Rapid7 Announces Release of New tCell Amazon CloudFront Agent
Cloud-native approaches to building, hosting, and delivering web applications are growing rapidly. Content delivery networks (CDNs) such as Amazon CloudFront...
Year: 2021
Microsoft releases On-premises Mitigation Tool (EOMT) tool to fix ProxyLogon issues
Microsoft released an Exchange On-premises Mitigation Tool (EOMT) tool to small businesses for the fix of ProxyLogon vulnerabilities. On March...
Is there a link between Microsoft Exchange exploits and PoC code the company shared with partner security firms?
Microsoft is reportedly investigating whether the recent attacks against Microsoft Exchange servers could be linked to information leaked by a...
US DoJ indicted the CEO of Sky Global encrypted chat platform
The CEO of the encrypted communications firm Sky Global has been indicted in the US on charges of facilitating international...
CVE-2021-27055
Summary: Microsoft Visio Security Feature Bypass Vulnerability Reference Links(if available): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27055 CVSS Score (if available) v2: / MEDIUM v3: /...
CVE-2021-27070
Summary: Windows 10 Update Assistant Elevation of Privilege Vulnerability Reference Links(if available): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27070 CVSS Score (if available) v2: / MEDIUM...
CVE-2021-27063
Summary: Windows DNS Server Denial of Service Vulnerability This CVE ID is unique from CVE-2021-26896. Reference Links(if available): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27063 CVSS...
CVE-2021-27053
Summary: Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-27054. Reference Links(if available): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27053 CVSS Score...
CVE-2020-5258
Summary: In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to...
How your iPhone could tell you if you’re being stalked
The latest iOS beta suggests that Apple’s next big update will include an iPhone feature that warns users about hidden,...
Royal Mail scam says your parcel is waiting for delivery
Expecting a delivery? Watch out for phishing attempts warning of held packages and bogus shipping fees. This Royal Mail delivery...
The Malwarebytes 2021 State of Malware report: Lock and Code S02E04
This week on Lock and Code, we discuss the top security headlines generated right here on Labs. In addition, we...
Google Issues a Warning about Spectre Attacks using JavaScript
It's been over a long time since researchers uncovered a couple of security vulnerabilities, known as Spectre and Meltdown, that...
Russian search engine will be required to be installed in the browser on smartphones
The authorities plan to oblige manufacturers of smartphones and tablets to install domestic search engines by default in the browser....
IBM X-Force Publishes a List of Top 10 Cybersecurity Vulnerabilities of 2020
The severity of cyber-attacks has grown over the past year especially during the global pandemic. Threat actors are looking for...
“Netbounce” Threat Actor Tries to Evade Detection
On the 12th of February, FortiGuard Labs got a solicitation through email from an individual representing an organization called Packity...
Twitter Ads used by Scammers to Promote Fake Cryptocurrency
One must pay attention to all Twitter advertisements that propagate all kinds of the falsified cryptocurrency scam. Tweeters can "promote"...
COVID-19: Examining the threat landscape a year later
A year ago — everything changed. In an effort to stem the tide of a rapidly spreading pandemic, the world...
Confused – Tool To Check For Dependency Confusion Vulnerabilities In Multiple Package Management Systems
A tool for checking for lingering free namespaces for private package names referenced in dependency configuration for Python (pypi) requirements.txt,...
DLLHSC – DLL Hijack SCanner A Tool To Assist With The Discovery Of Suitable Candidates For DLL Hijacking
DLL Hijack SCanner - A tool to generate leads and automate the discovery of candidates for DLL Search Order HijackingContents...
ProxyLogon Microsoft Exchange exploit is completely out of the bag by now
A security researcher released a new PoC exploit for ProxyLogon issues that could be adapted to install web shells on...
NCSC is not aware of ransomware attacks compromising UK orgs through Microsoft Exchange bugs
The UK’s National Cyber Security Centre (NCSC) urges UK organizations to install the patches for the recently disclosed vulnerabilities in...
Google fixes the third actively exploited Chrome 0-Day since January
Google has addressed a new zero-day flaw in its Chrome browser that has been actively exploited in the wild, the...
CVE-2021-20253
Summary: A flaw was found in ansible-tower. The default installation is vulnerable to Job Isolation escape allowing an attacker to...
