US CISA orders federal agencies to fix Log4Shell by December 24th
US CISA ordered federal agencies to address the critical Log4Shell vulnerability in the Log4j library by December 24th, 2021. US...
Kronos crippled by ransomware, service may be out for weeks
Human resources platform provider UKG has put out a statement saying it’s fallen prey to ransomware that has disrupted the...
CVE-2019-20839
Summary: libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename. Reference Links(if available): https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13 https://github.com/LibVNC/libvncserver/commit/3fd03977c9b35800d73a865f167338cb4d05b0c1...
CVE-2019-20840
Summary: An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws_decode.c can lead to a crash because of unaligned accesses in...
CVE-2020-14396
Summary: An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference. Reference Links(if available): https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13 https://github.com/LibVNC/libvncserver/commit/33441d90a506d5f3ae9388f2752901227e430553...
CVE-2020-14397
Summary: An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference. Reference Links(if available): https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13 https://github.com/LibVNC/libvncserver/commit/38e98ee61d74f5f5ab4aa4c77146faad1962d6d0...
CVE-2020-14398
Summary: An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c....
Jektor – A Windows User-Mode Shellcode Execution Tool That Demonstrates Various Techniques That Malware Uses
This utility focuses on shellcode Anti-virus detection?:Pre-pending a set of NOPs to a Msfvenom XOR encrypted shellcode payload while using...
CVE-2016-6664 – Oracle / MySQL – Race condition
Summary: CVE-2016-6664 is a race condition vulnerability impacting multiple versions of Oracle MySQL. An exploit was observed in open source...
Google fixed the 17th zero-day in Chrome since the start of the year
Google has released Chrome 96.0.4664.110 to address a high-severity zero-day vulnerability, tracked as CVE-2021-4102, exploited in the wild. Google released security updates to address...
TinyNuke banking malware targets French organizations
The TinyNuke malware is back and now was used in attacks aimed at French users working in manufacturing, technology, construction, and...
CVE-2021-44228 vulnerability in Apache Log4j library
CVE-2021-44228 summary Last week information security media reported the discovery of the critical vulnerability CVE-2021-44228 in the Apache Log4j library...
US-CERT Bulletin (SB21-347):Vulnerability Summary for the Week of December 6, 2021
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
Practical coexistence attacks on billions of WiFi chips allow data theft and traffic manipulation
Boffins discovered bugs in WiFi chips that can be exploited to extract passwords and manipulate traffic by targeting a device’s...
Haptyc – Test Generation Framework
Haptyc is a python library which was built to add payload position support and Sniper/Clusterbomb/Batteringram/Pitchfork attack types into Turbo Intruder....
Spear phish, whale phish, regular phish: What’s the difference?
There are many types of phishing attack nowadays, to the extent it can be tricky to keep up with them...
CVE-2021-43982
Summary: Delta Electronics CNCSoft Versions 1.01.30 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker...
CVE-2021-37861
Summary: Mattermost 6.0.2 and earlier fails to sufficiently sanitize user's password in audit logs when user creation fails. Reference Links(if...
CVE-2021-40578
Summary: Authenticated Blind & Error-based SQL injection vulnerability was discovered in Online Enrollment Management System in PHP and PayPal Free...
CVE-2021-40860
Summary: A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution (IWD) before 9.0.013.11 allows an...
CISA adds Log4Shell Log4j flaw to the Known Exploited Vulnerabilities Catalog
The U.S. CISA added 13 new vulnerabilities to the Known Exploited Vulnerabilities Catalog, including Apache Log4Shell Log4j and Fortinet FortiOS issues....
A week in security (Dec 6 – 12)
Last week on Malwarebytes Labs: Log4j zero-day “Log4Shell” arrives just in time to ruin your weekendClick “OK” to defeat MFAFake...
FiddleZAP – A Simplified Version Of EKFiddle For OWASP ZAP
FiddleZAP is a simplified version of There are 2 Select the following parameters:It now shows under standalone: Passive RulesNext, install the...
Log4Shell was in the wild at least nine days before public disclosure
Threat actors are already abusing Log4Shell vulnerability in the Log4j library for malicious purposes such as deploying malware. A few...
