released ZCS 10.0.2 that fixes two security issues, including the known bug that could lead to exposure of internal JSP and XML files.

(Read more…)

The post Zimbra issues awaited patch for actively exploited vulnerability appeared first on Malwarebytes Labs.

Read more

Patch now! Ivanti Endpoint Manager Mobile Authentication vulnerability used in the wild

Categories: Exploits and vulnerabilities

Categories: News

Tags: Norwegian ministries

Tags: ivanti

Tags: EPMM

Tags: MobileIron

Tags: CVE-2023-35078

Tags: patch

A patch is now available for an Ivanti EPMM vulnerability that was used in a cyberattack on the ICT platform which is relied upon by a dozen Norwegian ministries.

(Read more…)

The post Patch now! Ivanti Endpoint Manager Mobile Authentication vulnerability used in the wild appeared first on Malwarebytes Labs.

Read more

Update now! Apple fixes several serious vulnerabilities

Categories: Exploits and vulnerabilities

Categories: News

Tags: Apple

Tags: WebKit

Tags: CVE-2023-38606

Tags: CVE-2023-32409

Tags: CVE-2023-37450

Tags: CVE-2023-32416

Apple has released security updates for several products to address several serious vulnerabilities including some actively exploited zero-days.

(Read more…)

The post Update now! Apple fixes several serious vulnerabilities appeared first on Malwarebytes Labs.

Read more

CISA: You’ve got two weeks to patch Citrix NetScaler vulnerability CVE-2023-3519

Categories: Exploits and vulnerabilities

Categories: News

Tags: Citrix

Tags: NetScaler

Tags: CVE-2023-3519

Tags: web shell

A critical unauthenticated remote code execution vulnerability in Citrix NetScaler ADC and Citrix NetScaler Gateway is being actively exploited

(Read more…)

The post CISA: You’ve got two weeks to patch Citrix NetScaler vulnerability CVE-2023-3519 appeared first on Malwarebytes Labs.

Read more

Google fixes “Bad.Build” Cloud Build flaw, researchers say it’s not enough

Categories: Exploits and vulnerabilities

Categories: News

Researchers have uncovered a privilege escalation vulnerability in Google Cloud Build that could enable malicious actors tamper with application images and infect users.

(Read more…)

The post Google fixes “Bad.Build” Cloud Build flaw, researchers say it’s not enough appeared first on Malwarebytes Labs.

Read more

Act now! In-the-wild Zimbra vulnerability needs a workaround

Categories: Exploits and vulnerabilities

Categories: News

Tags: Zimbra

Tags: MalasLocker

Tags: vulnerability

Tags: Google

Tags: actively exploited

Tags: fn:escapeXml

Security experts are warning Zimbra users that a vulnerability for which there is no patch is being actively exploited in the wild.

(Read more…)

The post Act now! In-the-wild Zimbra vulnerability needs a workaround appeared first on Malwarebytes Labs.

Read more

[Updated] Apple issues Rapid Security Response for zero-day vulnerability

Categories: Exploits and vulnerabilities

Categories: News

Tags: Apple

Tags: Safari

Tags: WebKit

Tags: macOS

Tags: iOS

Tags: iPadOs

Tags: CVE-2023-37450

Tags: drive-by

Tags: code execution

Apple has issued an update for a zero-day vulnerability in the WebKit browser engine which may be actively exploited.

(Read more…)

The post [Updated] Apple issues Rapid Security Response for zero-day vulnerability appeared first on Malwarebytes Labs.

Read more