CVE-2020-35269
Summary: Nagios Core application version 4.2.4 is vulnerable to Site-Wide Cross-Site Request Forgery (CSRF) in many functions, like adding –...
Year: 2021
CVE-2020-13654
Summary: XWiki Platform before 12.8 mishandles escaping in the property displayer. Reference Links(if available): https://github.com/xwiki/xwiki-platform/compare/xwiki-platform-12.7.1...xwiki-platform-12.8 https://jira.xwiki.org/browse/XWIKI-17374 https://github.com/xwiki/xwiki-platform/pull/1315 CVSS Score (if...
CVE-2020-19664
Summary: DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi. Reference Links(if available):...
CVE-2020-25845
Summary: Multiple functions of NHIServiSignAdapter failed to verify the users’ file path, which leads to the SMB request being redirected...
CVE-2019-19680
Summary: A file-extension filtering vulnerability in Proofpoint Enterprise Protection (PPS / PoD), in the unpatched versions of PPS through 8.9.22...
Thousands infected by trojan that targets cryptocurrency users on Windows, Mac and Linux
Researchers have found a new remote access trojan (RAT) written from scratch in Golang that lures cryptocurrency users to download...
CVE-2020-19664
Summary: DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi. Reference Links(if available):...
VPN usage is increasing, says December 2020 survey
I won’t reveal my mom’s exact age, but she’s in her late 60s. Other than her phone, my mom doesn’t...
Security Analysis: The Rise of Cybercrime Underworld and Hacking Groups
During the Covid-19 pandemic, educational institutions, health agencies, and other significant organizations have suffered the most from cyberattacks. As if...
SolarWinds Attack Update: Russian Hackers Breached 250 US Agencies and Top Companies
More than 250 US Federal Agencies and big companies have been attacked by alleged state-sponsored Russian hackers. The attackers gained...
“Not Amazon” Canadian Website Takes on the Online Giant
The e-commerce giants, with their evidently endless collection and drive to deliver convenience along with affordable prices, have become an...
Massive Data Dump of 10 Crore Indian Card Holders Leaked on Dark Web
The data of 10 Crore Indian cardholders has been sold on the Dark Web for an unknown amount. The information...
Top VPN Provider Zyxel Hacked, Here’s a Quick Look into the Security Incident
Technology and networking have turned out to be the need of the hour and we must also be equally qualified...
MaskPhish – Give A Mask To Phishing URL
MaskPhish is a simple script to hide phishing URL under a normal looking URL(google.com or facebook.com).Legal Disclaimer:Usage of MaskPhish for...
Drow – Injects Code Into ELF Executables Post-Build
drow is a command-line utility that is used to inject code and hook the entrypoint of ELF executables (post-build). It...
NICER Protocol Deep Dive: Internet Exposure of DNS
Welcome to the NICER Protocol Deep Dive blog series! When we started researching what all was out on the internet...
Healthcare organizations faced a 45% increase in attacks since November
According to a new report published by Check Point, organizations in the healthcare industry have faced a 45% increase in...
Over 500,000 credentials for tens of gaming firm available in the Dark Web
The gaming industry under attack, Over 500,000 credentials for the top two dozen leading gaming firms, including Ubisoft, leaked on...
How to bypass the Google Audio reCAPTCHA with a new version of unCaptcha2 attack
A German security researcher demonstrated how to break, once again, the Google Audio reCAPTCHA with Google’s own Speech to Text...
Apex Laboratory disclose data breach after a ransomware attack
At-home laboratory services provider Apex Laboratory discloses a ransomware attack and consequent data breach. Apex Laboratory, Inc. is a clinical...
CVE-2020-4916
Summary: IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code...
CVE-2020-4928
Summary: IBM Cloud Pak System 2.3 could allow a local privileged attacker to upload arbitrary files. By intercepting the request...
A week in security (December 28 – January 3)
First off we would like to wish all our readers a happy and secure 2021! Last week on Malwarebytes Labs...
Hack The Box Walkthrough Guide to: ID Exposed
CHALLENGE DESCRIPTIONWe are looking for Sara Medson Cruz's last location, where she left a message. We need to find out...
