CVE-2020-13949
Summary: In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large...
CVE-2020-13949
Summary: In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large...
CVE-2020-13949
Summary: In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large...
CVE-2021-33477
Summary: rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow (potentially remote) code execution because of improper handling of...
CVE-2021-1788
Summary: A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur...
CVE-2021-1844
Summary: A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1,...
CVE-2021-1844
Summary: A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1,...
CVE-2021-1844
Summary: A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1,...
The slow trend away from facial recognition technology
It’s been a busy few weeks for facial recognition technology. Its oft-maligned abilities frequently wind up in tales of privacy...
A week in security (May 24 -30)
Last week on Malwarebytes Labs we discussed VPN Android apps, how even the FBI has to deal with insider threats,...
The Ministry of Internal Affairs of Russia will launch a program for recognizing deepfakes in the fall of 2022
The scientific and industrial company "High Technologies and Strategic Systems" (HT and SS SIJSC) will develop a computer program for...
HPE Patches the Zero-Day Vulnerabiity in Systems Insight Manager Software for Windows
Hewlett Packard Enterprise (HPE) has released a security update to patch critical zero-day remote code execution (RCE) vulnerability in its...
FireEye: Transportation and Telecom Firms Being Hit in Chinese Espionage
According to security firm FireEye, a massive Chinese espionage operation against US and European government entities includes four new hacking...
APT: China-Based Threat Group Attacks Pulse Secure VPNs
Several hacker groups that are supposed to support Chinese long-term economic goals continue in the defense, high-tech, public, transportation, and...
Kaiju – A Binary Analysis Framework Extension For The Ghidra Software Reverse Engineering Suite
CERT Kaiju is a collection of binary analysis tools for Ghidra. This is a Ghidra/Java implementation of some features of...
CheeseTools – Self-developed Tools For Lateral Movement/Code Execution
This repository has been made basing onto the already existing MiscTool, so big shout-out to rasta-mouse for releasing them and...
Interpol has intercepted $83 million from financial cyber crimes
Interpol has intercepted $83 million in illicit funds transferred from victims to the accounts used by crooks. An operation conducted...
These 2 attacks allow to alter certified PDF Documents
Researchers disclosed two new attack techniques that allow modifying visible content on certified PDF documents without invalidating the digital signature....
Security Affairs newsletter Round 316
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
Facefish Backdoor delivers rootkits to Linux x64 systems
Qihoo 360 NETLAB spotted a new backdoor dubbed Facefish that could allow attackers to take over Linux systems and steal...
FBI will share compromised passwords with HIBP Pwned Passwords
The FBI is going to share compromised passwords discovered during investigations with Have I Been Pwned (HIBP)’s ‘Pwned Passwords’ service....
Secure Search is a Browser Hijacker – How to Remove it Now?
Secured Search is a browser hijacker that changes your browser’s settings to promote securedsearch.com, let’s remove it. Secured Search is...
CVE-2021-21659
Summary: Jenkins URLTrigger Plugin 0.48 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks....
CVE-2021-20254
Summary: A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix...
