ENISA publishes Cybersecurity guide for SMEs
ENISA publishes Cybersecurity guide for SMEs, a document that aims at providing suggestions to secure their business During the COVID-19...
Year: 2021
CISA, FBI share guidance for MSPs and their customers impacted in Kaseya attack
CISA and the FBI published guidance for the victims impacted by the REvil supply-chain ransomware attack against Kaseya. CISA and the...
CVE-2020-23219
Summary: Monstra CMS 3.0.4 allows attackers to execute arbitrary code via a crafted payload entered into the "Snippet content" field...
CVE-2021-21671
Summary: Jenkins 2.299 and earlier, LTS 2.289.1 and earlier does not invalidate the previous session on login. Reference Links(if available):...
CVE-2021-21102
Summary: Adobe Illustrator version 25.2 (and earlier) is affected by a Path Traversal vulnerability when parsing a specially crafted file....
CVE-2021-23872
Summary: Privilege Escalation vulnerability in the File Lock component of McAfee Total Protection (MTP) prior to 16.0.32 allows a local...
CVE-2021-20740
Summary: Hitachi Virtual File Platform Versions prior to 5.5.3-09 and Versions prior to 6.4.3-09, and NEC Storage M Series NAS...
A week in security (June 28 – June 4)
Last week on Malwarebytes Labs: Is it Game Over for VR Advergaming?Lil’ skimmer, the Magecart impersonatorWhat is the WireGuard VPN...
Industrial Facilities are at Risk of Data Theft and Ransomware Attacks
 Recently, multinational cybersecurity software company ‘Trend Micro’ has published a new report on cybersecurity in which it has highlighted the...
PrintNightmare Threat Continues, Microsoft Confirms Exploit Present in All Variants
 Microsoft has marked CVE-2021-34527 remote code execution vulnerability (print Spooler) called "Print Nightmare." EHN previously reported that the latest bug...
Newly discovered Mirai Botnet is Exploiting DVR in DDoS Attack
 On Thursday, cybersecurity experts disclosed details regarding a newly discovered Mirai-inspired botnet called "mirai_ptea". It exploits an undisclosed flaw in...
Researchers Detail the New Two-Step Cryptography Technique
 The accessibility of computer system resources on-demand, in particular data storage and computational power, without direct active user management is...
NSA and FBI Blame Russia for Massive ‘Brute Force’ Attacks on Microsoft 365
 American intelligence and law enforcement agencies have accused a Kremlin-backed hacking group for a two-year campaign to breach into Microsoft...
REvil ransomware attack against MSPs and its clients around the world
An attack perpetrated by REvil aka Sodinokibi ransomware gang against Managed Service Providers (MSPs) and their clients was discovered on...
Salus – Security Scanner Coordinator
Salus (Security Automation as a Lightweight Universal Scanner), named after the Roman goddess of protection, is a tool for coordinating...
Backstab – A Tool To Kill Antimalware Protected Processes
Have these local admin credentials but the EDR is standing in the way? Unhooking or direct syscalls are not working...
Revil ransomware gang hit Spanish telecom giant MasMovil
Revil ransomware gang hit Spanish telecom giant MasMovil and claims to have stolen sensitive data from the group. MasMovil is...
REvil ransomware gang demanded $70M for universal decryptor for Kaseya victims
REvil ransomware is demanding $70 million for decrypting all systems locked during the Kaseya supply-chain ransomware attack. REvil ransomware is...
US water company WSSC Water hit by a ransomware attack
US water company WSSC Water is investigating a ransomware attack that affected non-essential business systems in May. WSSC Water is investigating a...
REvil gang exploited a zero-day in the Kaseya supply chain attack
Kaseya was addressing the zero-day vulnerability that REvil ransomware gang exploited to breach on-premise Kaseya VSA servers. A new supply...
CVE-2017-3162
Summary: HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as...
CVE-2018-17196
Summary: In Apache Kafka versions between 0.11.0.0 and 2.1.0, it is possible to manually craft a Produce request which bypasses...
CVE-2021-32708
Summary: Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes...
CVE-2021-32708
Summary: Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes...
