Fake Trezor app steals more that $1 million worth of crypto coins
Several users of Trezor, a small hardware device that acts as a cryptocurrency wallet, have been duped by a fake...
Pre-installed auto installer threat found on Android mobile devices in Germany
Users primarily located in Germany are experiencing malware that downloads and installs on their Gigaset mobile devices—right out of the...
Aurora campaign: Attacking Azerbaijan using multiple RATs
This post was authored by Hossein Jazi As tensions between Azerbaijan and Armenia continue, we are still seeing a number...
Has Facebook leaked your phone number?
Unless you keep your social media at a pole’s distance, you have probably heard that an absolutely enormous dataset—containing over...
Research claims Google Pixel phones share 20 times more data than iPhones
If you’re an Android phone user, now might be a good time to invest in a good pair of ear...
Hackers Send Fake Census Form Alerts to UK Respondents
The United Kingdom, like every other country, runs a census every ten years. The census asks residents a number of...
FBI & CISA Warns of Active Attacks on Fortinet FortiOS Servers
The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) have released a Joint Cybersecurity Advisory (CSA)...
Facebook Data Breach: How To Check If Your Details Were Leaked
By now you must have heard that the social network giant ‘Facebook’ has witnessed a very large-scale user data breach...
The data of potential borrowers of Bank Dom.RF are being sold on the Internet
The data was obtained as a result of a leak. A representative of the bank explained its vulnerability in the...
The Less Progressive but Consistent, Cycldek Threat Actors
It is somewhat usual for tools and methodologies to be allowed to share throughout the nebula of Chinese threat actors....
Burpsuite-Copy-As-XMLHttpRequest – Copy As XMLHttpRequest BurpSuite Extension
The extension adds a context menu to BurpSuite that allows you to copy multiple requests as Javascript's XmlHttpRequest, which simplifies...
Scylla – The Simplistic Information Gathering Engine | Find Advanced Information On A Username, Website, Phone Number, Etc…
Scylla is an OSINT tool developed in Python 3.6. Scylla lets users perform advanced searches on Instagram & Twitter accounts,...
Rapid7 Releases New Industry Cyber-Exposure Report (ICER): Fortune 500
Today, Rapid7 just released the first in our all-new Industry Cyber-Exposure Report (ICER) series. For those of you who have...
Chinese Cycldek APT targets Vietnamese Military and Government in sophisticated attacks
China-linked APT group Cycldek is behind an advanced cyberespionage campaign targeting entities in the government and military sector in Vietnam....
This service allows checking if your mobile is included in the Facebook leak
Security researcher implemented a service to verify if your mobile number is included in the recent Facebook data leak. Security...
Experts discovered a privilege escalation issue in popular Umbraco CMS
Experts discovered a vulnerability in the popular CMS Umbraco that could allow low privileged users to escalate privileges to “admin.”...
Experts found critical flaws in Rockwell FactoryTalk AssetCentre
Rockwell Automation has recently addressed nine critical vulnerabilities in its FactoryTalk AssetCentre product with the release of version v11. The...
CVE-2021-29930
Summary: An issue was discovered in the arenavec crate through 2021-01-12 for Rust. A drop of uninitialized memory can sometimes...
CVE-2021-29942
Summary: An issue was discovered in the reorder crate through 2021-02-24 for Rust. swap_index can return uninitialized values if an...
CVE-2021-29941
Summary: An issue was discovered in the reorder crate through 2021-02-24 for Rust. swap_index has an out-of-bounds write if an...
CVE-2021-29938
Summary: An issue was discovered in the slice-deque crate through 2021-02-19 for Rust. A double drop can occur in SliceDeque::drain_filter...
CVE-2021-29931
Summary: An issue was discovered in the arenavec crate through 2021-01-12 for Rust. A double drop can sometimes occur upon...
A week in security (March 29 – April 4)
Last week on Malwarebytes Labs, our podcast featured Malwarebytes senior security researcher JP Taggart, who talked to us about why you need...
BIG-IP Vulnerability – CVE-2021-22986 – PoC
Vuln Impact This vulnerability allows for unauthenticated attackers with network access to the iControl REST interface, through the BIG-IP management...
