Exploits/Vulnerability

Why Passwords are Your Business’s Weakest Point

In today’s digital world, safeguarding your organization’s online assets is critical. Unfortunately, poor password hygiene practices by some employees cause problems for many small businesses, leaving them vulnerable to hackers. Cybercriminals are constantly trying to find new ways to break into business systems. Sadly, too often, they succeed thanks to weak passwords. In fact, nearly […]

Why Passwords are Your Business’s Weakest Point Read More »

FBI, CISA warn of disinformation ahead of midterms

Foreign actors may intensify efforts to influence outcomes of the 2022 midterm elections Posted: October 15, 2022 by Malwarebytes Labs In less than four weeks, the balance of power in the US House of Representatives and Senate will be up for grabs, along with a host of gubernatorial seats, and positions at the state and municipal levels. With

FBI, CISA warn of disinformation ahead of midterms Read More »

Chinese APT’s favorite vulnerabilities revealed

In a joint cybersecurity advisory, the National Security Agency (NSA) Posted: October 13, 2022 by Malwarebytes Labs In a joint cybersecurity advisory, the National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) have revealed the top CVEs used by state-sponsored threat actors from China. The advisory aims to “inform federal and

Chinese APT’s favorite vulnerabilities revealed Read More »

Update now! October patch Tuesday fixes actively used zero-day…but not the one you expected

Microsoft fixed 84 vulnerabilities in its October 2022 Patch Tuesday updates Posted: October 12, 2022 by Pieter Arntz . Thirteen of them received the classification ‘Critical’. Among them are a zero-day vulnerability that’s being actively exploited, and another that hasn’t been spotted in the wild yet. The bad news is that the much-desired fix for the “ProxyNotShell” Exchange vulnerabilities was

Update now! October patch Tuesday fixes actively used zero-day…but not the one you expected Read More »

Android vulnerabilities could allow arbitrary code execution

Posted: October 6, 2022 by Pieter Arntz Several vulnerabilities have been patched in the Google Android operating system (OS), the most severe of which could allow for arbitrary code execution. None of the vulnerabilities have been spotted in the wild. Operating systems contain and manage all the programs and applications that a computer or mobile device is able to run. The

Android vulnerabilities could allow arbitrary code execution Read More »

Defense Strategies to Combat Insider Threats

Insider threats are among the most dangerous cyberthreats out there. Yet, organizations of all sizes seem to be either reluctant or negligent when it comes to fighting them. Even though some companies have an insider risk management program, they have a limited cybersecurity budget for mitigating insider risk.1 Simply having an insider risk management program

Defense Strategies to Combat Insider Threats Read More »

Erbium stealer on the hunt for data

Posted: September 28, 2022 by Christopher Boyd There’s a new slice of malware-as-a-service doing the rounds, although its actual newness is somewhat contested. The stealer, called Erbium, was first spotted on forums back in July 2022, but it seems nobody is quite sure when it started being deployed and snagging victims. Nevertheless, it is now happily causing chaos for

Erbium stealer on the hunt for data Read More »

Critical WhatsApp vulnerabilities patched: Check you’ve updated!

Posted: September 26, 2022 by Pieter Arntz WhatsApp has fixed two remote code execution vulnerabilities in its September update, according to its security advisory. These could have allowed an attacker to remotely access a device and execute commands from afar. These versions of WhatsApp are affected by at least one of the vulnerabilities: WhatsApp for Android prior to v2.22.16.12 WhatsApp

Critical WhatsApp vulnerabilities patched: Check you’ve updated! Read More »

Welcome to high tech hacking in 2022: Annoying users until they say “yes”

Posted: September 22, 2022 by Christopher Boyd Last week we learned that ride-sharing giant Uber’s defences had been unpicked by an attacker with a novel take on social engineering: Fatigue. Fatigue attacks play on the often repetitive nature of certain security procedures and failsafes. Do you hate having to punch in a password on your login screen every time you

Welcome to high tech hacking in 2022: Annoying users until they say “yes” Read More »

Medtronic’s MiniMed 600 series insulin pumps potentially at risk of compromise, says FDA

Posted: September 22, 2022 by Malwarebytes Labs The US FDA (Food and Drug Administration) has warned users of Medtronic’s MiniMed 600 Series Insulin Pump System—specifically, models for MiniMed 630G and MiniMed 670G—that their medical devices have a cybersecurity issue with its communication protocol. If compromised, attackers could gain unauthorized access to the pump system itself, and alter it to deliver too

Medtronic’s MiniMed 600 series insulin pumps potentially at risk of compromise, says FDA Read More »