Misconfigured Apache Airflow servers leak thousands of credentials
Experts discovered many misconfigured Apache Airflow servers exposed online that were leaking sensitive information from prominent tech firms. Apache Airflow is an...
US-CERT Bulletin (SB21-277):Vulnerability Summary for the Week of September 27, 2021
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
BurpCrypto – A Collection Of Burpsuite Encryption Plug-Ins, Support AES/RSA/DES/ExecJs(execute JS Encryption Code In Burpsuite)
Burpcrypto is a collection of burpsuite encryption plug-ins, supporting AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite).Build$ mvn packageUsage中文使用说明Download the precompiled jar...
Neiman Marcus data breach affects millions
Millions of Neiman Marcus customers have had their personal and financial information exposed in a data breach. In a press...
Facebook, WhatsApp, and Instagram are down worldwide, it’s panic online
Users worldwide are experiencing problems while accessing Facebook services, including Instagram and WhatsApp. Users worldwide are not able to access...
Police take a piece out of a ransomware gang, but won’t say which one
One of the world’s ransomware groups appears to be a couple of members short today—and about two million dollars less...
CVE-2020-21533
Summary: fig2dev 3.2.7b contains a stack buffer overflow in the read_textobject function in read.c. Reference Links(if available): https://sourceforge.net/p/mcj/tickets/59/ https://lists.debian.org/debian-lts-announce/2021/10/msg00002.html CVSS...
CVE-2020-21534
Summary: fig2dev 3.2.7b contains a global buffer overflow in the get_line function in read.c. Reference Links(if available): https://sourceforge.net/p/mcj/tickets/58/ https://lists.debian.org/debian-lts-announce/2021/10/msg00002.html CVSS...
CVE-2021-3561
Summary: An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could allow an...
CVE-2021-23434
Summary: This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when...
CVE-2021-23434
Summary: This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when...
CVE-2021-39402
Summary: MaianAffiliate v.1.0 is suffers from code injection by adding a new product via the admin panel. The injected payload...
Pottawatomie County paid the ransom to recover its systems
Pottawatomie County restored operations that were suspended after a ransomware attack hit its systems on September 17, 2021. Officials at...
Two ransomware operators were arrested in Kyiv with EUROPOL’s support
Two ransomware operators arrested in Kyiv, Ukraine, that are suspected to have attacked more than 100 companies causing more than...
New APT ChamelGang Targets energy and aviation companies in Russia
ChamelGang APT is a new cyberespionage group that focuses on fuel and energy organizations and aviation industry in Russia ChamelGang...
Bopscrk – Tool To Generate Smart And Powerful Wordlists
bopscrk (Before Outset PaSsword CRacKing) is a tool to generate smart and powerful wordlists for targeted attacks.Included in BlackArch Linux...
Does Cybersecurity Awareness Month actually improve security?
October is Cybersecurity Awareness Month, formerly known as National Cybersecurity Awareness Month. The idea is to raise awareness about cybersecurity,...
A week in security (Sept 27 – Oct 3)
Last week on Malwarebytes Labs Teaching cybersecurity skills to special needs children with Alana Robinson: Lock and Code S02E18Phone screenshots...
LockBit 2.0 ransomware hit Israeli defense firm E.M.I.T. Aviation Consulting
Israeli Aerospace & Defense firm E.M.I.T. Aviation Consulting Ltd. was hit by LockBit 2.0 ransomware, operators will leak files on...
AutomatedLab – A Provisioning Solution And Framework That Lets You Deploy Complex Labs On HyperV And Azure With Simple PowerShell Scripts
AutomatedLab (AL) enables you to setup test and lab environments on Hyper-v or Azure with multiple products or just a...
TA544 group behind a spike in Ursnif malware campaigns targeting Italy
Proofpoint researchers reported that TA544 threat actors are behind a new Ursnif campaign that is targeting Italian organizations. Proofpoint researchers...
CVE-2021-38647 OMIGOD flaw impacts IBM QRadar Azure
Experts warn that CVE-2021-38647 OMIGOD flaws affect IBM QRadar Azure and can be exploited by remote attackers to execute arbitrary...
CVE-2021-35944
Summary: Couchbase Server 6.5.x, 6.6.x through 6.6.2, and 7.0.0 has a Buffer Overflow. A specially crafted network packet sent from...
CVE-2021-41617
Summary: sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental...
