cisa – Page 2 – PossibleThreat Articles

MalwareBytes Security

Zimbra issues awaited patch for actively exploited vulnerability

July 28, 2023 0 Comments cisa, cve-2023-0464, cve-2023-38750, Exploits and vulnerabilities, jsp, news, tag, xml, XSS, zcs, zimbra

Categories: Exploits and vulnerabilities

Categories: News

Tags: Zimbra

Tags: ZCS

Tags: CVE-2023-38750

Tags: CISA

Tags: CVE-2023-0464

Tags: TAG

Tags: XSS

Tags: JSP

Tags: XML

Tags:

Zimbra has released ZCS 10.0.2 that fixes two security issues, including the known bug that could lead to exposure of internal JSP and XML files.

(Read more…)

The post Zimbra issues awaited patch for actively exploited vulnerability appeared first on Malwarebytes Labs.

MalwareBytes Security

Reducing your attack surface is more effective than playing patch-a-mole

June 22, 2023 0 Comments bod 23-02, cisa, cve-2023-20887, cve-2023-27992, internet exposed, management interfaces, news, Vulnerabilities

Categories: News

Tags: CISA

Tags: BOD 23-02

Tags: Internet exposed

Tags: management interfaces

Tags: vulnerabilities

Tags: CVE-2023-27992

Tags: CVE-2023-20887

There is a lot to be said for the strategy of shielding management interfaces from public internet access

(Read more…)

The post Reducing your attack surface is more effective than playing patch-a-mole appeared first on Malwarebytes Labs.

MalwareBytes Security

LockBit ransomware advisory from CISA provides interesting insights

June 15, 2023 0 Comments cisa, lockbit, news, raas, Ransomware, stats

Categories: News

Categories: Ransomware

Tags: CISA

Tags: LockBit

Tags: stats

Tags: RaaS

A joint advisory published by CISA, the FBI and many others shows some interesting stats that align with data found by Malwarebytes.

(Read more…)

The post LockBit ransomware advisory from CISA provides interesting insights appeared first on Malwarebytes Labs.

Independent Krebs Security

CISA Order Highlights Persistent Risk at Network Edge

June 15, 2023 0 Comments adam boileau, barracuda networks, cisa, cve-2023-27997, cybersecurity and infrastructure security agency, fortinet, fortra, goanywhere, Latest Warnings, mandiant, moveit transfer, patrick gray, progress software, risky business podcast, The Coming Storm, Time to Patch

Credit to Author: BrianKrebs| Date: Thu, 15 Jun 2023 15:40:09 +0000

The U.S. government agency in charge of improving the nation’s cybersecurity posture is ordering all federal civilian agencies to take new measures to restrict access to Internet-exposed networking equipment. The directive comes amid a surge in attacks targeting previously unknown vulnerabilities in widely used security and networking appliances.

MalwareBytes Security

A week in security (May 22-28)

May 29, 2023 0 Comments #chatgpt, Apple, blackbasta, cisa, Cisco, Google, Insider Threat, malvertising, news, pentagon explosion, ransomware guide, rheinmetall, Wordpress, zyxel

Categories: News

Tags: Cisco

Tags: Zyxel

Tags: ChatGPT

Tags: Malvertising

Tags: Apple

Tags: Google

Tags: insider threat

Tags: Pentagon explosion

Tags: CISA

Tags: ransomware guide

Tags: Rheinmetall

Tags: BlackBasta

Tags: WordPress

A list of topics we covered in the week of May 22- 28 of 2023

(Read more…)

The post A week in security (May 22-28) appeared first on Malwarebytes Labs.

MalwareBytes Security

CISA updates ransomware guidance

May 24, 2023 0 Comments cisa, Cloud, compromised, guide, mdr, news, Ransomware, stopransomware, zta

Categories: News

Categories: Ransomware

Tags: CISA

Tags: StopRansomware

Tags: guide

Tags: ZTA

Tags: compromised

Tags: cloud

Tags: MDR

CISA has updated its #StopRansomware guide to account for changes in ransomware tactics and techniques.

(Read more…)

The post CISA updates ransomware guidance appeared first on Malwarebytes Labs.

MalwareBytes Security

Update now! Ruckus vulnerability added to CISA’s list of actively exploited bugs

May 15, 2023 0 Comments 163.123.142.146, andoryubot, cisa, cve-2023-25717, Exploits and vulnerabilities, news, ruckus

Categories: Exploits and vulnerabilities

Categories: News

Tags: Ruckus

Tags: CISA

Tags: AndoryuBot

Tags: CVE-2023-25717

Tags: 163.123.142.146

CISA has added a Ruckus vulnerability being abused by the AndoryuBot botnet to its catalog.

(Read more…)

The post Update now! Ruckus vulnerability added to CISA’s list of actively exploited bugs appeared first on Malwarebytes Labs.

MalwareBytes Security

Oracle WebLogic Server vulnerability added to CISA list as “known to be exploited”

May 3, 2023 0 Comments cisa, cve-2021-45046, cve-2023-1389, cve-2023-21839, Exploits and vulnerabilities, news, oracle, reverse shell, weblogic

Categories: Exploits and vulnerabilities

Categories: News

Tags: Oracle

Tags: WebLogic

Tags: CVE-2023-21839

Tags: CVE-2023-1389

Tags: CVE-2021-45046

Tags: CISA

Tags: reverse shell

An easy to exploit vulnerability in Oracle WebLogic Server has been added to the CISA list of things you really, really need to patch.

(Read more…)

The post Oracle WebLogic Server vulnerability added to CISA list as “known to be exploited” appeared first on Malwarebytes Labs.

MalwareBytes Security

Pre-ransomware notifications are paying off right from the bat

April 4, 2023 0 Comments cisa, emotet, irs, jcdc, mdr, news, pre-ransomware notifications, Ransomware

Categories: News

Categories: Ransomware

Tags: pre-ransomware notifications

Tags: JCDC

Tags: CISA

Tags: ransomware

Tags: IRS

Tags: Emotet

Tags: MDR

CISA has published the first results of its pre-ransomware notifications that were introduced at the start of 2023. And they appear to be working.

(Read more…)

The post Pre-ransomware notifications are paying off right from the bat appeared first on Malwarebytes Labs.

Security Sophos

S3 Ep125: When security hardware has security holes [Audio + Text]

March 9, 2023 0 Comments bust, cisa, Cryptography, Law & order, Naked Security Podcast, Podcast, Ransomware, tpm, vulnerability

Credit to Author: Paul Ducklin| Date: Thu, 09 Mar 2023 18:58:21 +0000

Lastest episode – listen now! (Full transcript inside.)