CVE-2019-14923
Summary: EyesOfNetwork 5.1 allows Remote Command Execution via shell metacharacters in the module/tool_all/ host field. Reference Links(if available): https://www.eyesofnetwork.com/?p=2072 https://www.exploit-db.com/exploits/47280...
Month: February 2021
CVE-2021-22553
Summary: Any git operation is passed through Jetty and a session is created. No expiry is set for the session...
Filmai.in – 645,786 breached accounts
In approximately 2019 or 2020, the Lithuanian movie streaming service Filmai.in suffered a data breach exposing 645k email addresses, usernames...
NurseryCam – 10,585 breached accounts
In February 2021, a series of egregiously bad security flaws were identified in the NurseryCam system designed for parents to...
People’s Energy – 358,822 breached accounts
In December 2020, the UK power company People's Energy suffered a data breach. The breach exposed almost 7GB of files...
NetGalley – 1,436,435 breached accounts
In December 2020, the book promotion site NetGalley suffered a data breach. The incident exposed 1.4 million unique email addresses...
A week in security (February 15 – February 21)
Last week on Malwarebytes Labs, the spotlight fell on the State of Malware 2021 report, wherein we have seen cyberthreats...
Fraudsters are Exploiting Google Apps to Steal Credit Card Details
 Threat actors are using a novel approach to steal the credit card details of e-commerce shoppers by exploiting Google’s Apps...
US Agencies Publish Advisory on North Korean Cryptocurrency Malware, AppleJeus
 The Federal Bureau of Investigation (FBI) jointly with the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of the...
Remote-Method-Guesser – Tool For Java RMI Enumeration And Bruteforce Of Remote Methods
remote-method-guesser (rmg) is a command line utility written in Java and can be used to identify security vulnerabilities on Java...
Horusec – An Open Source Tool That Improves Identification Of Vulnerabilities In Your Project With Just One Command
Horusec is an open source tool that performs static code analysis to identify security flaws during the development process. Currently,...
How to Combat Alert Fatigue With Cloud-Based SIEM Tools
Today’s security teams are facing more complexity than ever before. IT environments are changing and expanding rapidly, resulting in proliferating...
NSA Equation Group tool was used by Chinese hackers years before it was leaked online
The Chinese APT group had access to an NSA Equation Group, NSA hacking tool and used it years before it...
An attacker was able to siphon audio feeds from multiple Clubhouse rooms
An attacker demonstrated this week that Clubhouse chats are not secure, he was able to siphon audio feeds from “multiple...
Researchers uncovered a new Malware Builder dubbed APOMacroSploit
Researchers spotted a new Office malware builder, tracked as APOMacroSploit, that was employed in a campaign targeting more than 80...
Experts warn of threat actors abusing Google Alerts to deliver unwanted programs
Experts warn of threat actors using Google Alerts to promote a fake Adobe Flash Player updater that delivers unwanted programs....
Bug bounty hacker earned $5,000 reporting a Stored XSS flaw in iCloud.com
A white hat hacker has earned a $5,000 reward from Apple for reporting a stored cross-site scripting (XSS) vulnerability on...
CVE-2020-14628
Summary: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior...
CVE-2019-7575
Summary: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c....
CVE-2019-7577
Summary: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c. Reference...
CVE-2019-13616
Summary: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c...
CVE-2019-7636
Summary: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c....
Hack the Box Guide To: Templated
We start with a page showing "Site still under construction" landing page We can try adding something like /index.html and...
Darknet Markets are Scrambling to Attract Joker’s Stash Clients
 The administrator behind Joker's Stash professes to have formally closed down the operation on 15th February. Meanwhile, criminal gangs offering...
