CVE-2020-24722: GAEN Protocol Metadata Deanonymization and Risk-score Inflation Issues
Posted by Stefan Marsiske via Fulldisclosure on Oct 06GAEN Protocol Metadata Deanonymization and Risk-score Inflation Issues (CVE-2020-24722) Summary The TX...
OSINT
CVE-2020-25790
Posted by Rodolfo Augusto do Nascimento Tavares on Oct 06Hello, all Could you please publish the item below? I attached...
FortSIEM <= 5.2.8 RCE due to EL Injection – analysis
Posted by Red Timmy Security on Oct 06On June 21st 2020 Fortinet has released a security bulletin for its FortiSIEM...
Common bugs make anti-virus solutions vulnerable to exploitation
The very anti-malware solutions meant to protect organizations for things like increasing privilege can be exploited to do just that....
Chowbus – 444,224 breached accounts
In October 2020, the Asian food delivery app Chowbus suffered a data breach which led to over 800,000 records being...
Mobile network operator falls into the hands of Fullz House criminal group
Most victims of Magecart-based attacks tend to be typical online shops selling various goods. However, every now and again we...
A week in security (September 28 – October 4)
Last week on Malwarebytes Labs, we dug into what happens when card fraud comes calling, we gave a rundown on...
Spending on information security in Russia will increase eightfold
Russia intends to sharply increase the cost of information security, and mainly on cryptography, and not on personal data protectionAccording...
Be on the look out for 2 new features on Google meet: Q&A and Polls
Video Conferencing is the one tool that makes work from home achievable and hassle free and with systems like Zoom,...
‘InterPlanetary Storm’ Botnet Now Targeting MAC and IoT Devices
First discovered in 2019, the InterPlanetary Storm malware has resurfaced with a new variant targeting Mac and Android along with...
MosaicRegressor: Lurking in the Shadows of UEFI
Part II. Technical details (PDF) UEFI (or Unified Extensible Firmware Interface) has become a prominent technology that is embedded within...
Kube-Score – Kubernetes Object Analysis With Recommendations For Improved Reliability And Security
kube-score is a tool that performs static code analysis of your Kubernetes object definitions. The output is a list of...
SCREEN_KILLER – Tool To Track Progress For Reporting (Capture Screenshot, Commands And Outputs) During Pentest Engagement And OSCP
This script was to developed to capture screenshot during pentest engagment and OSCP. IMPORTANT: The screenshot feature is no longer...
Why Every Organization Needs a Vulnerability Management Policy
The importance of information security in the modern business world cannot be overstated. It’s vital for organizations to take a...
SEC Consult SA-20201005-0 :: Multiple Critical Vulnerabilities in RocketLinx Series
Posted by SEC Consult Vulnerability Lab on Oct 05SEC Consult Vulnerability Lab Security Advisory < 20201005-0 > ======================================================================= title: Multiple...
WiziShop – 2,856,769 breached accounts
In July 2020, the French e-commerce platform WiziShop suffered a data breach. The breach exposed 18GB worth of data including...
WAP Fraud: Google Play Store Removes Android Apps Infected With Joker Malware
Google has now eliminated 17 infected android apps from its google play store. These apps contained the "Joker" malware, according...
OFFPORT_KILLER – This Tool Aims At Automating The Identification Of Potential Service Running Behind Ports Identified Manually Either Through Manual Scan Or Services Running Locally
#Manual Port Scanning #Enumerate Potential Service If you like the tool and for my personal motivation so as to develop...
AdvPhishing – This Is Advance Phishing Tool! OTP PHISHING
This Is Advance Phishing Tool! OTP PHISHING SPECIAL OTP BYPASS VIDEO WORKEDSocial Media Hack Link Installation Termux https://www.youtube.com/watch?v=LO3hX1lLBjI Whatsapp OTP...
The Russian was convicted as a LinkedIn hacker
The Federal court for the Northern District of California in San Francisco sentenced Russian Yevgeny Nikulin to seven years and...
Warning Issued to End Cyberattacks Risk Running Afoul of Sanctions Rules by The U.S. Treasury Department
The U.S. Treasury Department recently issued a warning to cyber insurers and other financial institutions that 'facilitate payments' to hackers...
Timewarrior – Commandline Time Reporting
Timewarrior is a time tracking utility that offers simple stopwatch features as well as sophisticated calendar-based backfill, along with flexible...
Asnap – Tool To Render Recon Phase Easier By Providing Updated Data About Which Companies Owns Which Ipv4 Or Ipv6 Addresses
Asnap aims to render recon phase easier by providing regularly updated data about which companies owns which ipv4 or ipv6...
VideoBytes: Ransomware gets wasted!
Hello dear readers, and welcome to the latest edition of VideoBytes! On today’s episode, we’re talking about how ransomware is...
