Experts warn of active exploitation of SonicWall zero-day in the wild
Researchers from the security firm NCC Group warn of the exploitation in the wild of a SonicWall zero-day vulnerability. Security...
Google discloses a severe flaw in widely used Libgcrypt encryption library
Google discovered a flaw in GNU Privacy Guard (GnuPG)’s Libgcrypt encryption library that could be exploited to get remote code...
Exploiting a bug in Azure Functions to escape Docker
Expert disclosed an unpatched vulnerability in Microsoft Azure Functions that could be exploited to escape the Docker container hosting them....
CVE-2020-28403
Summary: A Cross-Site Request Forgery (CSRF) vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an attacker to change...
CVE-2021-20187
Summary: It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators...
CVE-2020-23162
Summary: Sensitive information disclosure and weak encryption in Pyrescom Termod4 time management devices before 10.04k allows remote attackers to read...
CVE-2021-21259
Summary: HedgeDoc is open source software which lets you create real-time collaborative markdown notes. In HedgeDoc before version 1.7.2, an...
CVE-2020-11179
Summary: Arbitrary read and write to kernel addresses by temporarily overwriting ring buffer pointer and creating a race condition. in...
Pixlr – 1,906,808 breached accounts
In October 2020, the online photo editing application Pixlr suffered a data breach exposing 1.9 million subscribers. Impacted data included...
A week in security (January 25 – January 31)
January 28 was Data Privacy Day, but for Malwarebytes Labs, it was Data Privacy Week. As such, we’re packed with...
‘Android Worm’ Malware is Spreading Via WhatsApp User Contact List
Security expert Lucas Stefanko unearthed the malware known as ‘Android Worm’. Threat actors are using this malware as a weapon...
Google Researcher Groß Identifies the BlastDoor Device in Apple iOS 14
Last year, Apple rolled out iOS 14 with many new features, tighter privacy laws, and elements that make the iPhone...
MOSE – Post Exploitation Tool For Configuration Management Servers.
MOSE is a post exploitation tool that enables security professionals with little or no experience with configuration management (CM) technologies...
OpenCVE – CVE Alerting Platform
OpenCVE, formerly known as Saucs, is a platform used to locally import the list of CVEs and perform searches on...
Experts explain how to bypass recent improvement of China’s Great Firewall
Experts from Great Firewall Report analyzed recent upgrades to China’s Great Firewall and revealed that it can be circumvented. Members...
Security Affairs newsletter Round 299
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
New Pro-Ocean crypto-miner targets Apache ActiveMQ, Oracle WebLogic, and Redis installs
The Rocke group is using a new piece of cryptojacking malware dubbed Pro-Ocean to target Apache ActiveMQ, Oracle WebLogic, and...
UScellular data breach: attackers ported customer phone numbers
US wireless carrier UScellular discloses data breach, personal information of customers may have been exposed and their phone numbers ported....
UK Research and Innovation (UKRI) discloses ransomware attack
A ransomware infected the systems at the UK Research and Innovation (UKRI), at leat two services were impacted. The UK...
CVE-2017-13750
Summary: There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1296 in JasPer 2.0.12 that will lead to...
CVE-2017-13751
Summary: There is a reachable assertion abort in the function calcstepsizes() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to...
CVE-2017-13752
Summary: There is a reachable assertion abort in the function jpc_dequantize() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to...
CVE-2020-27828
Summary: There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an...
CVE-2020-35965
Summary: decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform...
