Lessons from a real-life ransomware attack
Ransomware attacks, despite dramatically increasing in frequency this summer, remain opaque for many potential victims. It isn’t anyone’s fault, necessarily,...
Squid Game Cryptocurrency exit scam! Operators made $2.1 Million
Operators behind the Squid Game cryptocurrency have exit scam making off with an estimated $2.1 million. Operators behind the Squid Game cryptocurrency have exit...
CVE-2020-24986
Summary: Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file...
CVE-2020-11476
Summary: Concrete5 before 8.5.3 allows Unrestricted Upload of File with Dangerous Type such as a .phar file. Reference Links(if available):...
CVE-2021-30886
Summary: A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.0.1,...
CVE-2021-30874
Summary: An authorization issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15....
CVE-2021-30881
Summary: An input validation issue was addressed with improved memory handling. This issue is fixed in iOS 15.1 and iPadOS...
Celebrity jewelry house Graff falls victim to ransomware
Data on countless celebrities, including politicians, is apparently now in the hands of ransomware attackers after a group using the...
How to hack Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash
Researchers demonstrated how crooks could hack Diebold Nixdorf’s Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash. Positive...
Pink Botnet infected over 1.6 Million Devices, it is one of the largest botnet ever seen
Cybersecurity researchers uncovered a huge botnet, tracked as Pink, that already infected over 1.6 million devices most of them located...
Melting-Cobalt – A Cobalt Strike Scanner That Retrieves Detected Team Server Beacons Into A JSON Object
A tool to hunt/mine for Cobalt Strike beacons and "reduce" their beacon configuration for later indexing. Hunts can either be...
A week in security (Oct 25 – Oct 31)
Last week on Malwarebytes Labs Beyond the VPN: Ultimate online privacy with the Tor Project’s Isabela Bagueros: Lock and Code...
Balikbayan Foxes group spoofs Philippine gov to spread RATs
Meet Balikbayan Foxes: a threat group impersonating the Philippine gov’t Experts uncovered a new threat actor, tracked as Balikbayan Foxes,...
Microsoft warns of an increase in password spraying attacks
The Microsoft Detection and Response Team (DART) warns of a rise in password spray attacks targeting valuable cloud accounts. The...
Web-Hacking-Toolkit – A Multi-Platform Web Hacking Toolkit Docker Image With Graphical User Interface (GUI) Support
A multi-platform web hacking toolkit Docker image with Graphical User Interface (GUI) support.InstallationDockerPull the image from Docker Hub: docker pull...
Iranian Black Shadow hacking group breached Israeli Internet hosting firm
Irananian hacking group Black Shadow breached the Israeli internet hosting company Cyberserve, taking down several of its sites. Iranian hacking...
CVE-2017-12864
Summary: In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ReadNumber did not checkout the input length, which lead to integer overflow. If the image is...
CVE-2019-14493
Summary: An issue was discovered in OpenCV before 4.1.1. There is a NULL pointer dereference in the function cv::XMLParser::parse at...
CVE-2021-28021
Summary: Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file. Reference Links(if available):...
CVE-2021-28021
Summary: Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file. Reference Links(if available):...
CVE-2017-2888
Summary: An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file...
CVE-2019-7637
Summary: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c....
Minecraft Japanese gamers hit by Chaos ransomware using alt lists as lure
Chaos Ransomware operators target gamers’ Windows devices using Minecraft alt lists as a lure and promoting them on gaming forums....
PeTeReport – An Open-Source Application Vulnerability Reporting Tool
PeTeReport (PenTest Report) is an open-source application Sample ReportsPDF SampleHTML SampleMD SampleCSV SampleDownload Petereport If you like the site, please...
