IT NEWS

One of Twitter’s big rivals, Mastodon, recently finished fixing four issues which (in the worst case) allowed for the creation of files on the instance’s server. Mastodon, whose main selling point is lots of separate communities living on different servers yet still able to communicate, was notified of the flaws by auditors from a penetration testing company.

CVE-2023-36460 is the aforementioned “worst case”, dubbed TootRoot. If you’re not familiar with Mastodon, user posts are called “Toots” (as opposed to tweets if you’re on Twitter). As with Twitter, you’re able to post media files and this is where the problem resided.

According to Bleeping Computer, an issue with Mastodon’s media processing code meant a wide variety of problems could happen as a result. Denial of Service and arbitrary remote code execution are mentioned, with researcher Kevin Beaumont focusing on how webshells could be created on instances processing the rogue Toot.

The other vulnerabilities included cross-site scripting (XSS), potentially used to hijack accounts or impersonate others (CVE-2023-36459), and a technique used for phishing through “verified profile links” (CVE-2023-36462). The final flaw allowed for Denial of Service (DoS) through slow HTTP responses (CVE-2023-36461).

As the patches are server updates, it’s essential that Mastodon admins set about securing their servers. The various issues were fixed in Mastodon versions 3.5.9, 4.0.5, and 4.1.3. Until you update, anything above Mastodon version 3.5.0 could be at risk.

Mastodon allows for the creation of many small (typically invite only) communities catering to all manner of interests and activities. There is a possibility that any security issue on such a platform could lead to specific forms of targeted harassment of at-risk communities.

Indeed, even the Mastodon instances populated by security folks aren’t exactly out of harm’s reach. Back in November of last year, someone discovered a way to steal passwords through an HTML injection vulnerability. Unfortunately for the good folks of Infosec Exchange, the vulnerability happened to affect the Glitch fork being used by…you’ve guessed it…Infosec Exchange. As a humorous side note, the issue was discovered due to people putting a “verified” icon in their username as a dig at Twitter.

Elsewhere, a misconfigured server was found to be scraping Mastodon user data. While the data scraped was nothing spectacular, instead including things like account and display name alongside profile pictures, it was a valuable reminder to be careful about what you post online.

Thankfully lots of Mastodon admins take these risks seriously, and most major instances should already be running the required patches for the various issues which have been found over time. If you’re looking to make the leap to Mastodon yourself, you should check out our guide which leads you through everything from account creation and server sign up to posting. Happy Tooting!

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Apple has issued an update for a vulnerability which it says may have been actively exploited.

In the security content for Safari 16.5.2 we can learn that the vulnerability was found in the WebKit component which is Apple’s web rendering engine. In other words, WebKit is the browser engine that powers Safari and other apps. On iOS and iPadOS even third-party browsers have to use WebKit under the hood. So, it’s no surprise that this update is available for a range of operating systems (OSs).

For most users, no action is required. Apple devices are configured to implement Rapid Security Responses as the default setting automatically. If needed, users will receive a prompt to restart their device.

Rapid Security Response (RSR) is a new type of software patch delivered between Apple’s regular, scheduled software updates. Previously, Apple security fixes came bundled along with features and improvements, but RSRs only carry security fixes. They’re meant to make the deployment of security improvements faster and more frequent. According to an Apple notice about RSRs, the new updates “may also be used to mitigate some security issues more quickly, such as issues that might have been exploited or reported to exist ‘in the wild’.” RSR was first introduced in May of 2023.

To check whether you have RSR enabled, select System Settings. In the Settings window, click on (General and Software) Update, then Automatic Updates, and make sure the toggle is turned on for Install Security Responses and system files.

It may be important to note that the first attempt to patch this vulnerability, offered as iOS 16.5.1 (a), reportedly broke some sites. This first attempt was pulled hours after release. Apple then followed up with this latest update.

The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The CVE patched in this updates is:

CVE-2023-37450: Processing web content may lead to arbitrary code execution. The issue was addressed with improved checks.

While Apple doesn’t disclose, discuss, or confirm security issues until a patch is made available and users have had the opportunity to apply them, what we can conclude from that description is that the bug could be used for drive-by downloads as it might allow an attacker to execute arbitrary code by tricking users into opening web pages containing specially crafted content.

We don’t just report on vulnerabilities—we identify them, and prioritize action.

Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in tow by using Malwarebytes Vulnerability and Patch Management.

Multiple apps have been removed from the App Store in India after a large helping of unethical behaviour was aimed at their users. TechCrunch reports that “Pocket Kash, White Kash, Golden Kash, and OK Rupee” among others were taken down after getting close to the top 20 finance app listing spots. The reason? These finance apps came with dubious charges and a chilling line in blackmail and threatening behaviour.

Here’s a user review from a month or so ago:

“I borrowed an amount in a helpless situation and […] a day before repayment due date I got some messages with my pic and my contacts in my phone saying that repay your loan otherwise they will inform our contacts that you r not paying loan.”

While this sets the scene for the behaviour which ultimately had the apps taken down, worse was still to come.

Someone reached out to an individual working in media with a very disturbing message related to one of the apps. In it, their friend’s sister took out a loan and was met with threats to send “her nude pics” to her contacts. The nudes weren’t real: they’d been “morphed”, according to the message sender. We assume they mean a deepfake, which are of course notoriously easy to create either via specialist websites or apps.

Wtf is this, a personal loan app called Kash is threatening to send morphed nude photos of their customer to her entire contact list?! pic.twitter.com/5LcsukVgef

— Sandhya Ramesh (@sandygrains) July 3, 2023

Some of the apps were also impersonating legitimate app developers, which means lots of time and hassle spent trying to prove that they’re not involved. This is a common scam, so much so that large lists have been compiled of apps suspected of being involved in this particular tactic of blackmail and threatening behaviour.

Back in March, “seven entities and five individuals” were charged in a similar case where an individual was threatened after taking out a loan. Obscene and intimidating messages were sent to the victim by SMS, apps, and phone calls along with threats to upload photographs to adult websites.

Meanwhile, there are a growing number of faked nude photos ending up in the news in relation to these bogus finance apps. Sadly, there are also reports of some victims committing suicide after becoming caught in these fraudulent activities. In the above link, the fake finance apps are on the Google Play store. The bogus app developers are clearly looking to cast as wide a net as possible in their quest for ill-gotten gains. In some cases, fakers will impersonate senior law enforcement officers on rogue websites to make the scam even more convincing.

Apple has pulled “at least” half a dozen apps, but it’s clear that this is a bit of a booming industry and will take a lot of work to stamp out completely. If you’re thinking about taking out a loan via an app, it’s worth taking the time to research which companies are legitimate and take things from there. Check the reputation of the organisation, read those reviews, and find out what level of cover is available from both the store and lender should things go wrong. Do your best to ensure everything is above board before committing to anything, as this definitely isn’t something you want to become tangled up in.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

The Cybersecurity and Infrastructure Security Agency (CISA) has warned about three new vulnerabilities in Progress Software’s MOVEit software. A cybercriminal could exploit some of these vulnerabilities to obtain sensitive information.

In the advisory, CISA encouraged users to review Progress’ MOVEit Transfer article and apply the updates.

The MOVEit file transfer software has been making headlines over the last two months. Earlier vulnerabilities in the software have been used by the Cl0p ransomware gang to make hundreds of victims, and new victim names are published on the Cl0p leak site every single day.

Since the alarm was first raised, the software has been under scrutiny and more vulnerabilities have since been found. This, unfortunately, is not unexpected, and no doubt many software packages would reveal vulnerabilities with so many researchers looking at them.

The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The CVEs patched in this update are:

CVE-2023-36934 (Critical): In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.

CVE-2023-36932 (High severity): In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), multiple SQL injection vulnerabilities have been identified in the MOVEit Transfer web application that could allow an authenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.

CVE-2023-36933 (High severity): In Progress MOVEit Transfer before 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), it is possible for an attacker to invoke a method that results in an unhandled exception. Triggering this workflow can cause the MOVEit Transfer application to terminate unexpectedly.

Before implementing the fix it is important to make sure you are on MOVEit Transfer 2020.1.6 (12.1.6) or later version of 2020.1 (12.1) and follow the instructions in the MOVEit article.

How to avoid ransomware

• Block common forms of entry. Create a plan for patching vulnerabilities in internet-facing systems quickly; and disable or harden remote access like RDP and VPNs.
• Prevent intrusions. Stop threats early before they can even infiltrate or infect your endpoints. Use endpoint security software that can prevent exploits and malware used to deliver ransomware.
• Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
• Stop malicious encryption. Deploy Endpoint Detection and Response software like Malwarebytes EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
• Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
• Don’t get attacked twice. Once you’ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.

We don’t just report on vulnerabilities—we identify them, and prioritize action.

Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in tow by using Malwarebytes Vulnerability and Patch Management.

In a joint advisory, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Canadian Centre for Cyber Security (CCCS) have warned about newly identified TrueBot malware variants used against organizations in the US and Canada.

As we reported in our May 2023 ransomware review, ransomware groups like Cl0p gain access to a network and then sneakily deploy TrueBot malware and a Cobalt Strike beacon to infiltrate and creep around, grabbing data along the way.

At its core, Truebot is a Trojan.Downloader. Besides gathering system information, it is capable of downloading and executing additional payloads. As such, it is an ideal malware for IAB groups that want to plant a backdoor on a system and do some basic reconnaissance of the network. For those purposes, recent versions of Truebot collect the following: A screenshot, the computer name, the local network name, and active directory trust relations. Active Directory trust relations allow organizations to share users and resources across domains.

Previous TrueBot malware variants were primarily delivered by cybercriminals via malicious phishing email attachments. Newer versions allow cyber threat actors to also gain initial access through exploiting CVE-2022-31199, a remote code execution vulnerability in the Netwrix Auditor application. This allows the attacker to deploy the malware at scale within the compromised environment. Through exploitation of this CVE, cybercriminals can gain initial access, as well as the ability to move laterally within the compromised network.

The advisory explains how TrueBot has been observed in association with:

• Raspberry Robin: a wormable malware with links to other malware families and various infection methods, including installation via USB drive.
• FlawedGrace: a remote access tool (RAT) that can receive incoming commands [T1059] from a C2 server, which is typically deployed minutes after TrueBot malware is executed.
• Cobalt Strike: a collection of threat emulation tools cybercriminals use for persistence and data exfiltration purposes.
• Teleport: a custom data exfiltration tool.

In a separate malware analysis report, interested parties can find a comprehensive analysis of a recently discovered TrueBot executable.

Malwarebytes blocks the download URLs and detects Truebot as Malware.AI.{id.nr.}. Cl0p ransomware is detected as Malware.Ransom.Agent.Generic. But obviously prevention is better than remediation. The Malwarebytes web protection module blocks the C2 servers mentioned in the Malware Analysis Report.

How to avoid ransomware

• Block common forms of entry. Create a plan for patching vulnerabilities in internet-facing systems quickly; and disable or harden remote access like RDP and VPNs.
• Prevent intrusions. Stop threats early before they can even infiltrate or infect your endpoints. Use endpoint security software that can prevent exploits and malware used to deliver ransomware.
• Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
• Stop malicious encryption. Deploy Endpoint Detection and Response software like Malwarebytes EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
• Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
• Don’t get attacked twice. Once you’ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.

Malwarebytes EDR and MDR removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW

Malwarebytes Browser Guard is our free browser extension for Chrome, Edge, Firefox, and Safari that blocks unwanted and unsafe content, giving users a safer and faster browsing experience. It’s the world’s first browser extension to do this while also identifying and stopping tech support scams. 

An often heard misconception is that people think they don’t need Browser Guard since they already have Malwarebytes Premium or a firewall, but since Browser Guard comes in the form of a browser extension it can offer protection to the browser that other means of protection do not have access to.

This is also true the other way around: It can only protect the browsers that have it installed as an extension. It can’t protect other parts of the system or other applications. So while there is an overlap, you need both to optimize protection.

New features

The Malwarebytes engineers have been hard at work to make Browser Guard even better, and we can now announce three new features for Premium users:

• Content Control: With this, you can dial up your control of your browsing experience and define what’s appropriate for you. Fully customize the content you want to block while you – or your kids – are browsing.
• Import and Export: Use your preferences and customized rules with all your browsers, even on other devices. This helps you to experience a consistent and clean web experience. Discover on this video how to transfer Malwarebytes Browser Guard settings to another browser.
• Historical Detection Statistics: View past detections and see what we’ve protected you from.  

Please note that these new features are only available for Windows systems.

Last week on Malwarebytes Labs:

• How kids pay the price for ransomware attacks on education
• Solar monitoring systems exposed: Secure your devices
• Warning issued over vulnerability in cardiac device monitoring software
• Update Android now! Google patches three actively exploited zero-days
• Malicious ad for USPS fishes for banking credentials
• Google plans to scrape everything you post online to train its AI
• Self-driving cars are a privacy issue, says security expert
• Fake reviewers face big fines
• Elderly targeted in car accident scam, kingpin arrested
• Of sharks, surveillance, and spied-on emails: This is Section 702, with Matthew Guariglia
• Brave browser will prevent websites from port scanning visitors

Stay safe!

Malwarebytes EDR and MDR removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW

Researchers who go looking for devices exposed to the Internet report “tens of thousands” of solar photovoltaic (PV) monitoring and diagnostic systems can be found on the web. The systems are used for everything from system optimization to performance monitoring and troubleshooting.

No fewer than 134,000 products from an assortment of vendors were found to be exposed, though as Bleeping Computer notes, this does not necessarily mean they’re all vulnerable right now.

However, new vulnerabilities are discovered all the time and anything that’s attached to the Internet when a vulnerability is discovered represents a serious risk (and at least some of the products on display have been impacted by vulnerabilities in the past.) Devices left exposed online can lead to all manner of other issues too. Whether people poking around to get an idea of how your systems work, or directly tampering, it’s almost never good.

While many of the currently discovered devices may not be vulnerable to a remote takeover, there may be enough information to hand to figure out some of the workings of the systems in question.

Indeed, the research highlights that around 7,000 devices belonging to one particular brand are in the list. A separate report linked by Bleeping Computer found 425 examples of said device making use of a firmware version known to be vulnerable to attack. As per said report, which cleverly makes use of a copyright string on the product’s landing page to work out which versions are vulnerable:

It turns out that less than one third of the internet-facing SolarView series systems are patched against CVE-2022-29303.

This, in addition to mention of other issues affecting this brand of device like being able to upload PHP web shells (allowing for remote access), does not make for great reading. Especially when we consider that this is just one product, while the products left exposed include:

Solar-Log, Danfoss Solar Web Server, SolarView Contec, SMA Sunny Webbox, SMA Cluster Controller, SMA Power Reducer Box, Kaco New Energy & Web, Fronis Datamanager, Saj Solar Inverter, and ABB Solar Inverter Web GUI.

Exposed devices can end up being a pretty serious issue. Even in cases where the device isn’t exposed online, things can still go awry. A few years back, Australia’s early warning network was compromised (most likely by a targeted phishing attack) and messages galore were fired out by SMS, email, and phone announcing that the service had been hacked.

Road signs and other forms of public communication are often found wanting in the security stakes. It’s such a problem that it’s not unusual to see the Department of Homeland Security issuing warnings about the need to update Emergency Warning Systems. Last August, FEMA was similarly banging the drum for the swift application of software updates.

If you’re responsible for deploying any of the above systems, it may well be beyond time to check what (if anything) is exposed online and whether or not you need to start patching.

Malwarebytes EDR and MDR removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW

Modern ransomware attacks are as much about stealing data and threatening to leak it as they are about encrypting data. Which means that when a school or hospital is attacked, it’s often students’ and patients’ data that’s leaked if the ransom demand isn’t met.

We have to wonder how greedy any person would need to be to show such a blatant disregard for how painful sharing that kind of information can be.

In our recent report on the state of ransomware in education we saw an 84% increase in known attacks on the education sector.

And, while ransomware attacks against education are a global phenomenon, the USA and the UK saw far higher rates of attacks than other countries.

Although the attacks were carried out by a large number of different ransomware gangs, one in particular stood out: Vice Society. The Vice Society ransomware gang specializes in attacking education, with almost half of its known activity (43%) directed against the sector—almost ten times the average for ransomware groups.

Vice Society has also been known to take their demands directly to college students (we talked about this tactic in the case of the University of Manchester.)

The documents stolen from schools and dumped online by ransomware gangs can contain very private information that goes beyond what we normally see in leaked files. But apparently it’s getting harder to convince victims to pay the ransom, so the cybercriminals are trying new tactics.

What they seem to forget, or not care about, is that they are not just extorting money from institutions, but ruining young lives in the process.

An Associated Press article talked to the families of six students who had their sexual assault case files exposed by a ransomware gang. The leaking of private records like that on both the Dark Web and the open Internet could have a lasting impact on those young people long after their school has recovered from the attack.

The ransomware groups are to blame, of course, but the education sector can improve a few things to lessen the impact of a ransomware attack.

It’s prudent to assume that at some point your organisation will fall victim to a ransomware attack. That being the case, it might be better to resort to paper records for highly sensitive information, or to store it securely encrypted on a non-networked system.

It also seems to be a problem to inform the students and their family about what has happened and what might have been stolen. The families contacted by AP said they first learned about the leaked information from the journalist instead of from the school.

Another matter to consider is the fact that identity thieves sometimes target children because the crime can go undetected for years, often until the child applies for their first loan or credit card. Even more reason for schools to inform the families of students about stolen data.

As a Vice Society representative wrote in an email to students of a victimized school:

“Additionally all of your SSN and Medical records will be put for sale, for every hacker to gain access and use your data in whatever illegal activity they want. To us, this is a normal business day. For you, it’s a sad day where everyone will see your personal and private info.”

Which goes to show that appealing to their decency is likely to fall on deaf ears, so the best defense is protection.

How to avoid ransomware

• Block common forms of entry. Create a plan for patching vulnerabilities in internet-facing systems quickly; and disable or harden remote access like RDP and VPNs.
• Prevent intrusions. Stop threats early before they can even infiltrate or infect your endpoints. Use endpoint security software that can prevent exploits and malware used to deliver ransomware.
• Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
• Stop malicious encryption. Deploy Endpoint Detection and Response software like Malwarebytes EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
• Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
• Don’t get attacked twice. Once you’ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.

Malwarebytes EDR and MDR removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW

In July’s update for the Android operating system (OS), Google has patched 43 vulnerabilities, three of which are actively exploited zero-day vulnerabilities.

The security bulletin notes that there are indications that these three vulnerabilities may be under limited, targeted exploitation.

If your Android phone is at patch level 2023-07-05 or later then the issues discussed below have been fixed. The updates have been made available for Android 10, 11, 12, 12L and 13. Android partners are notified of all issues at least a month before publication, however, this doesn’t always mean that the patches are available for devices from all vendors.

You can find your device’s Android version number, security update level, and Google Play system level in your Settings app. You’ll get notifications when updates are available for you, but you can also check for updates.

For most phones it works like this: Under About phone or About device you can tap on Software updates to check if there are new updates available for your device, although there may be slight differences based on the brand, type, and Android version of your device.

The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The CVEs listed as actively exploited are:

CVE-2023-26083: a memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 – r32p0, Bifrost GPU Kernel Driver all versions from r0p0 – r42p0, Valhall GPU Kernel Driver all versions from r19p0 – r42p0, and Avalon GPU Kernel Driver all versions from r41p0 – r42p0 allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata.

ARM was warned about this vulnerability on March 31, 2023 and stated:

“There is evidence that this vulnerability may be under limited, targeted exploitation.”

CVE-2021-29256: The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege escalation. This affects Bifrost r16p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r28p0 through r30p0.

Both of the above vulnerabilities are present in the ARM Mali GPU, which is the graphics processor of many Android phones. A patch for both vulnerabilities had been issued by ARM, but Google has decided to include them in this month’s Android update.

CVE-2023-2136: An integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

This vulnerability is affecting the Skia 2D graphics library used in Android systems. Skia is an open source 2D graphics library for drawing Text, Geometries, and Images.

It is likely that attackers would use the vulnerability in Skia as a first stage and then use one of the Mali vulnerabilities to complete a device takeover.

Another vulnerability that caught our eye was CVE-2023-21250: a critical vulnerability in the System component that could lead to remote code execution with no additional execution privileges needed and no user interaction is needed for exploitation. Further details were not revealed to give users a chance to install the patch first.

We don’t just report on vulnerabilities—we identify them, and prioritize action.

Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in tow by using Malwarebytes Vulnerability and Patch Management.