CVE-2021-22117
Summary: RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing attackers with sufficient...
Year: 2021
CVE-2021-20385
Summary: IBM Security Guardium 11.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending...
CVE-2020-10364
Summary: The SSH daemon on MikroTik routers through v6.44.3 could allow remote attackers to generate CPU activity, trigger refusal of...
CVE-2021-30145
Summary: A format string vulnerability in mpv through 0.33.0 allows user-assisted remote attackers to achieve code execution via a crafted...
CVE-2021-26311
Summary: In the AMD SEV/SEV-ES feature, memory can be rearranged in the guest address space that is not detected by...
CVE-2021-26311
Summary: In the AMD SEV/SEV-ES feature, memory can be rearranged in the guest address space that is not detected by...
VPN Android apps: What you should know
Months ago, we told readers about the importance of using a VPN on their iPhones, and while those lessons do...
Zeppelin Ransomware have Resumed their Operations After a Temporary Pause
According to BleepingComputer, the operators behind the Zeppelin ransomware-as-a-service (RaaS), aka Buran, have resumed operations following a brief outage. Zeppelin's...
Darkside Ransomware Gang Received Nearly $5 Million as the Extortion Amount from the Victims of Colonial Pipeline Attack
Security experts at London-based blockchain analytics firm Elliptic discovered the bitcoin wallet used by the ransomware group responsible for the...
Pipeline Shutdown Shows Need for Tougher Cybersecurity Laws
The six-day shutdown of a key 5,550-mile fuel pipeline earlier this month as a result of a malware attack proved...
Smart Plugs Used by Cyber Criminals to Break into Victims Property
Inexpensive intelligent connectors are a big threat to cybersecurity and can effectively be used by cybercriminals to hack anyone’s device...
DeFi100, a Crypto Project, Allegedly Scammed Investors of $32 Million
According to reports and tweets, DeFi100, a cryptocurrency project, allegedly defrauded investors out of $32 million (roughly Rs. 233 crores)....
Evolution of JSWorm ransomware
Introduction Over the past few years, the ransomware threat landscape has been gradually changing. We have been witness to a...
CiLocks – Android LockScreen Bypass
CiLocks - Android LockScreen BypassFeaturesBrute Pin 4 Digit Brute Pin 6 Digit Brute LockScreen Using Wordlist Bypass LockScreen {Antiguard} Not...
MurMurHash – Tool To Calculate A MurmurHash Value Of A Favicon To Hunt Phishing Websites On The Shodan Platform
This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.What...
13 flaws in Nagios IT Monitoring Software pose serious risk to orgs
Researchers disclosed details about 13 vulnerabilities in the Nagios network monitoring application that could be exploited for malicious purposes. Cybersecurity...
Anker fixed an issue that caused access to Eufy video camera feeds to random users
A misconfiguration issue in the software used by the Eufy video camera exposed private information and video streams of customers....
CVE-2021-31215
Summary: SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of...
CVE-2021-24188
Summary: Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WP Content Copy Protection & No Right Click...
CVE-2020-27150
Summary: In multiple versions of NPort IA5000A Series, the result of exporting a device’s configuration contains the passwords of all...
CVE-2020-28648
Summary: Improper input validation in the Auto-Discovery component of Nagios XI before 5.7.5 allows an authenticated attacker to execute remote...
CVE-2021-24195
Summary: Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Login as User or Customer (User Switching) WordPress...
A week in security (May 17 – May 23)
Last week on Malwarebytes Labs, we looked at a banking trojan full of nasty tricks, explained some tips and pointers...
Shining a light on dark patterns with Carey Parker: Lock and Code S02E09
This week on Lock and Code, we speak to cybersecurity advocate and author Carey Parker about “dark patterns,” which are...
