Month: May 2021

Expert released PoC exploit for Microsoft Exchange flaw

May 4, 2021

Security researcher released technical details and a PoC code for a high-severity vulnerability in Microsoft Exchange Server reported by the...

Pulse Secure fixes zero-day in Pulse Connect Secure (PCS) SSL VPN actively exploited

May 4, 2021

Pulse Secure has fixed a zero-day flaw in the Pulse Connect Secure (PCS) SSL VPN appliance that threat actors are...

CVE-2020-27897

May 4, 2021

Summary: An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.1,...

CVE-2021-21431

May 4, 2021

Summary: sopel-channelmgnt is a channelmgnt plugin for sopel. In versions prior to 2.0.1, on some IRC servers, restrictions around the...

Summary: Windows Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26863, CVE-2021-26875, CVE-2021-26900. Reference Links(if available): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27077...

CVE-2021-27077

May 4, 2021

CVE-2021-27077

May 4, 2021

CVE-2021-27077

May 4, 2021

CVE-2021-1640

May 4, 2021

Summary: Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26878. Reference Links(if available): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1640 https://www.zerodayinitiative.com/advisories/ZDI-21-493/...

CVE-2020-14295

May 4, 2021

Summary: A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter....

A week in security (April 26 – May 2)

May 4, 2021

Last week on Malwarebytes Labs, we looked at which age range is most likely to be targeted by online predators,...

Microsoft Finds Critical Code Execution Bugs In IoT, OT Devices

May 4, 2021

Recently, world-leading giant Microsoft security unit has reported that around 24 critical remote code execution (RCE) vulnerabilities have been found...

US Agencies Hit By Cyberattack, Confirms CISA Investigation

May 4, 2021

Around five federal civilian agencies were breached recently, in a hit to the US government, revealed an investigation by a...

Cryptocurrency Mining Will Void Your SSD Warranty, Manufacturer Galax Warns

May 4, 2021

SSD designer Galax has warned users on its Chinese website that mining cryptocurrency with the company’s Solid State Drives (SSDs)...

App Census Study Reveals that Android Devices Leak User Data Stored in Contact Tracing Applications

May 4, 2021

According to security experts, hundreds of third-party applications on Android devices have access to confidential information collected by Google and...

Python: Affected by Critical IP Address Validation Vulnerability

May 4, 2021

The critical IP address validation vulnerability in the Python standard library ipaddress is similar to the bug that was discovered...

Spam and phishing in Q1 2021

May 4, 2021

Quarterly highlights Banking phishing: new version of an old scheme In Q1 2021, new banking scams appeared alongside ones that...

Evasor – A Tool To Be Used In Post Exploitation Phase For Blue And Red Teams To Bypass APPLICATIONCONTROL Policies

May 4, 2021

The Evasor is an automated security assessment tool which locates existing executables on the Windows operating system that can be...

Duplicut – Remove Duplicates From MASSIVE Wordlist, Without Sorting It (For Dictionary-Based Password Cracking)

May 4, 2021

virtual chunks, then each one is tested against next chunks. So complexity is equal to th triangle number: Throubleshotting If...

Most Common Causes of Data Breach and How to Prevent It

May 3, 2021

Which are the most common causes of a Data Breach and how to prevent It? How can organizations prevent it?...

Experian API exposed credit scores of tens of millions of Americans

May 3, 2021

Experian API exposed credit scores of tens of millions of Americans due to a weakness with a partner website. Anyone...

Threat Report Portugal: Q1 2021

May 3, 2021

The Threat Report Portugal: Q1 2021 compiles data collected on the malicious campaigns that occurred from January to March, Q1, of 2021....

CVE-2021-23988

May 3, 2021

Summary: Mozilla developers reported memory safety bugs present in Firefox 86. Some of these bugs showed evidence of memory corruption...

CVE-2021-23988

May 3, 2021

Summary: Mozilla developers reported memory safety bugs present in Firefox 86. Some of these bugs showed evidence of memory corruption...

Month: May 2021

Expert released PoC exploit for Microsoft Exchange flaw

Pulse Secure fixes zero-day in Pulse Connect Secure (PCS) SSL VPN actively exploited

CVE-2020-27897

CVE-2021-21431

CVE-2021-27077

CVE-2021-27077

CVE-2021-27077

CVE-2021-27077

CVE-2021-1640

CVE-2020-14295

A week in security (April 26 – May 2)

Microsoft Finds Critical Code Execution Bugs In IoT, OT Devices

US Agencies Hit By Cyberattack, Confirms CISA Investigation

Cryptocurrency Mining Will Void Your SSD Warranty, Manufacturer Galax Warns

App Census Study Reveals that Android Devices Leak User Data Stored in Contact Tracing Applications

Python: Affected by Critical IP Address Validation Vulnerability

Spam and phishing in Q1 2021

Evasor – A Tool To Be Used In Post Exploitation Phase For Blue And Red Teams To Bypass APPLICATIONCONTROL Policies

Duplicut – Remove Duplicates From MASSIVE Wordlist, Without Sorting It (For Dictionary-Based Password Cracking)

Most Common Causes of Data Breach and How to Prevent It

Experian API exposed credit scores of tens of millions of Americans

Threat Report Portugal: Q1 2021

CVE-2021-23988

CVE-2021-23988

Advanced Email Attacks Target Manufacturing Sector: Rise of Phishing and BEC

Ransomware Groups Driving 40% of Cyber-Attacks in 2024: Key Insights

MITRE Reveals Top 25 Most Critical Software Flaws of 2024

Microsoft Disrupts Phishing Operations by Seizing 240 Fraudulent Websites

Black Friday Spam Emails: 77% Identified as Scams in 2024

You may have missed