CVE-2021-36367
Summary: PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response....
Vulnerability in Less.js Causes Website to Leak AWS Secret Keys
Cybersecurity researchers at Canadian firm Software Secured identified a critical flaw in Less.js, a widely used preprocessor language. According to...
Russian banks to launch a system against telephone fraud
Financial organizations are planning to launch a pilot project of a system for accounting and analyzing telephone fraud, said Alexey...
$350,000 Stolen from Users by Fake Cryptocurrency Mining Apps
The year 2021 will be remembered as a watershed moment for cryptocurrencies. Despite its ups and downs, Bitcoin is still...
Stolen Credit Card Data Hidden in Images by Magecart Hackers for Vague Exfiltration
Magecart-affiliated cybercriminals have adopted a new approach for obfuscating malware code within comment blocks and embedding stolen credit card data...
Mint Mobile Suffered a Data Breach
The US-based telecommunication firm Mint Mobile has announced that it has suffered a data violation which has let several telephone...
Whisker – A C# Tool For Taking Over Active Directory User And Computer Accounts By Manipulating Their msDS-KeyCredentialLink Attribute
Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, effectively...
DNSrr – A Tool Written In Bash, Used To Enumerate All The Juicy Stuff From DNS
DNSrr is a tool written in bash, used to enumerate all the juicy stuff from DNS records, it uses different...
ModiPwn flaw in Modicon PLCs bypasses security mechanisms
ModiPwn flaw (CVE-2021-22779) in some of Schneider Electric’s Modicon PLCs can allow attackers to bypass authentication mechanisms and take over...
Social media partially disrupted in Cuba amid anti-government protests
NetBlocks reported partial disruption to social media and messaging platforms in Cuba from 12 July 2021 shortly after Cubans went...
American retailer Guess discloses data breach after ransomware attack
American clothing brand and retailer Guess discloses a data breach after the February ransomware attack and is notifying the affected customers. In...
SolarWinds fixes critical Serv-U zero-day exploited in the wild
SolarWinds confirmed that a threat actor is actively exploiting a new zero-day vulnerability in Serv-U products and urges customers to fix it....
Threat actors scrape 600 million LinkedIn profiles and are selling the data online – again
Researchers from Cyber News Team have spotted threat actors offering for sale 600 million LinkedIn profiles scraped from the platform,...
CVE-2020-7587
Summary: A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions <...
CVE-2021-1073
Summary: NVIDIA GeForce Experience, all versions prior to 3.23, contains a vulnerability in the login flow when a user tries...
CVE-2020-24149
Summary: Server-side request forgery (SSRF) in the Podcast Importer SecondLine (podcast-importer-secondline) plugin 1.1.4 for WordPress via the podcast_feed parameter in...
CVE-2020-27827
Summary: A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost...
CVE-2021-20094
Summary: A denial of service vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this...
Nope, that isn’t Elon Musk, and he isn’t offering a free Topmist Dust watch either
Elon Musk is an incredibly popular target for scammers and spammers on social media. Attach his name to something he...
DNS-over-HTTPS takes another small step towards global domination
Firefox recently announced that it will be rolling out DNS-over-HTTPS (or DoH) soon to one percent of its Canadian users...
A week in security (July 5 – July 11)
Last week on Malwarebytes Labs: Racing against a real-life ransomware attack. Podcast with Ski Kacoroski.Kaseya CEO: “The impact of this...
Four Critical Flaws Identified in Sage X3 ERP Software
Cybersecurity firm Rapid7 announced on Wednesday that it discovered four security flaws in the Sage X3 ERP software, resource, and...
15 Philips Vue Vulnerabilities Could Result in Full Takeover of the Devices
CISA has released an advisory about several vulnerabilities found in Philips Vue PACS health devices. In the hands of a...
Hackers Have Devised a New Trick to Disable Macro Security Warnings
Threat actors have found a novel method for disabling macro security warnings in malspam assaults that use non-malicious documents. Microsoft...
