Sunspot, the third malware involved in the SolarWinds supply chain attack
Cybersecurity firm CrowdStrike announced to have discovered a third malware strain, named Sunspot, directly involved in the SolarWinds supply chain...
Bitdefender releases free decrypter for Darkside ransomware
Security firm Bitdefender released a tool that allows victims of the Darkside ransomware to recover their files without paying the...
Ubiquiti discloses a data breach
American technology company Ubiquiti Networks is disclosed a data breach and is notifying its customers via email. American technology vendor...
Connecting the dots between SolarWinds and Russia-linked Turla APT
Experts have found some similarities between the Sunburst backdoor used in the SolarWinds supply chain attack and Turla’s backdoor Kazuar. Security experts...
CVE-2021-21116
Summary: Heap buffer overflow in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap...
CVE-2020-16021
Summary: Race in image burner in Google Chrome on ChromeOS prior to 87.0.4280.66 allowed a remote attacker who had compromised...
CVE-2017-20001
Summary: The AES encryption project 7.x and 8.x for Drupal does not sufficiently prevent attackers from decrypting data, aka SA-CONTRIB-2017-027....
CVE-2020-36154
Summary: The Application Wrapper in Pearson VUE VTS Installer 2.3.1911 has Full Control permissions for Everyone in the "%SYSTEMDRIVE%\Pearson VUE"...
CVE-2020-36161
Summary: An issue was discovered in Veritas APTARE 10.4 before 10.4P9 and 10.5 before 10.5P3. By default, on Windows systems,...
A week in security (January 4 – January 10)
Last week on Malwarebytes Labs, we released survey results about VPN usage and found that 36 percent of our respondents...
Bug Bounty API Key Testing CheatSheet
Arrrrgh, Bug Bounty! Slack Webhook If the below command returns missing_text_or_fallback_or_attachments, it means that the URL is valid, any other responses...
JetBrains – A possible Doorway to Massive Hacking Plot?
JetBrains a software company based in the Czech Republic could possibly be used as a doorway by Russian hackers to...
Singapore Witnessed a Sudden Surge in the Bank-Related Phishing Scam
Phishing emails are scams where the actors try to befool the user by sending emails that may concern the user....
Parler on the Verge of Permanent Expulsion
Launched in 2018, Parler has become a place of refuge for individuals that have been prohibited or suspended by popular...
Sunburst backdoor – code overlaps with Kazuar
Introduction On December 13, 2020, FireEye published a blog post detailing a supply chain attack leveraging Orion IT, an infrastructure...
pongoOS – A Pre-Boot Execution Environment For Apple Boards
A pre-boot execution environment for Apple boards built on top of checkra1n.Building on macOSInstall Xcode + command-line utilities make clean...
Wprecon – A Vulnerability Recognition Tool In CMS WordPress, 100% Developed In Go
Hello! Welcome. Wprecon (Wordpress Recon), is a vulnerability recognition tool in CMS Wordpress, 100% developed in Go.Notice:Why is the project...
Russian hacker Andrei Tyurin sentenced to 12 years in prison
A U.S. court on Thursday sentenced the Russian hacker Andrei Tyurin to 12 years in prison for his role in...
Experts found gained access to the Git Repositories of the United Nations
Researchers obtained gained access to the Git Repositories belonging to the United Nations, exposing staff records and credentials. The research...
Source code for malware that targets Qiui Cellmate device was leaked online
The source code for the ChastityLock ransomware that was used in attacks aimed at the users of the Qiui Cellmate...
It is time to re-evaluate Cyber-defence solutions
Security expert Stefan Umit Uygur, CEO and Co-Founder at 4Securitas Ltd, provided his vision about the Cyber-defence solutions on the...
CVE-2020-16023
Summary: Use after free in WebCodecs in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially exploit heap...
CVE-2020-17519
Summary: A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read...
CVE-2018-25002
Summary: uploader.php in the KCFinder integration project through 2018-06-01 for Drupal mishandles validation, aka SA-CONTRIB-2018-024. NOTE: This project is not...
