Rapid7 Introduces “Active Response” for End-to-End Detection and Response
We know your cybersecurity team is facing unprecedented challenges, including new and complex attacks that exploit your remote workforce and...
Introducing VideoBytes, by Malwarebytes Labs
We have exciting news for avid readers of Malwarebytes Labs: This week, we’re launching a new, monthly video series that...
Indian Copyright Office Asks for Executable File for Website Code?
India copyright office grants a series of rights to the developer of a computer program that protects his original creation...
Roskomnadzor has added the site of the Binance crypto exchange to the list of banned sites in Russia
Roskomnadzor (the Federal Service for Supervision of Communications, Information Technology and Mass Media) has notified one of the largest cryptocurrency...
Cyber Security Solutions for Enterprises Launched by Bharti Airtel
Bharti Airtel Ltd recently dispatched a 'suite of cybersecurity solutions' for large, medium and small businesses as they move on...
Ryuk Ransomware Attacks Union Health Services, Disrupts Hospitals Nationwide
Universal Health Services (UHS) is shut down after a ransomware attack by hackers. Fortune 5oo organization, UHS runs a network...
SAS@Home is back this fall
The world during the pandemic prepares many surprises for us. Most of them are certainly unpleasant: health risks, inability to...
H2Csmuggler – HTTP Request Smuggling Over HTTP/2 Cleartext (H2C)
h2cSmuggler smuggles HTTP traffic past insecure edge-server proxy_pass configurations by establishing HTTP/2 cleartext (h2c) communications with h2c-compatible back-end servers, allowing...
mapCIDR – Small Utility Program To Perform Multiple Operations For A Given subnet/CIDR Ranges
Small utility program to perform multiple operations for a given subnet/CIDR ranges. The tool was developed to ease load distribution...
Exploitability Analysis: Smash the Ref Bug Class
In April 2020, security researcher Gil Dabah published a paper on a set of vulnerabilities he had discovered within the...
Caught in the payment fraud net: when, not if?
Sometimes, I think there are three certainties in life: death, taxes, and some form of payment fraud. Security reporter Danny...
A new Malware that can intercept your OTP and bypass Two Factor Authentication
For most of our accounts be it Bank accounts or social media accounts, we rely on two-factor authentication and OTP...
Why master YARA: from routine to extreme threat hunting cases. Follow-up
On 3rd of September, we were hosting our “Experts Talk. Why master YARA: from routine to extreme threat hunting cases“,...
Lil-Pwny – Auditing Active Directory Passwords Using Multiprocessing In Python
A multiprocessing approach to auditing Active Directory passwords using Python. About Lil PwnyLil Pwny is a Python application to perform...
Polypyus – Learns To Locate Functions In Raw Binaries By Extracting Known Functions From Similar Binaries
Polypyus learns to locate functions in raw binaries by extracting known functions from similar binaries. Thus, it is a firmware...
Re: Navy Federal Reflective Cross Site Scripting (XSS)
Posted by AdaptiveSecurity Consulting via Fulldisclosure on Sep 29Good evening. Because of the nature of the software and vulnerabilities we...
CVE-2020-24721: Corona Exposure Notifications API: risk of coercion/data leakage [vs]
Posted by Dirk-Willem van Gulik on Sep 29 (Corona) Exposure Notifications API for Apple iOS and Google Android risk of...
Microsoft Exchange 2010 End of Support and Overall Patching Study
Today's topic is Exchange 2010, which reaches end of support (EoS) on Oct. 13, 2020, as well as a survey...
2021 Detection and Response Planning, Part 1: Rapid7’s Jeffrey Gardner Breaks Down How CISOs Should Approach Security Planning for the New Year
In this four-part series, we’ll explore key considerations and strategies for 2021 detection and response planning, and ways InsightIDR, Managed...
Critical Information Disclosure on WP Courses plugin <= 2.0.29 exposes private course videos and materials
Posted by Red Timmy Security on Sep 29WP Courses is a Wordpress plugin allowing to define courses with lessons. The...
[SYSS-2020-025] DOMOS 5.8 – OS Command Injection
Posted by Patrick Hener on Sep 29Advisory ID: SYSS-2020-025 Product: DOMOS Manufacturer: Secudos GmbH Affected Version(s): <= DOMOS 5.8 Tested...
[SYSS-2020-024] Qiata FTA – Persistent Cross-Site Scripting
Posted by Patrick Hener on Sep 29Advisory ID: SYSS-2020-024 Product: Qiata FTA Manufacturer: Secudos GmbH Affected Version(s): <= Qiata FTA...
[SYSS-2019-049] Insufficient Session Expiration (CWE-613) in REDDOXX MailDepot (CVE-2019-19199)
Posted by Micha Borrmann on Sep 29Advisory ID: SYSS-2019-049 Product: MailDepot Manufacturer: REDDOXX GmbH Affected Version(s): 2032 SP2 (2.2.1242) Tested...
Regarding the semi-recent OnBase vulnerabilities
Posted by Ken on Sep 29In response to the recent OnBase v19.8.9.1000 and v18.0.0.32 vulnerability disclosures a few weeks ago,...
