Microsoft: Chinese Cyberspies Used 4 Exchange Server Flaws to Plunder Emails

Credit to Author: BrianKrebs| Date: Tue, 02 Mar 2021 21:19:17 +0000

Microsoft Corp. today released software updates to plug four critical security holes that attackers have been using to plunder email communications at companies that use its Exchange Server products. The company says all four flaws are being actively exploited as part of a complex attack chain deployed by a previously unidentified Chinese cyber espionage group.

Read more

Lock and Code S1Ep19: Forecasting IoT cybersecurity with John Donovan and Adam Kujawa

Credit to Author: Malwarebytes Labs| Date: Mon, 09 Nov 2020 18:36:20 +0000

This week on Lock and Code, get a backstage pass to a Malkwarebytes employee cybersecurity training about the future of protecting the Internet of Things.

Categories:

Tags:

(Read more…)

The post Lock and Code S1Ep19: Forecasting IoT cybersecurity with John Donovan and Adam Kujawa appeared first on Malwarebytes Labs.

Read more

A week in security (October 26 – November 1)

Credit to Author: Malwarebytes Labs| Date: Mon, 02 Nov 2020 17:46:12 +0000

In this week in security (October 26 – November 1), we look at Google’s Chrome zero-day patch, Cybersecurity Awareness Month, ransomware cash and far more.

Categories:

Tags:

(Read more…)

The post A week in security (October 26 – November 1) appeared first on Malwarebytes Labs.

Read more

A zero-day guide for 2020: Recent attacks and advanced preventive techniques

Credit to Author: Ilai Bavati| Date: Tue, 23 Jun 2020 15:00:00 +0000

Zero-day vulnerabilities—and their potential, related attacks—can drive any security team mad. Here’s how you can bulk up your defenses.

Categories:

Tags:

(Read more…)

The post A zero-day guide for 2020: Recent attacks and advanced preventive techniques appeared first on Malwarebytes Labs.

Read more

Zyxel 0day Affects its Firewall Products, Too

Credit to Author: BrianKrebs| Date: Wed, 26 Feb 2020 14:43:31 +0000

On Monday, networking hardware maker Zyxel released security updates to plug a critical security hole in its network attached storage (NAS) devices that is being actively exploited by crooks who specialize in deploying ransomware. Today, Zyxel acknowledged the same flaw is present in many of its firewall products.

Read more

Zyxel Fixes 0day in Network Storage Devices

Credit to Author: BrianKrebs| Date: Mon, 24 Feb 2020 17:13:11 +0000

Networking hardware vendor Zyxel today released an update to fix a critical flaw in many of its network attached storage (NAS) devices that can be used to remotely commandeer them. The patch comes 12 days after KrebsOnSecurity alerted the company that precise instructions for exploiting the vulnerability were being sold for $20,000 in the cybercrime underground. Based in Taiwan, Zyxel Communications Corp. (a.k.a “ZyXEL”) is a maker of networking devices, including Wi-Fi routers, NAS products and hardware firewalls. The company has roughly 1,500 employees and boasts some 100 million devices deployed worldwide. While in many respects the class of vulnerability addressed in this story is depressingly common among Internet of Things (IoT) devices, the flaw is notable because it has attracted the interest of groups specializing in deploying ransomware at scale.

Read more