XSS to TSS: tech support scam campaign abuses cross-site scripting vulnerability

This tech support scam is being spread via Facebook links and uses several redirection mechanisms to avoid detection.

Categories:

Tags:

(Read more…)

The post XSS to TSS: tech support scam campaign abuses cross-site scripting vulnerability appeared first on Malwarebytes Labs.

How CVSS works: characterizing and scoring vulnerabilities

CVSS, or Common Vulnerability Scoring System, provides developers, testers, and security professionals with a standardized process to assess vulnerabilities.

Categories:

Tags:

(Read more…)

The post How CVSS works: characterizing and scoring vulnerabilities appeared first on Malwarebytes Labs.

iOS Mail bug allows remote zero-click attacks

A newly-discovered vulnerability in iOS Mail can be used to attack an iPhone remotely using a malicious e-mail message, even if you’re running the latest version of iOS (13.4.1).

Categories:

Tags:

(Read more…)

The post iOS Mail bug allows remote zero-click attacks appeared first on Malwarebytes Labs.

A week in security (October 14 – 20)

Cybersecurity news for October 14 – 20, including the future of the password, the lingering threat of ransomware, and new security features from Instagram.

Categories:

Tags:

(Read more…)

The post A week in security (October 14 – 20) appeared first on Malwarebytes Labs.

Pulse VPN patched their vulnerability, but businesses are trailing behind

After a vulnerability in a popular business VPN solutions was discussed at length and an easy to use exploit is availbale, organizations still fail to apply the patch. What’s up?

Categories:

Tags:

(Read more…)

The post Pulse VPN patched their vulnerability, but businesses are trailing behind appeared first on Malwarebytes Labs.

New iOS exploit checkm8 allows permanent compromise of iPhones

A new exploit for iOS enables attackers to gain permanent access to iPhones, iPads, Apple Watches, and more—with zero potential for patching. Learn why this is possibly the biggest security news for iOS since its inception.

Categories:

Tags:

(Read more…)

The post New iOS exploit checkm8 allows permanent compromise of iPhones appeared first on Malwarebytes Labs.

A week in security (June 3 – 9)

A weekly roundup of security news from June 3–9, including Magecart, breaches, hyperlink auditing, Bluekeep, FTC, and facial recognition.

Categories:

Tags:

(Read more…)

The post A week in security (June 3 – 9) appeared first on Malwarebytes Labs.

4 Lessons to be learned from the DOE’s DDoS attack

The Department of Energy was subject to a DDoS attack that caused major disruptions in their operations. Is the smart grid ready for such an attack? Here are the lessons we can take away from the event.

Categories:

Tags:

(Read more…)

The post 4 Lessons to be learned from the DOE’s DDoS attack appeared first on Malwarebytes Labs.

Microsoft pushes patch to prevent ‘WannaCry’ level vulnerability

This month marks two years since the infamous WannaCry attack. Now a Remote Desktop Protocol (RDP) vulnerability has been discovered that could be used in a similar large-scale attack—though Microsoft has released a patch. Have you updated yet?

Categories:

Tags:

(Read more…)

The post Microsoft pushes patch to prevent ‘WannaCry’ level vulnerability appeared first on Malwarebytes Labs.

A week in security (March 4 – 11)

A roundup of cybersecurity news from March 4–11, including a Chrome zero-day, Labs’ data privacy report, news from RSA, and more.

Categories:

Tags:

(Read more…)

The post A week in security (March 4 – 11) appeared first on Malwarebytes Labs.