Windows DNS Server Remote Code Execution Vulnerability (CVE-2020-1350): What You Need to Know
On Tuesday, July 14, 2020, Microsoft released a patch for a 17-year-old remote code execution (RCE) vulnerability in Windows Domain...
CVE-2020-6287: Critical Vulnerability in SAP NetWeaver Application Server (AS) Java
This blog post was co-authored by Scott King, Brian Carey, and Justin Berry.Overview of business impact and implications of CVE-2020-6287This...
SIGRed – CVE-2020-1350 – Wormable DNS
SIGRed (CVE-2020-1350) is a wormable, critical vulnerability (CVSS base score of 10.0) in the Windows DNS server that affects Windows...
Stalkerware advertising ban by Google a welcome, if incomplete, step
On Friday, July 10, Google announced it would no longer allow advertising for spyware and similar surveillance technology—often referred to...
X64Dbg – An Open-Source X64/X32 Debugger For Windows
An open-source binary debugger for Windows, aimed at malware analysis and reverse engineering of executables you do not have the...
Unlocking the Power of Macro Authentication in Application Security: Part Three
This blog post is part three of our three-part series on macro authentication. Be sure to catch up on part...
The Tetrade: Brazilian banking malware goes global
Introduction Brazil is a well-known country with plenty of banking trojans developed by local crooks. The Brazilian criminal underground is...
5 Best Smart Home Hubs 2020
What once seemed like science fiction is now a reality: we are building smart homes. However, the more smart devices...
More Chinese tax software found to dish out backdoor malware
A second tax software program associated with the Chinese banking industry has now been found to contain an embedded backdoor...
A week in security (July 6 – 12)
Last week on Malwarebytes Labs, we took an in-depth look at card skimmers targeting ASP sites, we released another episode...
Telegraph service was unblocked in Russia
Russia stopped blocking the popular Telegram messenger almost a month ago. However, the related Telegraph service continued to be blocked....
Zoom Zero-Day Allowed Remote Code Execution, Patch Issued
Video and audio conferencing software, Zoom patched a zero-day vulnerability that was affecting users running old versions of Windows: Windows...
Trojans, Backdoors and Droppers the Top Three Malware Globally?
According to a few recent surveys and analysis conducted by some well-known and influential cybersecurity agencies, there are approximately 3...
How Content Abuse is giving rise to online Frauds, explains SIFT
A report from Sift on 'Content Abuse and the Fraud Economy' explores the rising arena of online frauds and content...
DroneSploit – Drone Pentesting Framework Console
This CLI framework is based on sploitkit and is an attempt to gather hacking techniques and exploits especially focused on...
Padding-Oracle-Attacker – CLI Tool And Library To Execute Padding Oracle Attacks Easily
CLI tool and library to execute padding oracle attacks easily, with support for concurrent network requests and an elegant UI.InstallMake...
Citizen Science and Medical Consumerism: Confronting the Tech Wisdom Gap in Modern Healthcare
In our latest episode of Security Nation, we spoke with Nina Alli, executive director of the Biohacking Village, to discuss...
Rapid7 joins CFAA brief to the Supreme Court
Rapid7 joined a brief to the US Supreme Court on the chilling effect of the overbroad Computer Fraud and Abuse...
Azerbaijani hackers obtained information from the Armenian Ministry of Defense
Passport data of several hundred Armenian citizens, including military personnel, as well as documents related to the Republic's military units,...
The Need for Smart Cities in the Post-Pandemic World
Due to coronavirus pandemic, there has been a lockdown worldwide, and it seems, the streets and the normal life has...
Debotnet – A Tiny Portable Tool For Controlling Windows 10’s Many Privacy-Related Settings And Keep Your Personal Data Private
A free and portable tool for controlling Windows 10's many privacy-related settings and keep your personal data private.Your preparation for...
Santa – A Binary Whitelisting/Blacklisting System For macOS
Santa is a binary whitelisting/blacklisting system for macOS. It consists of a kernel extension (or a system extension on macOS...
Microsoft Office 365 Users Targeted By a New Phishing Campaign Using Fake Zoom Notifications
As people across the world struggle to survive the onslaught of the corona pandemic by switching to the work-from-home criteria,...
FinDOM-XSS – A Fast DOM Based XSS Vulnerability Scanner With Simplicity
FinDOM-XSS is a tool that allows you to finding for possible and/ potential DOM based XSS vulnerability in a fast...
