CVE-2020-14987
Summary: An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows remote attackers to execute arbitrary...
CVE-2020-13936
Summary: An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands...
CVE-2020-4184
Summary: IBM Security Guardium 11.2 performs an operation at a privilege level that is higher than the minimum level required,...
CVE-2020-35231
Summary: The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was affected by an authentication issue that allows an attacker...
Teen behind 2020 Twitter hack pleads guilty
The so-called “mastermind” behind the 2020 Twitter hack that compromised the accounts of several celebrities and public figures—including President Barack...
ProxyLogon PoCs trigger a game of whack-a-mole
As we reported recently, the use of the Microsoft Exchange Server ProxyLogon vulnerabilities has gone from “limited and targeted attacks”...
Careers in cybersecurity: Malwarebytes talks to teachers and students
Every year, I take part in talks for universities and schools. The theme is often breaking into infosec. I give...
DeFi Platforms PancakeSwap, Cream Finance hit by DNS Attack
DeFi platforms PancakeSwap and Cream Finance cautioned clients on Monday that they were hit by domain name system (DNS) hijackings....
‘Black Shadow’ Infiltrates Israeli Finance Firm, Demand $570,000 in Ransom
The private information of thousands of Israelis was compromised on Saturday following a cyberattack on the database of a major...
32 Indian Organisations Attacked by Hackers via Microsoft Exchange Server
A new study published last Monday on 8th March cautioned stating that financial and banking institutions in India have been...
SnitchDNS – Database Driven DNS Server With A Web UI
SnitchDNS is a database driven DNS Server with a Web UI, written in Python and Twisted, that makes DNS administration...
Genisys – Powerful Telegram Members Scraping And Adding Toolkit
Powerful Telegram Members Scraping and Adding Toolkit FeaturesADDS IN BULK Scrapes and adds to public groups Works in Windows systems...
Rapid7 Announces Release of New tCell Amazon CloudFront Agent
Cloud-native approaches to building, hosting, and delivering web applications are growing rapidly. Content delivery networks (CDNs) such as Amazon CloudFront...
Microsoft releases On-premises Mitigation Tool (EOMT) tool to fix ProxyLogon issues
Microsoft released an Exchange On-premises Mitigation Tool (EOMT) tool to small businesses for the fix of ProxyLogon vulnerabilities. On March...
Is there a link between Microsoft Exchange exploits and PoC code the company shared with partner security firms?
Microsoft is reportedly investigating whether the recent attacks against Microsoft Exchange servers could be linked to information leaked by a...
US DoJ indicted the CEO of Sky Global encrypted chat platform
The CEO of the encrypted communications firm Sky Global has been indicted in the US on charges of facilitating international...
CVE-2021-27055
Summary: Microsoft Visio Security Feature Bypass Vulnerability Reference Links(if available): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27055 CVSS Score (if available) v2: / MEDIUM v3: /...
CVE-2021-27070
Summary: Windows 10 Update Assistant Elevation of Privilege Vulnerability Reference Links(if available): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27070 CVSS Score (if available) v2: / MEDIUM...
CVE-2021-27063
Summary: Windows DNS Server Denial of Service Vulnerability This CVE ID is unique from CVE-2021-26896. Reference Links(if available): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27063 CVSS...
CVE-2021-27053
Summary: Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-27054. Reference Links(if available): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27053 CVSS Score...
CVE-2020-5258
Summary: In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to...
How your iPhone could tell you if you’re being stalked
The latest iOS beta suggests that Apple’s next big update will include an iPhone feature that warns users about hidden,...
Royal Mail scam says your parcel is waiting for delivery
Expecting a delivery? Watch out for phishing attempts warning of held packages and bogus shipping fees. This Royal Mail delivery...
The Malwarebytes 2021 State of Malware report: Lock and Code S02E04
This week on Lock and Code, we discuss the top security headlines generated right here on Labs. In addition, we...
