PwnedPiper flaws in PTS systems affect 80% of major US hospitals
Cybersecurity researchers disclosed multiple flaws, dubbed PwnedPiper, that left a widely-used pneumatic tube system (PTS) vulnerable to attacks. Researchers from...
CVE-2021-35516
Summary: When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally...
CVE-2021-35517
Summary: When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally...
CVE-2021-36090
Summary: When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally...
CVE-2020-22283
Summary: A buffer overflow vulnerability in the icmp6_send_response_with_addrs_and_netif() function of Free Software Foundation lwIP version git head allows attackers to...
CVE-2021-1600
Summary: Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from...
A week in security (July 26 – August 1)
Last week on Malwarebytes Labs: OSX.XLoader hides little except its main purpose: What we learned in the installation process.The Clubhouse...
This Vulnerability in E-Learning Platform Moodle Could Even Modify Exam Results
Critical Security Exploit in the popular e learning platform Moodle can be compromised that lets access to student data and...
City Officials of Grass Valley Negotiates with the Handlers of Ransomware Attack
The city of Grass Valley is one of the latest victims of a ransomware attack. The operators of the ransomware...
Malevolent PyPI Packages Detected Filching Developer Data
Repositories of software packages have become a frequent target for supply chain attacks. Reports concerning malware attacks on prominent repository...
Google Plans to Ban ‘Sugar Dating’ Apps From September
Google is all set to remove ‘Super Dating' applications from the Play Store in order to make the Android app...
Security Researchers Discovered Crimea Manifesto Buried in VBA Rat
On Thursday, Hossein Jazi and the Threat Intelligence team at Malwarebytes released a report revealing a new threat actor that...
Domhttpx – A Google Search Engine Dorker With HTTP Toolkit Built With Python, Can Make It Easier For You To Find Many URLs/IPs At Once With Fast Time
domhttpx is a google search engine dorker with HTTP toolkit built with python, can make it easier for you to...
PowerShellArmoury – A PowerShell Armoury For Security Guys And Girls
The PowerShell Armoury is meant for pentesters, "insert-color-here"-teamers and everyone else who uses a variety of PowerShell tools during their...
More evidence suggests that DarkSide and BlackMatter are the same group
Researchers found evidence that the DarkSide ransomware gang has rebranded as a new BlackMatter ransomware operation. BleepingComputer found evidence that...
WordPress Download Manager Plugin was affected by two flaws
An attacker could exploit a vulnerability in the WordPress Download Manager plugin, tracked as CVE-2021-34639, to execute arbitrary code under...
Disaster planning with Lesley Carhart, and the slim chance of a critical infrastructure “big one”: Lock and Code S02E14
The 2021 attacks on two water treatment facilities in the US—combined with ransomware attacks on an oil and gas supplier...
Ransomware Attempt Volume Touching Over 300 Million, Sets Record
A new investigation report has been published by SonicWall network security organization in which it stated that ransomware attacks have...
Hacker Uses Credential Phishing to Gain Access Into PayPal Account
Analysts from Cofense Phishing Defense Center recently found a unique PayPal credential phishing attack. Phishing is a harmful technique that...
Exploit Code Released for a Critical Flaw in Linux Kernel eBPF on Ubuntu Machines
Cybersecurity researcher Manfred Paul revealed the details of the code for abusing a critical flaw in the Linux eBPF (Extended...
Russia’s APT29 is Actively Serving WellMess/WellMail Malware
A year ago, the United Kingdom, the USA, and Canada released a coordinated advisory, during the global pandemic, revealing a...
Evidence Indicates Russia’s SVR is Still Using ‘WellMess’ Malware, Despite US Warnings
President Joe Biden's appeal for Vladimir Putin to crack down on cyberattacks emanating from within Russia appears to have failed...
tsharkVM – Tshark + ELK Analytics Virtual Machine
This project builds virtual machine which can be used for analytics of tshark -T ek (ndjson) output. The virtual appliance...
CSIRT-Collect – PowerShell Script To Collect Memory And (Triage) Disk Forensics
A PowerShell script to collect memory and (triage) disk forensics for incident response investigations. The script leverages a network share,...
