A week in security (December 3 – 9)

Credit to Author: Malwarebytes Labs| Date: Mon, 10 Dec 2018 17:32:10 +0000

A roundup of last week’s security news from December 3–9, including a new Mac malware, new Flash zero-day vulnerability, new Malwarebytes report focusing on current undetectable malware, and breaches happening left and right.

Categories:

Tags:

(Read more…)

The post A week in security (December 3 – 9) appeared first on Malwarebytes Labs.

Read more

CVE-2018-15982- Adobe Flash Player use after free (Zero Day) vulnerability alert!

Credit to Author: Prashant Tilekar| Date: Thu, 06 Dec 2018 10:52:25 +0000

The recent zero-day vulnerability CVE-2018-15982 in Adobe Flash Player enables attackers to perform a Remote Code Execution on targeted machines. Adobe has released a security advisory APSB18-42 on December 5, 2018 to address this issue. According to Adobe, the in-wild exploit is being used in targeted attacks. Vulnerable Versions Adobe…

Read more

New Flash Player zero-day used against Russian facility

Credit to Author: Jérôme Segura| Date: Wed, 05 Dec 2018 22:44:59 +0000

An APT group is using a new Flash Player zero-day that was used a lure targeting a Russian-based clinic

Categories:

Tags:

(Read more…)

The post New Flash Player zero-day used against Russian facility appeared first on Malwarebytes Labs.

Read more

Holes found in Mojave’s privacy protection

Credit to Author: Thomas Reed| Date: Wed, 26 Sep 2018 15:00:00 +0000

Issues with the privacy protection features of macOS Mojave have already begun to appear, and may cause more problems than they solve.

Categories:

Tags:

(Read more…)

The post Holes found in Mojave’s privacy protection appeared first on Malwarebytes Labs.

Read more

Zero-Day Coverage Update – Week of July 23, 2018

Credit to Author: Elisa Lippincott (Global Threat Communications)| Date: Fri, 27 Jul 2018 12:00:54 +0000

We’re at the end of July and the Zero Day Initiative (ZDI) has published 873 advisories so far. That’s 273 advisories this month alone – and that’s just the tip of the iceberg! Earlier this week, ZDI announced the Targeted Incentive Program, which brings over $1,500,000 USD in special bounty awards for specific targets. With…

The post Zero-Day Coverage Update – Week of July 23, 2018 appeared first on .

Read more

Zero-Day Coverage Update – Week of July 2, 2018

Credit to Author: Elisa Lippincott (Global Threat Communications)| Date: Fri, 06 Jul 2018 13:51:43 +0000

The General Data Protection Regulation (GDPR) has been up and running for a couple of months now and your organization is compliant. It’s time to take a little break – well, not so fast! Late last week, the State of California passed a new data privacy law called the California Consumer Privacy Act of 2018….

The post Zero-Day Coverage Update – Week of July 2, 2018 appeared first on .

Read more

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of June 25, 2018

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 29 Jun 2018 14:18:45 +0000

I have never reverse engineered anything, but I did dismantle a Betamax VCR and put it back together without an instruction manual. My little brother liked to use the tape slot as a garage for his Hot Wheels® toy cars. We were usually able to take out the cars without any issues, but one day,…

The post TippingPoint Threat Intelligence and Zero-Day Coverage – Week of June 25, 2018 appeared first on .

Read more

CVE-2018-5002 – Adobe Flash Player Stack Buffer Overflow Vulnerability Alert!

Credit to Author: Sameer Patil| Date: Fri, 08 Jun 2018 09:59:53 +0000

The recent zero-day vulnerability CVE-2018-5002 in Adobe Flash Player enables attackers to perform a Remote Code Execution on targeted machines. Adobe has released a security advisory APSB18-19 on June 7, 2018 to address this issue. According to Adobe, the in-wild exploit is being used in limited, targeted attacks and it…

Read more

CVE-2018-4990 – Adobe Reader Double Free (Zero Day) vulnerability alert!

Credit to Author: Prashant Kadam| Date: Wed, 16 May 2018 13:10:48 +0000

The recent zero-day vulnerability CVE-2018-4990 in Adobe Reader enables attackers to perform a Remote Code Execution on targeted machines. Adobe has released a security advisory APSB18-09 on May 14, 2018 to address this issue. According to Adobe, the in-wild attack is targeted and it impacts limited Windows users. Vulnerable versions…

Read more

Adobe Reader zero-day discovered alongside Windows vulnerability

Credit to Author: Jérôme Segura| Date: Tue, 15 May 2018 18:44:14 +0000

A new Adobe Reader zero-day exploit has been discovered, including a full sandbox escape.

Categories:

Tags:

(Read more…)

The post Adobe Reader zero-day discovered alongside Windows vulnerability appeared first on Malwarebytes Labs.

Read more

Internet Explorer zero-day: browser is once again under attack

Credit to Author: Jérôme Segura| Date: Thu, 10 May 2018 19:58:00 +0000

Internet Explorer is yet again leveraged for a zero-day exploit delivered via Office document—the first zero-day observed for IE in over two years.

Categories:

Tags:

(Read more…)

The post Internet Explorer zero-day: browser is once again under attack appeared first on Malwarebytes Labs.

Read more