Google Pixel: Cropped or edited images can be recovered

Categories: Exploits and vulnerabilities

Categories: News

Tags: Google

Tags: Pixel

Tags: Markup

Tags: CVE-2023-21036

Tags: recover

Tags: PNG

Tags: truncated

A vulnerability in the Markup tool that comes pre-installed on Pixel phones allows anyone with access to the edited image to view parts of the original.

(Read more…)

The post Google Pixel: Cropped or edited images can be recovered appeared first on Malwarebytes Labs.

Read more

Update now! Microsoft fixes two zero-day bugs

Categories: Exploits and vulnerabilities

Categories: News

Tags: patch Tuesday

Tags: March

Tags: 2023

Tags: Microsoft

Tags: Adobe

Tags: Fortinet

Tags: Android

Tags: SAP

Tags: CVE-2023-23397

Tags: CVE-2023-24880

Tags: CVE-2023-26360

Tags: CVE-2022-41328

This Patch Tuesday, Microsoft has released fixes for two actively exploited zero-days and Adobe has fixed one.

(Read more…)

The post Update now! Microsoft fixes two zero-day bugs appeared first on Malwarebytes Labs.

Read more

Clop ransomware is victimizing GoAnywhere MFT customers

Categories: Exploits and vulnerabilities

Categories: News

Categories: Ransomware

Tags: Clop

Tags: ransomware

Tags: GoAnywhere

Tags: CVE-2023-0669

The Clop ransomware gang has claimed responsibility for attacking several GoAnywhere MFT customers by exploiting a vulnerability in the managed file transfer software’s administrative interface.

(Read more…)

The post Clop ransomware is victimizing GoAnywhere MFT customers appeared first on Malwarebytes Labs.

Read more

Intel CPU vulnerabilities fixed. But should you update?

Categories: Exploits and vulnerabilities

Categories: News

Tags: CVE-2022-21123

Tags: CVE-2022-21125

Tags: CVE-2022-21127

Tags: CVE-2022-21166

Tags: Intel

Tags: VMs

Tags: microcode

Microsoft has released out of band updates for information disclosure vulnerabilities in Intel CPUs, but who needs them?

(Read more…)

The post Intel CPU vulnerabilities fixed. But should you update? appeared first on Malwarebytes Labs.

Read more

Arris router vulnerability could lead to complete takeover

Categories: Exploits and vulnerabilities

Categories: News

Tags: Yerodin Richards

Tags: Arris

Tags: routre

Tags: CVE-2022-45701

Tags: default credentials

A security researcher found an authenticated remote code execution vulnerability in very wide-spread Arris router models.

(Read more…)

The post Arris router vulnerability could lead to complete takeover appeared first on Malwarebytes Labs.

Read more

Update now! February’s Patch Tuesday tackles three zero-days

Categories: Exploits and vulnerabilities

Categories: News

Tags: patch Tuesday

Tags: Microsoft

Tags: Apple

Tags: Adobe

Tags: SAP

Tags: Citrix

Tags: Cisco

Tags: Atlassian

Tags: Google

Tags: Mozilla

Tags: Forta

Tags: OpenSSH

Tags: CVE-2023-21823

Tags: CVE-2023-21715

Tags: OneNote

Tags: CVE-2023-23376

Tags: CVE-2023-21706

Tags: CVE-2023-21707

Tags: CVE-2023-21529

Tags: CVE-2023-21716

Tags: CVE-2023-23378

Tags: CVE-2023-22501

Tags: CVE-2023-24486

Tags: CVE-2023-24484

Tags: CVE-2023-24484

Tags: CVE-2023-24483

Tags: CVE-2023-25136

Tags: GoAnywhere

Microsoft has released updates to patch three zero-days and lots of other vulnerabilities and so have several other vendors

(Read more…)

The post Update now! February’s Patch Tuesday tackles three zero-days appeared first on Malwarebytes Labs.

Read more

Update now! Apple patches vulnerabilities in MacOS and iOS

Categories: Apple

Categories: Exploits and vulnerabilities

Tags: Apple

Tags: macOS Ventura

Tags: 13.2.1

Tags: iOS

Tags: iPadOS

Tags: 16.3.1

Tags: CVE-2023-23514

Tags: CVE-2023-23522

Tags: CVE-2023-23529

Tags: use after free

Tags: type confusion

Apple has released patches for macOS Ventura, iPadOs, and iOS. Among the patched vulnerabilities is a WebKit vulnerability which may have been exploited in the wild.

(Read more…)

The post Update now! Apple patches vulnerabilities in MacOS and iOS appeared first on Malwarebytes Labs.

Read more

[update]Two year old vulnerability used in ransomware attack against VMware ESXi

Categories: Exploits and vulnerabilities

Categories: News

Categories: Ransomware

Tags: VMware

Tags: ESXi

Tags: Nevada

Tags: ransomware

Tags: Linux

Tags: CVE-2021-21974

Over the weekend, several CERTs warned about ongoing ransomware attacks against unpatched VMware ESXi virtual machines.

(Read more…)

The post [update]Two year old vulnerability used in ransomware attack against VMware ESXi appeared first on Malwarebytes Labs.

Read more