Zyxel 0day Affects its Firewall Products, Too

Credit to Author: BrianKrebs| Date: Wed, 26 Feb 2020 14:43:31 +0000

On Monday, networking hardware maker Zyxel released security updates to plug a critical security hole in its network attached storage (NAS) devices that is being actively exploited by crooks who specialize in deploying ransomware. Today, Zyxel acknowledged the same flaw is present in many of its firewall products.

Read more

Zyxel Fixes 0day in Network Storage Devices

Credit to Author: BrianKrebs| Date: Mon, 24 Feb 2020 17:13:11 +0000

Networking hardware vendor Zyxel today released an update to fix a critical flaw in many of its network attached storage (NAS) devices that can be used to remotely commandeer them. The patch comes 12 days after KrebsOnSecurity alerted the company that precise instructions for exploiting the vulnerability were being sold for $20,000 in the cybercrime underground. Based in Taiwan, Zyxel Communications Corp. (a.k.a “ZyXEL”) is a maker of networking devices, including Wi-Fi routers, NAS products and hardware firewalls. The company has roughly 1,500 employees and boasts some 100 million devices deployed worldwide. While in many respects the class of vulnerability addressed in this story is depressingly common among Internet of Things (IoT) devices, the flaw is notable because it has attracted the interest of groups specializing in deploying ransomware at scale.

Read more

Google Chrome zero-day: Now is the time to update and restart your browser

Credit to Author: Malwarebytes Labs| Date: Fri, 08 Mar 2019 19:13:15 +0000

A particularly dangerous Google Chrome zero-day is already being used in real-world attacks. Despite Google’s auto update feature, users will need to close and restart their browser in order to be protected.

Categories:

Tags:

(Read more…)

The post Google Chrome zero-day: Now is the time to update and restart your browser appeared first on Malwarebytes Labs.

Read more

New Flash Player zero-day used against Russian facility

Credit to Author: Jérôme Segura| Date: Wed, 05 Dec 2018 22:44:59 +0000

An APT group is using a new Flash Player zero-day that was used a lure targeting a Russian-based clinic

Categories:

Tags:

(Read more…)

The post New Flash Player zero-day used against Russian facility appeared first on Malwarebytes Labs.

Read more

Adobe Reader zero-day discovered alongside Windows vulnerability

Credit to Author: Jérôme Segura| Date: Tue, 15 May 2018 18:44:14 +0000

A new Adobe Reader zero-day exploit has been discovered, including a full sandbox escape.

Categories:

Tags:

(Read more…)

The post Adobe Reader zero-day discovered alongside Windows vulnerability appeared first on Malwarebytes Labs.

Read more

Internet Explorer zero-day: browser is once again under attack

Credit to Author: Jérôme Segura| Date: Thu, 10 May 2018 19:58:00 +0000

Internet Explorer is yet again leveraged for a zero-day exploit delivered via Office document—the first zero-day observed for IE in over two years.

Categories:

Tags:

(Read more…)

The post Internet Explorer zero-day: browser is once again under attack appeared first on Malwarebytes Labs.

Read more

A week in security (September 11 – September 17)

Credit to Author: Malwarebytes Labs| Date: Mon, 18 Sep 2017 22:10:42 +0000

A compilation of security news and blog posts from the 11th – 17th September. We look at 0days, more Equifax developments, our usual smattering of blog posts, and more!

Categories:

Tags:

(Read more…)

The post A week in security (September 11 – September 17) appeared first on Malwarebytes Labs.

Read more

PSA: New Microsoft Word 0day used in the wild

Credit to Author: Jérôme Segura| Date: Wed, 13 Sep 2017 22:49:19 +0000

Read more about the latest Microsoft Word Zero-Day and how to protect yourself against it.

Categories:

Tags:

(Read more…)

The post PSA: New Microsoft Word 0day used in the wild appeared first on Malwarebytes Labs.

Read more