U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Malwarebytes is working hard to fix flaws in its antivirus

The Antivirus firm Malwarebytes is spending a significant effort to fix serious vulnerabilities in its defense solution that was reported by the experts at the Google’s Project Zero team. The Antivirus firm Malwarebytes is spending a significant effort to fix serious vulnerabilities in its defense solution that was reported by the experts at the Google’s […]

Malwarebytes is working hard to fix flaws in its antivirus

The Antivirus firm Malwarebytes is spending a significant effort to fix serious vulnerabilities in its defense solution that was reported by the experts at the Google’s Project Zero team.

The Antivirus firm Malwarebytes is spending a significant effort to fix serious vulnerabilities in its defense solution that was reported by the experts at the Google’s Project Zero team.

The experts at Project Zero discovered that updates for Malwarebytes Antivirus were not digitally signed or downloaded over a secure HTTP connection, opening the user to Man-In-The-Middle attacks. An attacker could manipulate the updates hacking the Antivirus solutions.

Google Project Zero reported the vulnerabilities to Malwarebytes in November, waiting for 90 days before publicly disclosing the vulnerability.

malwarebytes anti-malware

The experts at Malwarebytes were not able to solve the problem in the 90-day period, so the researcher Tavis Ormandy published the details of the security issue.

“Malwarebytes fetches their signature updates over HTTP, permitting a man-in-the-middle attack,” he explained in a blog post.

“Therefore, this scheme is not sufficient to prevent tampering, and the developer should sign them. There are numerous simple ways to turn this into code execution, such as specifying a target file in the network configuration, writing a new TXTREPLACE rule to modify configuration files, or modifying a registry key with a REPLACE rule.”

The Chief executive at MalwareBytes, Marcin Kleczynski, admitted the difficulties in solving the problem, preannouncing many other weeks to fix the problem.

“In early November, a well-known and respected security researcher by the name of Tavis Ormandy alerted us to several security vulnerabilities in the consumer version of Malwarebytes Anti-Malware. Within days, we were able to fix several of the vulnerabilities server-side and are now internally testing a new version (2.2.1) to release in the next 3-4 weeks to patch the additional client-side vulnerabilities. At this time, we are still triaging based on severity.” he said in a blog post. The research seems to indicate that an attacker could use some of the processes described to insert their own code onto a targeted machine. Based on the findings, we believe that this could only be done by targeting one machine at a time.” .

Kleczynski took the opportunity to launch the Malwarebytes Bug Bounty program which will help the company to early discover any flaw in their software and to “encourage other security researchers to responsibly disclose vulnerabilities in Malwarebytes software.”

“I’d also like to take this opportunity to apologise. While these things happen, they shouldn’t happen to our users.”

Pierluigi Paganini

(Security Affairs – Malwarebytes, Antivirus )