vulnerabilities | Orthology.eu

Malwarebytes Labs April 7, 2021

SAP warns of malicious activity targeting unpatched systems

A timely warning to keep systems patched has appeared, via a jointly-released report from Onapsis and SAP. The report details how threat actors are “targeting and potentially exploiting unprotected mission-critical SAP applications”. Some of the vulnerabilities used were weaponised fewer than 72 hours after patches are released. In some cases, a newly deployed SAP instance could be compromised in … [Read more...]

Filed Under: Exploits and vulnerabilities, patching, report, sap, security, Updates, vulnerabilities

Malwarebytes Labs February 15, 2021

Talking Emotet’s takedown with Adam Kujawa: Lock and Code S02E01

This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Adam Kujawa, security evangelist and director of Malwarebytes Labs, about Emotet, the former public enemy No. 1 in the cybercrime world. What began in 2014 as a simple banking Trojan evolved into one of the most sophisticated malware types in the … [Read more...]

Filed Under: Adobe Reader, celebrities, chrome sync, cyberpunk 2077, drinking water, emotet, junior leaders, matryosh, Microsoft, PDF redaction, podcast, supply-chain attack, vaccination cards, vulnerabilities

Debra Littlejohn Shinder February 10, 2021

February 2021 Patch Tuesday Roundup

After a many-months hiatus, we’re back with the monthly summary of security updates released by Microsoft for its array of consumer and enterprise products. The world has changed since my last post on this topic almost a year ago, but if anything, computers and the Internet have become even more important parts of our lives. […] The post February 2021 Patch Tuesday Roundup first appeared on … [Read more...]

Filed Under: Microsoft, patch management, security, vulnerabilities

Malwarebytes Labs August 17, 2020

Lock and Code S1Ep13: Monitoring the safety of parental monitoring apps with Emory Roane

This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Emory Roane, policy counsel at Privacy Rights Clearinghouse, about parental monitoring apps. These tools offer parents the capabilities to spot where their children go, read what their kids read, and prevent them from, for instance, visiting websites … [Read more...]

Filed Under: Chrome Extension, covid-19 scams, defcon, HBO phishing, HBO scam, Instacart, Instacart breach, Intel, Intel leak, lock & code, lock and code, lock and code podcast, malwarebytes labs podcast, malwarebytes podcast, Netflix phishing, Netflix scam, phishing, phishing scam, podcast, SBA scam, scam, spying apps, stalkerware, tiktok, Twitch phishing, Twitch scam, vulnerabilities, YouTube phishing, YouTube scam, ziggo, zoom, Zoom vulnerabilities

Eddie Segal May 13, 2020

How CVSS works: characterizing and scoring vulnerabilities

The Common Vulnerability Scoring System (CVSS) provides software developers, testers, and security and IT professionals with a standardized process for assessing vulnerabilities. You can use the CVSS to assess the threat level of each vulnerability, and then prioritize mitigation accordingly. This article explains how the CVSS works, including a review of its components, and describes the … [Read more...]

Filed Under: attack complexity, attack vector, bug bounty, common vulnerability scoring system, CVSS, CVSS 3.1, FIRST, Forum of Incident Response and Security Teams, Malwarebytes news, privileges required, software vulnerability, standardization, user interaction (UI), vulnerabilities, vulnerability

Pieter Arntz February 25, 2020

Biotech health care innovations meet security challenges

The level and speed of innovations taking place in the biotech industry are baffling. On the one hand, it makes us hopeful we can quickly reduce the number of illnesses and their consequences through technological advancement—saving thousands of lives. On the other, concerns about the application of Internet-connected technology leave us wondering: at what cost? Where does the mix of technology … [Read more...]

Filed Under: AI, biosensors, BLE, bluetooth, dna-test, fda, pacemaker, pharmaceuticals, smart pill, sweyntooth, vital infrastructure, vulnerabilities

Malwarebytes Labs October 21, 2019

A week in security (October 14 – 20)

Last week on Malwarebytes Labs, we tried to unlock the future of the password (its vulnerabilities, current alternatives, and possible future disappearance), analyzed the lagging response by many businesses in adopting a patch for Pulse VPN vulnerability, looked at Instagram’s bulked-up security against phishing emails scams, and were reminded that ransomware remains a dominant threat facing … [Read more...]

Filed Under: a week in security, amazon, dark web, domestic abuse, domestic abuse survivor, domestic abuse survivors, domestic violence, facebook, facial recognition, Instagram, jackpot, jackpotting, kindle, Mark Zuckerberg, national cybersecurity awareness month, National domestic violence awareness month, Oracle, password, passwords, phish, phishing, phishing scam, ransomware, tor, Tor browser, US Customs and Border Enforcement, vpn, vulnerabilities, vulnerability

Pieter Arntz October 18, 2019

Pulse VPN patched their vulnerability, but businesses are trailing behind

In April 2019, Pulse Secure published an advisory about a vulnerability in their software. In August, cybercriminals were massively scanning for systems that were running a vulnerable version. Now it’s October, and still many organizations have not applied the patches that are available for this vulnerability. This is a trend we’ve seen repeated with dozens of other publicly-known … [Read more...]

Filed Under: Business, cybercriminals, exploit, exploit kits, Exploits, patch, patching, pulse, vpn, vulnerabilities, vulnerability

Christopher Boyd September 24, 2019

15,000 webcams vulnerable to attack: how to protect against webcam hacking

Webcams may have been around for a long time, but that doesn’t mean we know what we’re doing with them. Webcam hacking has been around for equally as long, yet new research from Wizcase indicates that more than 15,000 private, web-connected cameras are exposed and readily accessible to the general public. So forget hacking, cybercriminals can just take a stroll through the Internet and grab … [Read more...]

Filed Under: cam, camera, devices, hackers, Hacking, hub, Internet of Things, IoT, IoT devices, monitor, security by design, vulnerabilities, webcam, webcam hacks

Vasilios Hioureas September 13, 2019

Hacking with AWS: incorporating leaky buckets into your OSINT workflow

Penetration testing is often conducted by security researchers to help organizations identify holes in their security and fix them, before cybercriminals have the chance. While there’s no malicious intent for the researcher, part of his job is to think and act like a cybercriminal would when hacking, or attempting to breach, an enterprise network. Therefore, in this article, I will review … [Read more...]

Filed Under: amazon, aws, AWS buckets, data, Hacking, Intel, intelligence gathering, open source intelligence, OSINT, Pen Testing, Penetration Testing, recon, reconnaisance, Researcher's corner, vulnerabilities