Malwarebytes has reason to believe that the MSHTML vulnerability listed under CVE-2021-40444 is being used to target Russian entities. The Malwarebytes Intelligence team has intercepted email attachments that are specifically targeting Russian organizations. The first template we found is designed to look like an internal communication within JSC GREC Mak

This month Microsoft released patches for 86 vulnerabilities. While many of these vulnerabilities are important and should be patched as soon as possible, there is one critical vulnerability that McAfee Enterprise wants to immediately bring to your attention due to the simplicity of what is required to exploit, and evidence that possible exploitation is alr

Rhino Security Labs researchers have identified a vulnerability in the AWS WorkSpaces desktop client that could allow an attacker to execute arbitrary code remotely.Tracked as CVE-2021-38112, the security bug could be triggered when the user opens a malicious WorkSpaces URI from the browser, allowing a remote attacker to execute arbitrary code on the vulnera

More than 70 Hikvision camera and NVR models are affected by a critical vulnerability that can allow hackers to remotely take control of devices without any user interaction.The flaw, tracked as CVE-2021-36260, was discovered by a researcher who uses the online moniker “Watchful IP.” The researcher published a blog post over the weekend, but has not made pub

A buffer overflow vulnerability in Apache OpenOffice could be exploited to execute arbitrary code on target machines using malicious documents.Tracked as CVE-2021-33035 and discovered by security researcher Eugene Lim, the bug affects OpenOffice versions up to 4.1.10, with patches deployed in the 4.1.11 beta only, meaning that most installations out there ar

Attackers are increasingly targeting a remote code execution vulnerability in the Open Management Infrastructure (OMI) framework that Microsoft released patches for earlier this month.Dubbed OMIGOD and tracked as CVE-2021-38647, this critical vulnerability was found to affect the Linux virtual machines deployed on Azure. In addition to fixes released with it

Last week on Malwarebytes Labs Why backups aren’t a “silver bullet” against ransomware, with Matt Crape: Lock and Code S02E17The many tentacles of Magecart Group 8Apple releases emergency update: Patch, but don’t panicUpdate now! Google Chrome fixes two in-the-wild zero-daysParts of the Dark Web “awash” with school children’s personal dataPatch now! Print

We recently discovered a critical information disclosure vulnerability that affected the AMD Platform Security Processor (PSP) chipset driver for multiple CPU architectures. The vulnerability allowed non-privileged users to read uninitialised physical memory pages, where the original data was either moved or paged out. https://zeroperil.co.uk/cve-2021-26333/

Chipmaker AMD has patched a driver vulnerability that could allow an attacker to obtain sensitive information from the targeted system.The flaw, tracked as ​​CVE-2021-26333 and classified by AMD as medium severity, affects the company’s Platform Security Processor (PSP) chipset driver, which is used by several graphics cards and processors.According to AMD,

Summary Last week, Microsoft reported the remote code execution vulnerability CVE-2021-40444 in the MSHTML browser engine. According to the company, this vulnerability has already been used in targeted attacks against Microsoft Office users. In attempt to exploit this vulnerability, attackers create a document with a specially-crafted object. If a user opens

byPaul Ducklin[01’28”] Apple patches two zero-day bugs.[09’25”] Microsoft patches one zero-day bug.[15’49”] A security researcher finds a fast-food bug (non-insect sort).[23’04”] Oh! No! A touchpad user turns right into left, and vice versa.(See also: Big Office bug squashed for September 2021 Patch Tuesday.)Wi

On September 13, The Citizen Lab revealed new research surrounding the Pegasus spyware campaign, presenting their discovery of a zero-click vulnerability targeting Apple devices across the entire endpoint ecosystem. In response to the disclosure, Apple has released security updates for all their devices from mobile to desktop. With Zimperium’s machine learn

Millions of HP OMEN laptop and desktop gaming computers are exposed to attacks by a high severity vulnerability that can let threat actors trigger denial of service states or escalate privileges and disable security solutions.The security flaw (tracked as CVE-2021-3437) was found in a driver used by the OMEN Gaming Hub software that comes pre-installed

What are cyber security metrics?  Cyber security metrics are the number of systems with known vulnerabilities.  Knowing the number of vulnerable assets in your environment is a key cyber security metric to determine the risk your business incurs. Managing updates and patches is a complex process, but very important to avoid loopholes that can

A critical security vulnerability in HAProxy could allow attackers to bypass security controls and access sensitive data without authorization, according to a warning from security research outfit JFrog.An attacker could exploit the vulnerability – tracked as CVE-2021-40346 (CVSS score of 8.6) – to bypass duplicate HTTP Content-Length header checks. Thus, th