It took Swiss-based industrial technology solutions provider ABB five years to inform customers of a critical vulnerability affecting one of its products, and the researcher who found it says this increased the chances of threat actors discovering and exploiting the security flaw.The United States Department of Homeland Security, through its Cybersecurity an

A stack-based buffer overflow bug can be exploited by sending a specially crafted video file to a WhatsApp user.A severe vulnerability in the WhatsApp messenger could enable attackers to achieve remote code execution by sending target users a specially crafted MP4 video file, Facebook reports.The stack-based buffer overflow bug (CVE-2019-11931) exists in the

A security vulnerability in WhatsApp that was made public last week could be abused to execute arbitrary code remotely on affected devices.Tracked as CVE-2019-11931, the issue is a stack-based buffer overflow that can be triggered by sending a specially crafted MP4 file via WhatsApp, Facebook explains in an advisory.The buffer overflow occurs when the applic

A vulnerability affecting a powerful and widely used driver from Intel can give malicious actors deep access to a device, firmware security company Eclypsium warns.Eclypsium revealed in August that its researchers had identified serious vulnerabilities in more than 40 device drivers from 20 vendors, including AMI, ASRock, ASUS, ATI, Biostar, EVGA, Getac, Gig

A vulnerability in McAfee antivirus software could allow an attacker to evade self-defense mechanisms and achieve persistence, SafeBreach security researchers have discovered.The security flaw could be abused to load unsigned DLLs into multiple services that run as NT AUTHORITYSYSTEM. The exploitation, however, requires for the attacker to have admin privile

Popular ecommerce platform Magento is advising users to apply patches for a remote code execution flaw that could allow unauthenticated attackers to deliver malicious payloads.Tracked as CVE-2019-8144 and featuring a CVSS score of 10, the vulnerability impacts Magento 2.3 prior to 2.3.3 or 2.3.2-p1 and it can be abused to insert code through PageBuilder temp

A black hat selling vulnerabilities can make as much money as a white hat researcher using bug bounty programs, or a grey hat working for a nation state doing reverse engineering. Speaking at a Tenable conference in London last week, director of research Oliver Rochford said that to have people do vulnerability research is expensive, and all of the whit

While you might have been preoccupied with ghosts and goblins on Halloween night, a different kind of spook began haunting Google Chrome browsers. On October 31st, Google Chrome engineers issued an urgent announcement for the browser across platforms due to two zero-day security vulnerabilities, one of which is being actively exploited in the wild (CVE-2019-

Trend Micro recently patched a high-severity remote code execution vulnerability in its Anti-Threat Toolkit (ATTK).The Trend Micro ATTK tool allows users to perform forensic scans of their system and clean rootkit, ransomware, MBR and other types of malware infections.Researcher John Page, aka hyp3rlinx, discovered that attackers can abuse ATTK to execute ar

Researchers have discovered a vulnerability in the Maxthon 5 Browser for Windows. Maxthon is a freeware browser developed by Maxthon Ltd, a firm headquartered in Beijing, China, and with offices in San Francisco, CA. Maxthon claims to be the default browser for 670 million worldwide users.The vulnerability was discovered by researchers at SafeBreach Labs, an

Last week on Malwarebytes Labs, we tried to unlock the future of the password (its vulnerabilities, current alternatives, and possible future disappearance), analyzed the lagging response by many businesses in adopting a patch for Pulse VPN vulnerability, looked at Instagram’s bulked-up security against phishing emails scams, and were reminded that ransomwar

In April 2019, Pulse Secure published an advisory about a vulnerability in their software. In August, cybercriminals were massively scanning for systems that were running a vulnerable version. Now it’s October, and still many organizations have not applied the patches that are available for this vulnerability. This is a trend we’ve seen repeated wi

SEC Consult Vulnerability Lab Security Advisory < 20191014-0 >======================================================================= title: Reflected XSS vulnerability product: OpenProject vulnerable version: <= 9.0.3, <=10.0.1 fixed version: 9.0.4, 10.0.2 CVE number: CVE-2019-17092 impact: medium

A critical vulnerability has been discovered in the popular iTerm2 application, an open source terminal emulator program designed to replace the default Apple Terminal in macOS.iTerm2 often finds its way into lists of some of the best software to install on a Mac. It is especially popular with power users as a result of its many features and highly customiza

The time at ML:0 can be eye-opening form many organizations. There are generally a lot of assets discovered that are new or had been forgotten about. Almost every organization discovers their own Methuselah; this is the system that has been around forever and performs some important tasks but has not been updated in years. The system admins are scared to tou