CVE-2021-35570
Summary: Vulnerability in the Oracle Mobile Field Service product of Oracle E-Business Suite (component: Admin UI). Supported versions that are...
CVE-2021-1529
Summary: A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute...
CVE-2021-1529
Summary: A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute...
CVE-2021-35566
Summary: Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: Diagnostics). Supported versions that are affected are...
CVE-2021-35585
Summary: Vulnerability in the Oracle Incentive Compensation product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected...
CVE-2021-35583
Summary: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Windows). Supported versions that are affected are 8.0.25...
CVE-2021-0186 – Intel Corporation / SGX SDK – Improper input validation
Summary: CVE-2021-0186 is an improper input validation vulnerability impacting Intel SGX SDK for Windows versions 2.12 and earlier and Intel...
UltimaSMS subscription fraud campaign targeted millions of Android users
UltimaSMS, a massive fraud campaign is using Android apps with million of downloads to subscribe victims to premium subscription services....
Kansas Man pleads guilty to hacking the Post Rock Rural Water District
Kansas man Wyatt Travnichek admitted in court to tampering with the computer systems at the Post Rock Rural Water District....
US-CERT Bulletin (SB21-298):Vulnerability Summary for the Week of October 18, 2021
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
Webdiscover – The Purpose Of This Script Is To Automate The Web Enumeration Process And Search For Exploits
The purpose of this script is to automate the web enumeration process and search for exploits and vulns. Added Tools...
Unknown ransomware gang uses SQL injection bug in BillQuick Web Suite to deploy ransomware
An unknown ransomware gang leverages a critical SQL injection flaw in the BillQuick Web Suite time and billing solution to...
Beyond the VPN: Ultimate online privacy, with The Tor Project’s Isabella Bagueros: Lock and Code S02E20
“What does online privacy mean to you?” This beguilingly simply question can produce dozens of overlapping and distinct answers, all...
A critical RCE flaw affects Discourse software, patch it now!
US CISA urges administrators to address a critical remote code execution flaw, tracked as CVE-2021-41163, in Discourse installs. Discourse is...
CVE-2021-30842
Summary: This issue was addressed with improved checks. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big...
CVE-2021-30843
Summary: This issue was addressed with improved checks. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big...
CVE-2021-30847
Summary: This issue was addressed with improved checks. This issue is fixed in watchOS 8, macOS Big Sur 11.6, Security...
CVE-2021-30848
Summary: A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS...
CVE-2021-30849
Summary: Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS...
Red TIM Research found two rare flaws in Ericsson OSS-RC component
The Red Team Research (RTR), the bug’s research division from Italian Telecommunication firm TIM, found 2 new vulnerabilities affecting the...
Russia-linked Nobelium APT targets orgs in the global IT supply chain
Russia-linked Nobelium APT group has breached at least 14 managed service providers (MSPs) and cloud service providers since May 2021. The...
VECTR – A Tool That Facilitates Tracking Of Your Red And Blue Team Testing Activities To Measure Detection And Prevention Capabilities Across Different Attack Scenarios
VECTR documentation can be found here: DocumentationFeature Breakdowns By ReleaseVECTR v7.1.1 Feature BreakdownTeamLEAD PROGRAMMERS:Carl VonderheidGalen FisherDaniel HongPROGRAMMERS:Andrew ScottPatrick HislopDan GuzekZara...
A week in security (Oct 18 – Oct 24)
Last week on Malwarebytes Labs Multiple vulnerabilities in popular WordPress plugin WP Fastest Cache.“Killware”: Is it just as bad as...
NYT Journalist’s iPhone infected twice with NSO Group’sPegasus spyware
Threat actors infected the iPhone of New York Times journalist Ben Hubbard with NSO Group’s Pegasus spyware between June 2018...
