Update now! Proof of concept code to be released for Zoho ManageEngine vulnerability

Categories: Exploits and vulnerabilities

Categories: News

Tags: Zoho

Tags: ManageEngine

Tags: PoC

Tags: RCE

Tags: CVE-2022-47966

Tags: CVE-2022-35405

Tags: SAML

Tags: Apache Santuario

Proof of Concept code is about to be released for a vulnerability in many ManageEngine products which could enable RCE with SYSTEM privileges.

(Read more…)

The post Update now! Proof of concept code to be released for Zoho ManageEngine vulnerability appeared first on Malwarebytes Labs.

Read more

[updated]Two new Exchange Server zero-days in the wild

Categories: Exploits and vulnerabilities

Categories: News

Tags: Exchange

Tags: ProxyShell

Tags: remote PowerShell

Tags: web shell

Tags: CVE-2022-41040

Tags: CVE-2022-41082

Tags: SSRF

Tags: RCE

Two ProxyShell-like vulnerabilities are being used to exploit Microsoft Exchange Servers

(Read more…)

The post [updated]Two new Exchange Server zero-days in the wild appeared first on Malwarebytes Labs.

Read more

Actively exploited vulnerability in Bitbucket Server and Data Center

Categories: Exploits and vulnerabilities

Categories: News

Tags: Atlassian

Tags: Bitbucket

Tags: git

Tags: CVE-2022-36804

Tags: RCE

Tags: read permission

International cybersecurity authorities are warning about the active exploitation of a vulnerability in Bitbucket Server and Data Center

(Read more…)

The post Actively exploited vulnerability in Bitbucket Server and Data Center appeared first on Malwarebytes Labs.

Read more

Two new Exchange Server zero-days in the wild

Categories: Exploits and vulnerabilities

Categories: News

Tags: Exchange

Tags: ProxyShell

Tags: remote PowerShell

Tags: web shell

Tags: CVE-2022-41040

Tags: CVE-2022-41082

Tags: SSRF

Tags: RCE

Two ProxyShell-like vulnerabilities are being used to exploit Microsoft Exchange Servers

(Read more…)

The post Two new Exchange Server zero-days in the wild appeared first on Malwarebytes Labs.

Read more

Update now! GitLab issues critical security release for RCE vulnerability

Categories: Exploits and vulnerabilities

Categories: News

Tags: GitLab

Tags: RCE

Tags: CVE-2022-2884

Tags: GitHub

Tags: import

GitLab has released important security fixes to patch for an RCE vulnerability, known as CVE-2022-2884.

(Read more…)

The post Update now! GitLab issues critical security release for RCE vulnerability appeared first on Malwarebytes Labs.

Read more

[updated] Thousands of Zimbra mail servers backdoored in large scale attack

Categories: Exploits and vulnerabilities

Categories: News

Tags: Zimbra

Tags: ZVS

Tags: cve-2022-27925

Tags: web shell

Tags: cve-2022-37042

Tags: authentication

Tags: RCE

Researchers found that a known RCE vulnerability in Zimbra Collaboration was chained with a new authentication vulnerability to drop backdoor web shells on thousands of servers

(Read more…)

The post [updated] Thousands of Zimbra mail servers backdoored in large scale attack appeared first on Malwarebytes Labs.

Read more

Thousands of Zimbra mail servers backdoored in large scale attack

Categories: Exploits and vulnerabilities

Categories: News

Tags: Zimbra

Tags: ZVS

Tags: cve-2022-27925

Tags: web shell

Tags: cve-2022-37042

Tags: authentication

Tags: RCE

Researchers found that a known RCE vulnerability in Zimbra Collaboration was chained with a new authentication vulnerability to drop backdoor web shells on thousands of servers

(Read more…)

The post Thousands of Zimbra mail servers backdoored in large scale attack appeared first on Malwarebytes Labs.

Read more